MIT, UMass look to protect implantable devices from attack

Millions of patients around the world have implantable medical devices. And because these devices--including pacemakers and defibrillators--have wireless connections, they are vulnerable to attack. However, researchers from MIT and the University of Massachusetts-Amherst have developed a new system to prevent such attacks. They will present the system at an upcoming conference.

To prevent attacks, the MIT-UMass system uses jamming transmitter to halt unauthorized signals in an implant's operating frequency, permitting only authorized users, such as doctors, to communicate with it. Because this transmitter would handle encryption and authentication, the system would work even with existing implants, according to MIT. The researchers hope the jamming transmitter, which they call a shield, would be small enough to wear as a necklace or a watch.  

The key to the system, explains Dina Katabi, associate professor in MIT's Department of Electrical Engineering and Computer Science, is a new technique that allows the shield to simultaneously send and receive signals in the same frequency band--something that is not possible with ordinary wireless technology. The MIT-UMass system uses two antennas and clever signal processing, eliminating the need to separate them. "Think of the jamming signal that we are creating as a secret key," Katabi explains. "Everyone who doesn't know the secret key just sees a garbage signal." Because the shield knows the shape of its own jamming signal, however, it can, in effect, subtract it from the received signal, according to MIT.

It is unclear whether medical device companies will invest in security systems like the MIT-UMass offering, as there have been no implantable device attacks. But the Federal Communications Commission has recently moved implantable medical devices to a new frequency band that makes wireless communication with them possible across greater distances.

Researchers have expressed concern about the security of implantable devices for a few years now. In 2008, an academic paper showed that a combination pacemaker and defibrillator with wireless capabilities, the Medtronic Maximo DR, can be hacked. And last year, researchers published an article in the New England Journal of Medicine that discussed the threat to these devices. "I think the risk to patients today is extremely low," says Dr. Tadayoshi Kohno, co-author of the article, but he cautioned that we must think about what could happen five to 10 years from now.

- see the MIT story