Pacemaker sensor security vulnerability discovered

17 May 2013
By Edd Gent
Mobile version
Share |
Researchers have found security vulnerabilities in sensor commonly used in pacemakers

Researchers have found security vulnerabilities in sensor commonly used in pacemakers

Common sensors found in pacemakers and Bluetooth headsets have major security vulnerabilities according to researchers.

In experiments in simulated human models, an international team of researchers demonstrated that they could forge an erratic heartbeat with radio frequency electromagnetic waves, which could theoretically inhibit needed pacing or induce unnecessary defibrillation shocks.

Implantable defibrillators monitor the heart for irregular beating and, when necessary, administer an electric shock to bring it back into normal rhythm. Pacemakers use electrical pulses to continuously keep the heart in pace.

This is not the first time vulnerabilities have been identified in implantable medical devices, but the findings reveal new security risks in relatively common "analog" sensors – sensors that rely on inputs from the human body or the environment to cue particular actions.

Beyond medical devices, analog sensors are also used in microphones in Bluetooth headsets and computers in web-based phone calls, and in those places, too, the researchers discovered vulnerabilities.

"We found that these analog devices generally trust what they receive from their sensors, and that path is weak and could be exploited," says Denis Foo Kune, University of Michigan (U-M) postdoctoral researcher and visiting scholar in computer science and engineering, who will present the findings May 20 at the IEEE Symposium on Security and Privacy in San Francisco.

Although these medical systems and consumer electronics have security mechanisms, the information the analog sensors receive bypasses their safety layers as devices convert the input from the sensors directly into digital information that they use to make quick decisions.

The researchers emphasize that they know of no case where a hacker has corrupted an implanted cardiac device, and doing so in the real world would be extremely difficult, but with these kinds of sensors employed in a growing number of devices and applications their lack of security is a concern.

"Security is often an arms race with adversaries," says Wenyuan Xu, assistant professor of computer science and engineering at the University of South Carolina. "As researchers, it's our responsibility to always challenge the common practice and find defences for vulnerabilities that could be exploited before unfortunate incidents happen.

“We hope our research findings can help to enhance the security of sensing systems that will emerge for years to come."

In the category of medical devices, the researchers tested cardiac defibrillators and pacemakers in open air to determine which radio waveforms could cause interference.

Then they exposed the medical devices to those waveforms in a both a saline bath and a patient simulator. The experiments suggest that the human body likely acts as a shield, protecting the medical devices to a large degree, the researchers said.

They found that in the saline bath and the patient simulator, a perpetrator would need to be within five centimetres away to cause interference and current guidelines instruct patients to keep potential sources of interference at least 27 centimetres away from their chest.

"People with pacemakers and defibrillators can remain confident in the safety and effectiveness of their implants," says Kevin Fu, U-M associate professor of electrical engineering and computer science.

"Patients already protect themselves from interference by keeping transmitters like phones away from their implants. The problem is that emerging medical sensors worn on the body, rather than implanted, could be more susceptible to this type of interference."

The team proposes solutions to help the sensors ensure that the signals they're receiving are authentic. Software could “ping” the cardiac tissue to determine whether the previous pulse came from the heart or from interference. If the source was not the heart, the software could raise a red flag.

The researchers also found pathways to tamper with consumer electronics. They were able to use specific radio signals to convince the microphone on a phone paired with a Bluetooth headset that a caller was dialling touch-tone selections at an automated banking line. They demonstrated this by changing the call language from English to Spanish.

Foo Kune says the technique could conceivably enable more harmful scenarios such as fraudulent money transfers. In another experiment, they cancelled out speech on one side of a web-based phone call and replaced it with a song (Weezer's "Island in the Sun").

"The microphone was receiving the song even though the room was silent," Foo Kune says.

"This type of interference can be prevented with shields and filters like those seen today in military-grade equipment," says Yongdae Kim, professor of electrical engineering at the Korea Advanced Institute of Science and Technology.

