Ever since researchers developed pacemakers and other networked devices that manage health maladies, there has been the possibility to disable or sabotage electronic devices from a distance. This sorrow was illustrated in an episode of Barack Obamas favorite US TV-show ‚Homeland‘, when terrorists killed the Vice President by instructing its implant to induce cardiac arrest. Last month, former US Vice President Dick Cheney revealed in his book that he instructed his doctor to disable the wireless function of his heart implant in 2007 because he feared an assassination.

This is not as far-fetched as it sounds. There is a blogpost by Barnaby Jack explaining the details. Barnaby Jack passed away days before this year’s Black Hat conference, where he would have talked about the weaknesses of remote-controlled implants.

Not surprisingly, scientists are working on solutions to improve the security of pacemakers and other implants. Scientists of the Rice University and researchers of the US security company RSA developed a system that uses the patients heartbeat as an access code for the data on the device.

To read out the data, the doctor holds a special instrument against the patient’s heart. The system requires software in the medical device to talk to the “touch” device, called the programmer. It picks up an electrocardiogram (EKG) signature from the beating heart. The internal and external devices  compare minute details of the EKG. Only if the signals match, the doctor is able to alter the settings of the implant.

The challenge of security mechanisms for medical devices is that they have to be easily usable in an emergency. Therefore the researchers decided not to use a password but only the patients heartbeat as a signature. Even though the system is said to be ready for the market, it is not yet released since it has to be approved by health authorities first.

erschienen auf netwars-project.com