Secure ‘Internet-of-body’ could protect medical devices from DHS-warned cyberattacks

The U.S. Department of Homeland Security recently warned that various medical devices made by the company Medtronic, such as implanted cardiac defibrillators, are vulnerable to cyberattack. This is because a hacker could easily gain wireless access to the equipment’s settings and change them.

Purdue University researchers have built a prototype device that prevents medical device signals from radiating outwards. Instead, the signals are kept within the human body, effectively using a more secure “internet-of-body” to block remote hacks. This is made possible by facilitating medical device communication in the electro-quasistatic range, a much lower frequency than traditional Bluetooth communication. Shreyas Sen (Purdue University image/Vincent Walter) Download image

Shreyas Sen, a Purdue assistant professor of electrical and computer engineering, specializes in building smart wearable devices that protect sensing and communication systems from hackers.

Sen leads the Sensing, Processing, Analytics and Radio Communication (SPARC) lab at Purdue, which is working with government and industry players to incorporate this technology into current medical devices, ranging from pacemakers to insulin pumps, and future tools, such as high-speed brain machine interfaces.

“Medtronic devices are susceptible to hacks for two reasons: First, the signals aren’t encrypted, so hackers could easily interpret them. Second, even if these signals were encrypted, they are on a radio frequency that can be detected 5 to 10 meters away from the medical device.

“We’ve found that electro-quasistatic human body communication can confine the signals within the body. Unless somebody physically touches you, you have your own private network that is physically secure. Combined with encryption, this would protect medical devices from hacks.”