“Internet Of Bodies” – Turning the Body Into a Wire – Transhumanism & Nano-tech

Turning the Body Into a Wire
When the human body is the communications channel, it’s hard to hack the data
By Shreyas Sen, Shovan Maity and Debayan Das

In 2007, U.S. vice president Dick Cheney ordered his doctors to disable all wireless signals to and from his Internet-connected pacemaker. Cheney later said that the decision was motivated by his desire to prevent terrorists from being able to hack his pacemaker and use it to lethally shock his heart. Cheney’s command to his doctors might seem to some to be overly cautious, but wirelessly connected medical devices have a history of exploitable vulnerabilities. At a series of conferences in 2011 and 2012, for example, New Zealand hacker Barnaby Jack showed that connected medical devices could be remotely attacked. Jack used a high-gain antenna to capture the unencrypted electromagnetic signals transmitted by an insulin pump on a mannequin 90 meters away. He then used those signals to hack into the pump and adjust the level of insulin the pump delivered. He also hacked a pacemaker and made it deliver deadly electric shocks.

Eight years after those demonstrations, connected medical devices remain vulnerable. In June 2020, for example, the U.S. Department of Homeland Security recalled a model of connected insulin pumps. The pumps were transmitting sensitive information without encryption, making the data accessible to anyone nearby who might want to listen in.

Medical devices are only the tip of the iceberg when it comes to the wireless devices people are putting in or on their bodies. The list includes wireless earbuds, smartwatches, and virtual-reality headsets. Technologies still in development, such as smart contact lenses that display information and digital pills that transmit sensor data after being swallowed, will also be at risk.

All of these devices need to transmit data securely at low power and over a short range. That’s why researchers have started to think about them as individual components of a single human-size wireless network, referred to as a body-area network. The term “Internet of Bodies” (IoB) is also coming into use, taking a cue from the Internet of Things.

At the moment, IoB devices use established wireless technologies, mainly Bluetooth, to communicate. While these technologies are low power, well understood, and easy to implement, they were never designed for IoB networks. One of Bluetooth’s defining features is the ability for two devices to easily find and connect to one another from meters away. That feature is precisely what allows a hypothetical attacker to snoop on or attack the devices on someone’s body. Wireless technologies have also been designed to travel through air or vacuum, not through the medium of the human body, and therefore they are less efficient than a method of communicating designed to do so from scratch.

Through our research at Purdue University, we have developed a new method of communication that will keep medical devices, wearables, and any other devices on or near the body more secure than they are using low-power wireless signals to communicate with one another. The system capitalizes on the human body’s innate ability to conduct tiny, harmless electrical signals to turn the entire body into a wired communication channel. By turning the body into the network, we will make IoB devices more secure.

Sensitive personal data like medical information should always be encrypted when it’s transmitted, whether wirelessly or in an email or via some other channel. But there are three other especially good reasons to prevent an attacker from gaining access to medical devices locally.

The first is that medical data should be containable. You don’t want a device to be broadcasting information that someone might eavesdrop on. The second reason is that you don’t want the integrity of the device to be compromised. If you have a glucose monitor connected to an insulin pump, for example, you don’t want the pump to release more glucose because the monitor’s data was compromised. Not enough glucose in the blood can cause headaches, weakness, and dizziness, while too much can lead to vision and nerve problems, kidney disease, and strokes. Either situation can eventually lead to death. The third reason is that the device’s information always needs to be available. If an attacker were to jam the signals from an insulin pump or a pacemaker, the device might not even know it needed to respond to a sudden problem in the body.