RIT researcher aims to protect medical devices from cyberattacks

Feb 13, 2017
Originally published on February 13, 2017 1:04 pm

Computer users get daily warnings about the vulnerability of their personal data or their own identities if their device is not secure.

But for those who use a medical device such as an insulin pump, hacking threats could be a matter of life and death. 

"This is not hypothetical at all," said Mehran Mozaffari Kermani, an assistant professor of electronic engineering at RIT. "There have been experiments at research centers showing that glucose monitors could be hacked using antennas powerful enough to eavesdrop on the network and compromise the integrity of the communication."

Kermani has won a $343,406 grant to design security measures for computing systems that will protect wearable and implanted medical devices. 

He explains that some of the devices, such as pacemakers and implantable cardiac defibrillators, send information to computer networks at hospitals or a doctor's office.  Others, such as insulin pumps, receive commands from outside networks.

"And if the integrity of those commands is compromised, then you can potentially change, for example, the level of insulin injected into the patient's body, and that would be (very) dangerous."

Kermani is collaborating on the three year project with researchers at Florida Atlantic University.

He said one of the challenges is to develop secure systems for interconnected, deeply embedded devices that are sensitive and need to communicate while maintaining extremely long battery life. Kermani's approach is to include security as part of the original design process of the devices.

Medical devices that are more than 6 or 7 years old will require a different solution, he said, such as an external add-on device that provides additional security mechanisms.