You are here: Home Blog MediFormatica's BLOG Hacking into wirelessly reprogrammable implantable medical devices.

Mediformatica - The Medical Informatics Portal

Mediformatica - The Medical Informatics Portal

Latest Blog Articles

Hacking into wirelessly reprogrammable implantable medical devices.

E-mail Print PDF
Hacking into wirelessly reprogrammable implantable medical devices.As part of a research, the Medical Device Security Center evaluated the security and privacy properties of a common ICD. They investigate whether a malicious party could create his or her own equipment capable of wirelessly communicating with this ICD. Wirelessly reprogrammable implantable medical devices (IMDs) such as pacemakers, implantable cardioverter defibrillators (ICDs), neurostimulators, and implantable drug pumps use embedded computers and radios to monitor chronic disorders and treat patients with automatic therapies. For instance, an ICD that senses a rapid heartbeat can administer an electrical shock to restore a normal heart rhythm, then report this event.

Given the anticipated evolution in IMD technologies, we believe that now is the right and critical time to focus on protecting the security and privacy of future implantable medical devices. IMDs pervasiveness continues to swell, with approximately twenty-five million U.S. citizens currently benefiting from therapeutic implants.

Pacemakers and ICDs are both designed to treat abnormal heart conditions. About the size of a pager, each device is connected to the heart via electrodes and continuously monitors the heart rhythm.

Pacemakers automatically deliver low energy signals to the heart to cause the heart to beat when the heart rate slows. Modern ICDs include pacemaker functions, but can also deliver high voltage therapy to the heart muscle to shock dangerously fast heart rhythms back to normal. Pacemakers and ICDs have saved innumerable lives, and there are millions of pacemaker and ICD patients in the U.S. today.

The Medical Device Security Center is a cross-disciplinary partnership between researchers at:

Hacking into wirelessly reprogrammable implantable medical devices.Using some equipment (an antenna, radio hardware, and a PC), they found that someone could violate the privacy of patient information and medical telemetry. The ICD wirelessly transmits patient information and telemetry without observable encryption. The adversary's computer could intercept wireless signals from the ICD and learn information including: the patient's name, the patient's medical history, the patient's date of birth, and so on.

Using this same equipment (an antenna, radio hardware, and a PC), they also found that someone could also turn off or modify therapy settings stored on the ICD. Such a person could render the ICD incapable of responding to dangerous cardiac events. A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.

Some IMDs, like pacemakers and ICDs, have non-replaceable batteries. When the batteries on these IMDs become low, the entire IMDs often need to be replaced. From a safety perspective, it is therefore critical to protect the battery life on these IMDs. Toward balancing security and privacy with safety and effectiveness, all three of our approaches use zero-power: they do not rely on the IMD's battery but rather harvest power from external radio frequency (RF) signals. They recommend the following zero-power approaches

  1. An audible alert to warn patients when an unauthorized party attempts to wirelessly communicate with their IMD.
  2. Implement cryptographic (secure) authentication schemes using RF power harvesting.
  3. A new method for communicating cryptographic keys ("sophisticated passwords") in a way that humans can physically detect (hear or feel). The latter approach allows the patient to seamlessly detect when a third party tries to communicate with their IMD.


Get more information here

Last Updated ( Wednesday, 16 July 2008 19:29 )  

Google Translate


DrugFormatica provides a simple drug database providing information about FDA approved medications.
ProcFormatica provides a simple medical procedures database including information about the latest ICD-10-PCS codes.
PsychFormatica provides a simple medical procedures database including information about the latest DSM IV codes.

Healthcare IT in Egypt

In this section you'll find a list of companies and organizations working in the healthcare IT sector in Egypt.

Read more here...


Who's Online

We have 66 guests online


Members : 1
Content : 543
Web Links : 68
Content View Hits : 3124800




Medical Informatics

Medical informatics has to do with all aspects of understanding and promoting the effective organization, analysis, management, and use of information in health care.


Hospital Information Systems

A Hospital Management Information Systems (HMIS) is a comprehensive, integrated information system designed to manage the administrative, financial and clinical aspects of a hospital.



Mediformatica's videos section is rapidly becoming one of the largest health informatics video libraries linking to over 250 videos to this date...


Mediformatica's Blog

Mediformatica's Blog is frequently updated with the latest and most exciting news and reviews related to the subject of Medical Informatics.