The bad news is the device could potentially be hacked. The good news: it's not likely to happen, given the relatively close proximity required to transmit, and receive data. It's not like someone from across town can hack into your heart and hit the 'Stop' button...
Still, it does give pause for an intriguing debate concerning the inherent wisdom of allowing exterior, wireless control of an implanted, life-giving medical device, given the potential for misuse should that capacity ever fall into the hands of someone with malicious intent.Think of the possibilities.
The authors of 'Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses,' are purveyors of such thinking.
Researched and authored by Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel, the paper is to be published in May of 2008. While their findings are revealing to say the least, the authors were careful to hold back critical data and process, which could potentially be misused.
Implantable medical deceives are becoming increasingly sophisticated, with the latest models featuring wireless communication. This allows a doctor to download critical performance data from the heart via the device, and to adjust the device via wireless technology from outside the human body.
Okay, so could it be hacked?
Researchers affiliated with the Medical Device Security Center (MDSC) decided to find out. Using an available, modern-day implantable device representative of an ICD in common use today, the participants assembled their own equipment comprised of an antenna, radio hardware and a PC and set about hacking into it.
They were successful. The researchers discovered that the ICD transmitted information 'without observable encryption,' according to a summary of the paper. Included in the intercepted data was patient name, date of birth, even the patient's medical history.
Even more disturbing, the researchers found that they were able to disengage, or modify the ICD settings, which could cause the ICD to fail to respond to a life-threatening cardiac event.
They then took it one step further. Having hacked into the ICD, the MDSC researchers were able to command the ICD to deliver a shock sufficient to induce a potentially lethal heart attack.
It is important to note that the experiment was conducted within close proximity to the device, reminiscent of what would happen inside a doctor's office with a patient in the same room as the receiving equipment. There was no attempt made, say the researchers, to attempt the experiment from further away.
They also point out, in an accompanying summary, that only one ICD was studied. They declined to identify the manufacturer. The researchers further state that they have no reason to believe that "any other implantable devices are any more, or less secure, or private."
Still, it is an intriguing revelation. Assuming that implantable devices capable of wireless communication require proprietary equipment, it was interesting to note that the researchers appeared to be able to affect the experiment with their own gear.
An adjunct to the MDSC experiment was the use of zero-power when communicating with the ICD. Given that many implantable devices have non-replaceable batteries, the researchers thought it took away from the safety, and long-term effectiveness of the ICD to utilize precious, and limited ICD battery power to affect communications. Therefore, the researchers experimented with zero-power processes by harvesting RF power from radio frequencies.
From there, they developed three approaches using zero-power that could vastly improve the safety, efficacy and security of the device. One approach demonstrates that it is possible to implement secure authentication. Another experiments with some form of audible alarm when an unauthorized access into the ICD is attempted.
Taking the latter one step further, a new way to transmit cryptographic keys could potentially allow patients to hear, or feel when a third party tries to communicate with the ICD.
Researchers are quick to point out that there have been zero reports of any malicious, real-world attempt to hack into someone's ICD. They stress that the ICD is a proven, life-saving technology and that no existing ICD patient should have cause for alarm. The risk is low. In order to affect a danger to the patient a hacker would have to harbor malicious intent, be technically sophisticated and would require equipment close to the patient.
That said, the experiment proves a point. It IS possible. And researchers state the time is now to address these issues. It is suggested that the technology governing implantable medical devices continues to rapidly evolve, and while there is no way to predict the future it is clear, state the authors in a summary, "that future devices may rely more heavily on wireless communications capabilities and advanced computation. IMDs may communicate with other devices in their environment, thereby enabling better care through telemedicine and remote patient health monitoring. There may also be multiple, inter-operating devices within a patient's body.
"Given the anticipated evolution in IMD technologies, we believe that now is the right and critical time to focus on protecting the security and privacy of future implantable medical devices."
The research was conducted in association with the Medical Device Security Center, a cross-disciplinary partnership between the Beth Israel Deaconess Medical Center at the Harvard Medical School, the University of Massachusetts Amherst, and the University of Washington.
The paper will be published in association with the IEEE Symposium on Security and Privacy, in May of this year.
It is estimated that about 25 million implantable devices are in use in the United States, and this number will only escalate now that the first wave of Baby Boomers are beginning to retire. While malicious hacking of wireless-capable ICD and IMD devices has yet to occur, the MDSC research proves that it is possible. At a time when medical devices are becoming increasingly sophisticated, device manufacturers need to address the issue further in an effort to develop and implement effective encryption and security protocols.
Before the unthinkable happens...