Implantable medical devices have been used to save lives since the first pacemaker was implanted in the human body in 1958. This has been used for more than half a century, and new breakthroughs are made almost every day. Several examples of implantable medical devices currently in use include deep brain stimulators for patients with epilepsy or Parkinson’s disease, and drug delivery systems that use infusion pumps and various sensors to collect and process vital signs.
More and more medical implants are connected to the Internet. The connection allows healthcare providers to download data and programmers to update software. This connection can make them vulnerable to attacks that can be exacerbated by limitations in the devices themselves: limited computing power and battery capacity.
“We don’t want anyone to be able to ‘hijack’ or capture transmissions to get data or interfere with what’s going on,” said IEEE member Rebecca Herold.
Micro encrypted communication
Communication between an implanted device and its connected laptop, cell phone, tablet or device is usually not encrypted. The devices themselves are small and may not have enough computing power to employ certain types of encryption.
But that may be changing as awareness of potential security risks grows.
Researchers are currently actively exploring the use of the body’s own data to form encryption keys that the two devices will use to establish secure communications. For example, in an article in IEEE Access, researchers discuss using ECG data as a benchmark for communication between medical sensors. Using signals from the body (a form of biometrics) allows a secure connection with limited computing resources.
battery attack
Implants are also vulnerable to attacks affecting the battery, which may come in two forms.
An attacker could request the implant to establish a secure channel with incorrect credentials, which would cause the implant to run part of the energy verification protocol — which would drain the battery. In another attack, the attacker generated electromagnetic noise in order to cause a high error rate on the implanted transceiver. This increases its energy consumption due to the increased number of free transmissions. The increased noise may also force the implant to increase its transmission power, thereby shortening battery life.
IEEE member Jéferson Nobre said: “The main risk is the interruption of implant surgery. Since these attacks can be performed using legitimate tasks, they can be defended using timeouts or behavioral anomaly detection.”
While these types of attacks are largely theoretical, several demonstrations by security researchers have shown that they are feasible. In some cases, individuals have even tried disabling the implant’s wireless connection to prevent attacks.
“This is one of the easiest ways to launch an efficient attack,” said IEEE graduate student member Shally Gupta.
To defend against these attacks, device makers are increasingly turning to zero-power defense strategies, defenses that do not rely on device battery power, Gupta said. One such example reverses the attack.
The strategy was described in a recent article in IEEE Access: “An implantable medical device (IMD) first harvests energy from wireless messages received by an external entity and then uses this free energy to perform authentication operations. Unless external The entity is authenticated, otherwise the IMD will not switch to its primary battery for subsequent operations.”
“This ensures that the IMD doesn’t drain the battery in response to fake messages from entities,” Gupta said.