With millions of implantable medical devices in the U.S. alone, and some 300,000 more people receiving them worldwide every year, the need to protect these wireless devices from being hacked is increasingly urgent.
Wearers might soon be better protected, thanks to new work out of MIT and the University of Massachusetts-Amherst, so long as they don't mind walking around in invisible shields.
The system the research team will be proposing at the Association for Computing Machinery's Sigcomm conference in Toronto this August uses a jamming transmitter small enough to be worn as a watch or necklace.
The device would essentially be authorized to access the implant and send encrypted instructions to the transmitter (the team calls this the "shield"), which would in turn decode the encryption and relay the instructions to the implant.
Using a device that is separate from the medical implant is key for a few reasons: it allows for post-encryption in devices that are already implanted; it enables authorized emergency responders to simply remove the patient's shield in the event of emergencies; and it doesn't require the size of the implants to increase to accommodate and power the shield.
The new system expands on a technique recently developed at Stanford University that allows for sending and receiving signals in the same frequency band. In typical wireless technology, using the same frequency band interferes with the signal, but by employing three antennas positioned precise distances apart, one band can now be used.
The MIT-UMass team was able to use this same technique but employ only two antennas which, thanks to clever signal processing, don't need to be separated. "Think of the jamming signal that we are creating as a secret key; everyone who doesn't know the secret key just sees a garbage signal," says Dina Katabi, an associate professor in MIT's Department of Electrical Engineering and Computer Science.
Because the shield knows the shape of its own jamming signal, however, it is able to subtract it from the received signal.
Stefan Savage, a professor in the computer science and engineering department at the University of California at San Diego, says in a news release that the new system should work without any hitches. But in spite of the cleverness of the system, Savage points out an inherent Catch-22.
"Value in the information-security market gets created by one of two people: bad guys, or regulatory bodies," he says. "You want to develop the technology in advance of the threat, but absent the threat, how do you sell the technology?"