It is time to start thinking of our hearts as random number generators. That’s so they can serve as passwords to secure medical devices that are vulnerable to hacking, researchers at Rice University have proposed.
In Softpedia’s Eduard Kovacs that, in essence, given a heartbeat’s variability, the heart can function as something of a random number generator:
The signal from your heartbeat is different every second, so the password is different each time. You can’t use it even a minute later.
Hacking of medical devices is, at this point, demonstrably feasible.
The US government in October 2012 told the US Food and Drug Administration (FDA) to finally start taking medical device security seriously, whether we’re talking about intentional hacking, unencrypted data transfer that can be manipulated or a host of other threat vectors.
In June 2013, the FDA complied, calling on medical device manufacturers and health care facilities to start addressing medical devices’ vulnerability to cyberattack.
Koushanfar and Rostami will present the system in November at the Conference on Computer and Communications Security in Berlin.
Before we see H2H debut, it will need to obtain FDA approval. After that, it’s up to medical device manufacturers to adopt the technology.
It’s a fascinating approach to authentication.
My insulin pump and I look forward to seeing whether it wins approval and achieves adoption in the medical device industry.
After that, who knows?
Perhaps our beating hearts will someday be a viable alternative to the easily guessable, completely hackable security questions that are now used to supposedly verify that we are, indeed, who we say we are.