“I’ve been hacked, and now I’m pregnant!”

We put trust in technology every day.

We drive a car to work, and trust that its brakes won’t fail too badly, and that its engine won’t explode in a massive fireball on the dual carriageway.

We tap words into a computer, and trust that someone didn’t goof up the wiring and that we’re not going to get an electric shock.

We drink water, and trust that the computers at the water filtration plant didn’t go wacko and allow some toxic element to make its way into the taps in our houses.

It’s clear that we trust technology a lot. And with some very important things.

So, it’s interesting that some things that technology can help with seem to automatically send a shiver down our security spines.

Take MicroCHIPs, for instance. They’re a company from Lexington, Massachusetts, whose tagline is “programmable drug delivery” and describe claim to specialise in “intelligent implanted devices designed to improve the health of millions of people”.

According to CNET, MicroCHIPs has developed a tiny chip that can be implanted under a woman’s skin to manage her birth control for up to 16 years.

The chip, which measures just 20 x 20 x 7 millimetres, contains tiny reservoirs – filled with birth control drugs.

MicroCHIPs’ technology is based on proprietary reservoir arrays that are used to store and protect potent drugs within the body for long periods of time. These arrays are designed for compatibility with preprogrammed microprocessors, wireless telemetry, or sensor feedback loops to provide active control. Individual device reservoirs can be opened on demand or on a predetermined schedule to precisely control drug release or sensor activation.

Sounds clever doesn’t it?

And, guess what? You can control the chip wirelessly via a remote control.

So, you had better hope that someone malicious can’t subvert the security in the chip’s wireless communications.

After all, if they are able to control the drug’s release on demand they could potentially either stop the contraception entirely (increasing the chances of pregnancy) or flood the woman’s body with massively higher levels of the drug that could cause illness.

MChips graphic

So, would you trust the technology to manage your or your wife’s fertility? Or would you be concerned about (ahem) unauthorised penetration?

It’s not as though security researchers and hackers haven’t shown they can take control of how much insulin is pumped through a patient’s body, or that a former vice-president of the United States wasn’t so frightened of assassination that he had the wireless feature of his implanted heart defibrillator deactivated.

In an interview with Mashable, Robert Farra of MicroCHIPS attempts to reassure the public that the devices are being made with security in mind:

A hacker would have to contact the patient’s skin to reach the device, and all and the commands are sent by radio frequency rather than by Bluetooth. The short range also makes it impossible for a hacker to “listen in,” The short range also makes it impossible for a hacker to “listen in,” Farra says.

The chip has a micro-clock that remembers when the last 30-day reservoir was opened. Even if that failed, the chip’s battery is not strong enough to melt all the seals at once and release the all the reservoirs at the same time.

Farra also says chips will not break in an accident and release drugs because they are strong enough to resist hundreds of pounds of pressure per square inch. They will be implanted in soft parts of the body that offer cushioning, he adds.

Car manufacturers spend millions ensuring that their vehicles are safe to drive, as they know that they would be hit by huge consequences if they had an endemic safety problem. Similarly, there are bodies who keep a close eye on our utility systems to make sure that they are not poisoning us, and hoops that manufacturers must jump through before they can put electrical devices onto the market.

Let us all hope that medical device manufacturers are taking their responsibility to our safety seriously, and teaming up with cybersecurity experts to ensure that their wireless devices are protected from malicious hackers.

Time will tell if MicroCHIPs safety measures will have been sufficient or not. If they’re not, what’s the betting that someone will drily condemn their offspring with a telling name.

Chip, perhaps?

Author Graham Cluley, We Live Security

  • Sasha

    big fan of you graham,and another nice article!

  • deafgimp

    You know, pain medication is also controlled this way and has been for years. Never has anyone been afraid of the situation you described.

    • Coyote

      “If no one knows about the problem, then it must be secure…”

      I.e., security through obscurity. That itself is worse than security especially when it is OTHERS’ security as in the article. I prefer pain over numbness (e.g., during procedures, yes some quite serious) and I also (clearly) have a very high pain threshold (and this is not an exaggeration but rather UNDERstated) so I cannot really judge on if it is wireless as such (but there’s differences too, in how it is implemented)… but I can tell you you are falling for a SERIOUS fallacy…. Security through obscurity can actually be even worse, though. Some times it is a KNOWN problem (see above quote) and the vendor (say) does not address the problem (and actually suggests it is NOT a problem) because it isn’t known to others, relies on some obscure or obfuscated feature set, etc., and somehow deems themselves above others. That is a dangerous mindset: when someone DOES find the problem it will hurt (pun intended, as always…).

  • teejay

    It amuses me that the article title reads “… and now I’m pregnant by Graham Cluley…”

    • I’ve been trying to think of a riposte to that that won’t offend -somebody- but failed miserably. :)

      • Coyote

        That’s easy: You just have to use your ‘head’ (just wait…) a bit. For instance: tell her (?) it is psychogenic (which is to say IN his/her head!) since you don’t see that same thing (so it HAS to be in their head). Indeed, I see for instance only the title followed by ‘- Mozilla Firefox’.

  • Coyote

    Re: “So, would you trust the technology to manage your or your wife’s
    fertility? Or would you be concerned about (ahem) unauthorised
    You’re on a nice anthem of puns and as I believe I have made very well aware to you, there is no such thing as a bad pun. I’m generally full of them (and perhaps IT) but at this time I don’t have yet another (though another article that has a pun, that I responded to today also has a pun… and somewhere else I made use of them). But since there are only good puns (and > good) I do have to commend you for this one. So there you have it.

    I read about this last week (if I’m not – and here comes a pun after all… but what can I ‘say’? – screwing up my time frame too much) and I had similar thoughts as you (surprising, I’m sure). In general I think wireless with anything of this nature (…) is concerning. This also includes other kinds of products, of course – medical is just one of many.

Follow us

Copyright © 2017 ESET, All Rights Reserved.