Creative Commons License

Hacking Pacemakers

Wednesday, August 19, 2009 at 04:07 PM EDT

I’ve mentioned here several times before the potential security risks of the increasing use of RFID chips in all kinds of things, from their original uses for inventory tracking to passports and identification credentials. Since these chips are designed to be read from a distance, they can be scanned by someone just walking by, if he has the appropriate equipment.

Prof. Kevin Fu, an assistant professor of computer science at the University of Massachusetts at Amherst, has demonstrated a new RFID device vulnerability: implanted cardiac devices, such as pacemakers and defibrillators. Fu, who is one of Technology Review’s young innovators of the year, does research in the field of computer security, with a particular focus on the use of RFIDs.

The threats Fu researches are chiefly those connected to the security of radio ­frequency identification, or RFID. RFID is an increasingly common technology, used in everything from tags for shipping containers to electronic key cards, from Exxon­Mobil’s Speedpass key-chain wands to Chase’s no-swipe “Blink” credit cards.

Using RFID chips in implantable medical devices is a relatively recent development. The inclusion of the RFID technology allows the implanted device to report any data that it collects, and to have its programming adjusted, without requiring surgery. This, in itself, is clearly a good thing from the patient’s perspective. But, as Fu discovered, it also introduces a grave security risk. I’ve mentioned before that good security people think differently than most of us, and Fu is no exception. He wondered how difficult it would be to intercept transmissions to and from the RFID-equipped device.

“Most people who make these devices don’t think like this,” Fu says. “But this is how the adversary thinks. He doesn’t play your game; he makes his own game.”

He managed to construct, with off-the-shelf parts, a device that could intercept these transmissions, record them, and initiate new transmissions of its own, potentially allowing him to completely re-program someone’s implanted device. It is not hard to imagine that this could be used for nefarious purposes: a bad guy could set a pacemaker to a mode in which it drains its battery within a couple of weeks, or program a defibrillator to deliver a 700-volt shock to the patient’s heart.

Fu is also working on trying to develop a way to do computation in RFID chips. As I noted in a previous post, having that capability would make it possible to have much more secure RFIDs, because it would allow the stored to be encrypted and only accessible via a secure protocol, much as Internet transactions are secured with SSL or TLS.

As in so many other cases, the underlying lesson here is that security is hard, and needs to be designed into a system from the start for the best results.