Top of page
Global Site Navigation

Features

Local Section Navigation
You are here: Main Content

James Bond meets medical cyber security


Imagine a criminal infiltrating a medical device implanted in your body to cut off your insulin, or send a lethal spike of electricity to your heart.

While these scenarios seem like the stuff of a James Bond thriller, the rapid advance of small computerised health aids in the body – Implantable Medical Devices (IMD) – make them a troubling reality.

In fact, concern about a potential terrorist assassination attempt prompted former US Vice-President Dick Cheney to have the wireless connection in his pace-maker disabled in 2007.

But have no fear, as Dr Guanglou Zheng from ECU’s Security Research Institute is Australia’s very own Q Branch, applying cyber-security methods to keep these devices safe.

Dr Guanglou Zheng is Australia's own Q Branch.
Dr Guanglou Zheng is Australia's own Q Branch.

“IMDs have some disturbing vulnerabilities, primarily because the wireless communication channels between the devices and the programmer units that collect their data are not encrypted,” Dr Zheng says.

“Recent experiments on Implantable Cardiac Defibrillators have shown that an adversary equipped with a commercial programmer unit or custom equipment can easily launch eavesdropping or even active attacks on one of these devices.”

While assassinations might not be a concern for most people, these infiltrations can lead to a patient’s privacy being breached through the interception of personal information, medical ID numbers and medical history.

What’s more, programmer units are easy to find online, as they are commercially available.

We need smarter ways to protect medical devices from cyber criminals.
We need smarter ways to protect medical devices from cyber criminals.

Traditional security solutions don’t work

While an obvious solution would be to encrypt communications and install password keys into IMDs, Dr Zheng explains that these traditional approaches aren’t viable.

“We can’t use typical security methods such as encryption keys. For one thing, if a person is in medical distress and arrives at an emergency room unconscious, they would not be able to give the doctor their password,” he says.

“Also, we have to be mindful of how much energy is drawn from the batteries of implants, which cannot be recharged like a phone or tablet.”

Currently, most IMD batteries last between five to ten years, with replacement requiring invasive surgery.

As such, Dr Zheng is investigating solutions such as wireless recharging, phone apps that create a ‘shield’ around the IMD to prevent access and programmer units that only work within a very close proximity (such as three centimetres).

However, he’s most keen on applied biometrics – using unique features of our bodies, like our irises, fingerprints and heartbeats, to create nearly impenetrable keys.

“This might take the form of a programmer unit with a sensor that wraps around a person’s wrist. In order to gain access to the patient’s system, the pulse measured in the arm would have to correspond with the heartbeat recorded in the IMD,” Dr Zheng explains.

“Even if a person were experiencing heart problems, these two measures would match, which would be almost impossible to mimic externally.”

As the Western population ages and medical science advances, IMDs will continue to skyrocket.

Currently they can be found in glucose monitoring devices and insulin delivery systems (diabetes), pacemakers and defibrillators (heart), neuro-stimulators (epilepsy) and drug-delivery systems.

Dr Guanglou Zheng is a Post Doctoral Research Fellow in ECU's Security Research Institute and School of Science.

Share

Skip to top of page