Public release date: 20-Aug-2008
How to stop a new type of heart attack
PACEMAKERS are supposed to protect people from heart attacks. But to do that they have to provide digital as well as biological security.
Earlier this year, a team led by William Maisel at Harvard Medical School demonstrated how a commercial radio transmitter could be used to modify wireless communications from a pacemaker (New Scientist, 22 March, p 23). Doctors normally use these signals to monitor and adjust the implanted device, but a malicious hacker could reprogram the pacemaker to give its wearer damaging shocks, or run down its batteries.
Such irresponsible attacks might seem inconceivable, but Tamara Denning, a computer scientist at the University of Washington in Seattle, points out that in 2007 hackers posted flashing images to the Epilepsy Foundation’s website, apparently with the aim of triggering attacks in people with photosensitive epilepsy.
Pacemaker users could be similarly targeted, and there are a growing number of other implantable medical devices (IMDs) – such as drug pumps, neural stimulators, swallowable cameras and prosthetics – which could also be undermined by pranksters or even killers. Researchers like Denning believe it’s worth being prepared. “We wanted to draw attention not to a prevalent threat, but to a possible future one,” she says.
Securing IMDs is problematic, however, because it is difficult to distinguish between malicious and benevolent communications. Some seemingly obvious solutions are unsuitable: for example, encrypting the IMD signals would be risky because doctors might not be able to get hold of the encryption key in an emergency.
Denning and her colleagues have proposed that IMD users wear a “cloaker” device that tells the IMD to ignore any unexpected instructions. When doctors need to talk to the device, they can simply remove the cloaker.
Designing the system poses unique challenges. The cloaker itself has to be resistant to electronic attack, and the system must “fail open” rather than “fail closed”, allowing doctors access to the IMD if the cloaker breaks down or is lost. And continual communication with the cloaker will eat into the IMD’s battery life.
The researchers have built a PC-based simulation of how a cloaker might work, and suggest that it could be worn like a wristwatch.
Maisel, however, thinks the proposal is unrealistic. In an emergency, the cloaker might be hard for doctors to find – hidden in the patient’s clothing, for example. “You’re asking hundreds of thousands or millions of people to wear something every day for a theoretical risk.”