Heartbeats Could be Used as Passwords to Secure Medical Devices
Heartbeats could soon be used as passwords to increase the security of medical devices vulnerable to cyber-attack, according to research by the Rice University. The paper shows that implanted medical devices shouldn’t be secured as Wi-Fi routers are, as the system would prevent medical staff from quickly accessing the information.
The innovative system dubbed “Heart-to-Heart (H2H)” would rely on an external “touch-to-access” device. The programmer would be used by medical technicians to pick up EKG signatures from the patient’s beating heart.
“The signal from your heartbeat is different every second, so the password is different each time,” researcher Masoud Rostami told Softpedia. “You can’t use it even a minute later,”
“To our knowledge, this is the first fully secure solution that has small overhead and can work with legacy systems,” electrical and computer engineer Farinaz Koushanfar added. “Like any device that has wireless access, we can simply update the software.”
After the US government warned the Food and Drug Administration to take medical device hacking seriously, the organization called on manufacturers and health care facilities to address existing vulnerabilities.
In May 2012, a Bitdefender infographic also showed how smart devices including medical equipment are vulnerable to cyber-attacks. The antivirus software pointed out the most common malware attacks targeting heart and diabetics patients.
In the US, over 100,000 patients receive implantable cardioverter defibrillators that detect dangerous heart rhythms and administer electric shocks to restore normal activity. Other implantable medical devices include pacemakers, neurostimulators and insulin or other drug pumps.
Researchers at the Rice University will present the authentication system in Berlin, at the Conference on Computer and Communications Security in November. A security company recently made public a similar authentication method in the form of a bracelet.