Feeds

Microsoft wants pacemaker password tattoos

The keys to my heart are on my foot

SANS - Survey on application security programs

A Microsoft researcher has suggested tattooing passwords on patients with pacemakers and other implanted medical devices to ensure the remotely-controlled gadgets can be accessed during emergencies.

The proposal, by Stuart Schechter of Microsoft Research, is the latest to grapple with the security of implanted medical devices equipped with radio transmitters they can be controlled without the need for surgery. Besides pacemakers, other types of potentially vulnerable devices include insulin pumps and cardiac defibrillators.

In 2008, researchers demonstrated that heart monitors were susceptible to wireless hacks that caused pacemakers to shut off or leak personal information. But equally devastating are scenarios in which physicians are unable to provide emergency care because they don't have the access codes needed to control the devices.

In a paper published last week, Schechter proposed that access to such devices be controlled with encryption similar to what's used on wi-fi networks. Access keys would then be tattooed on patients using ink that's invisible under most conditions.

"We propose that a user-selected human-readable key be encoded directly onto patients using ultraviolet-ink micropigmentation, adjacent to the point of implantation," he wrote. "To increase reliability the encoding could be augmented to include an error correcting code and/or be replicated in full on the base of the patient's leftmost foot - at the arch."

Equipment used to remotely communicate with the implanted devices would be equipped with an ultraviolet light and a keypad or touchscreen for transmitting the code.

Schechter said patients can't be counted on to provide the code because they may forget it or lose consciousness during an emergency. Bracelets, meanwhile, may reveal the patient's condition to strangers or potential attackers. Passwords transmitted by RFID, or radio frequency identification, technology, are susceptible to snooping, he said.

The proposal comes five months after boffins from Switzerland suggested using ultrasound waves as a way to prevent attacks on radio-controlled pacemakers.

A PDF of Schechter's paper is here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.