"Safety critical systems, such as smart grids and automated vehicles, rely more and more on sensing technology for their accurate operation. Malicious input signals with improved antenna and power may cause serious safety problems."

Latest Issue

E&T cover image 1606

"Where would Frankenstein and his creative mind fit into today's workplace? Should we fear technological developments or embrace them?"

E&T jobs

  • Nuclear Facilities Governance Manager

    BAE Systems
    • England, Cumbria, Barrow-In-Furness
    • Negotiable

    Nuclear Facilities Governance Manager Would you like to be accountable for all the Nuclear Governance for both existing day to day facilities on the Barrow Site in addition to the Proposed Facilities development which is part of the multi-million pound si

    • Recruiter: BAE Systems

    Apply for this job

  • Maritime Engineering Opportunities

    Defence Equipment & Support (DE&S)
    • Bristol
    • £30,424 - £35,285

    You will be working alongside a team of people who are immensely proud of what they do in providing the best possible service to our Armed Forces

    • Recruiter: Defence Equipment & Support (DE&S)

    Apply for this job

  • Engineering Manager

    BAE Systems
    • Hampshire, England, Portsmouth
    • Competitive package

    Would you like to play a vital role in managing and implementing the correct governance in order to enable BAE Systems to provide assurance and integrity of supply chain data? We currently have a vacancy for an Engineering Manager - Product Integrity

    • Recruiter: BAE Systems

    Apply for this job

  • Consultant Engineer - Test

    BAE Systems
    • Farnborough, Hampshire, England
    • Negotiable

    Consultant Engineer - Test Would you like to be a lead within an exciting team working on one of the UK's largest defence projects? We currently have a vacancy for a Consultant Engineer - Test at our site in Ash Vale. As a Consultant Engineer - Test, you

    • Recruiter: BAE Systems

    Apply for this job

  • Structural Designer

    BAE Systems
    • England, Barrow-In-Furness, Cumbria
    • Negotiable

    Structural Designer BAE Systems is looking to recruit multiple Structural Designers to join our Maritime Submarines unit to be based in our site in Barrow-in-Furness, as the Trident Replacement Programme progresses towards the start of the build stage in

    • Recruiter: BAE Systems

    Apply for this job

  • Mechanical Design Engineer

    BAE Systems
    • England, Hampshire, Portsmouth
    • Negotiable

    Mechanical Design Engineer Would you like to work in an interesting and challenging role with the chance to gain exposure to a number of maritime projects? We currently have a vacancy for a Mechanical Design Engineer at our site in Portsmouth. As a Design

    • Recruiter: BAE Systems

    Apply for this job

  • Operations Manager

    BAE Systems
    • England, Barrow-In-Furness, Cumbria
    • Negotiable

    Operations Manager We currently have an opportunity for an Operations Manager to join our Maritime - Submarines business area at our Barrow-In-Furness site. As the Operations Manager you will work within a Construction or Manufacturing Facility and be res

    • Recruiter: BAE Systems

    Apply for this job

  • Principal Chemist

    BAE Systems
    • Barrow-In-Furness, Cumbria, England
    • Negotiable

    Principal Chemist Would you like to play a key role in the safety and assurance of submarines for the Royal Navy? We currently have a vacancy for a Principal Chemist at our site in Barrow-in-Furness. As a Principal Chemist, you will be carrying out a rang

    • Recruiter: BAE Systems

    Apply for this job

  • Software Engineer

    BAE Systems
    • England, Hampshire, Portsmouth
    • Competitive package

    As a Software Engineer, you will be investigating how technology and data can be used to optimise the services we provide to our clients, including the Royal Navy, and will include unique pieces of equipment at the forefront of innovation.

    • Recruiter: BAE Systems

    Apply for this job

  • Principal Control Systems Engineer

    BAE Systems
    • England, Cumbria, Barrow-In-Furness
    • Competitive package

    As a Principal Engineer you will be responsible for the design and integration of control systems at a safety integrity level (SIL) 3. This will include requirements management, system design, and integration into the wider platform.

    • Recruiter: BAE Systems

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T