New Password in a Heartbeat

Pacemakers, insulin pumps, defibrillators and other implantable medical devices often have wireless capabilities that allow emergency workers to monitor patients.

But these devices have a potential downside: they can be hacked. Researchers at Rice University have come up with a secure way to dramatically cut the risk that implanted medical devices (IMD) could be altered remotely without authorization.

Their technology would use the patient’s own heartbeat as a kind of password that could only be accessed through touch. Rice electrical and computer engineer Farinaz Koushanfar and graduate student Masoud Rostami developed the technology with Ari Juels, former chief scientist at RSA Loboratories, a security company in Cambridge.

Mass. “IMDs generally lack the kind of password security found on a home Wi-Fi router because emergency medical technicians often need quick access to the information the devices store to save a life,” Rostami said. But that leaves the IMDs open to attack.

“If you have devices inside your body, a person could walk by, push button and violate your privacy, even give you a shock,” he said.

“He could make (an insulin pump) inject insulin or update the software of your peacemaker. But our proposed solution forces anybody who wants to read the devices to touch you.”