We put trust in technology every day.
We drive a car to work, and trust that its brakes won’t fail too badly, and that its engine won’t explode in a massive fireball on the dual carriageway.
We tap words into a computer, and trust that someone didn’t goof up the wiring and that we’re not going to get an electric shock.
We drink water, and trust that the computers at the water filtration plant didn’t go wacko and allow some toxic element to make its way into the taps in our houses.
It’s clear that we trust technology a lot. And with some very important things.
So, it’s interesting that some things that technology can help with seem to automatically send a shiver down our security spines.
Take MicroCHIPs, for instance. They’re a company from Lexington, Massachusetts, whose tagline is “programmable drug delivery” and describe claim to specialise in “intelligent implanted devices designed to improve the health of millions of people”.
According to CNET, MicroCHIPs has developed a tiny chip that can be implanted under a woman’s skin to manage her birth control for up to 16 years.
The chip, which measures just 20 x 20 x 7 millimetres, contains tiny reservoirs – filled with birth control drugs.
MicroCHIPs’ technology is based on proprietary reservoir arrays that are used to store and protect potent drugs within the body for long periods of time. These arrays are designed for compatibility with preprogrammed microprocessors, wireless telemetry, or sensor feedback loops to provide active control. Individual device reservoirs can be opened on demand or on a predetermined schedule to precisely control drug release or sensor activation.
Sounds clever doesn’t it?
And, guess what? You can control the chip wirelessly via a remote control.
So, you had better hope that someone malicious can’t subvert the security in the chip’s wireless communications.
After all, if they are able to control the drug’s release on demand they could potentially either stop the contraception entirely (increasing the chances of pregnancy) or flood the woman’s body with massively higher levels of the drug that could cause illness.
So, would you trust the technology to manage your or your wife’s fertility? Or would you be concerned about (ahem) unauthorised penetration?
It’s not as though security researchers and hackers haven’t shown they can take control of how much insulin is pumped through a patient’s body, or that a former vice-president of the United States wasn’t so frightened of assassination that he had the wireless feature of his implanted heart defibrillator deactivated.
In an interview with Mashable, Robert Farra of MicroCHIPS attempts to reassure the public that the devices are being made with security in mind:
A hacker would have to contact the patient’s skin to reach the device, and all and the commands are sent by radio frequency rather than by Bluetooth. The short range also makes it impossible for a hacker to “listen in,” The short range also makes it impossible for a hacker to “listen in,” Farra says.
The chip has a micro-clock that remembers when the last 30-day reservoir was opened. Even if that failed, the chip’s battery is not strong enough to melt all the seals at once and release the all the reservoirs at the same time.
Farra also says chips will not break in an accident and release drugs because they are strong enough to resist hundreds of pounds of pressure per square inch. They will be implanted in soft parts of the body that offer cushioning, he adds.
Car manufacturers spend millions ensuring that their vehicles are safe to drive, as they know that they would be hit by huge consequences if they had an endemic safety problem. Similarly, there are bodies who keep a close eye on our utility systems to make sure that they are not poisoning us, and hoops that manufacturers must jump through before they can put electrical devices onto the market.
Let us all hope that medical device manufacturers are taking their responsibility to our safety seriously, and teaming up with cybersecurity experts to ensure that their wireless devices are protected from malicious hackers.
Time will tell if MicroCHIPs safety measures will have been sufficient or not. If they’re not, what’s the betting that someone will drily condemn their offspring with a telling name.
Author Graham Cluley, We Live Security