To keep hackers away from implanted devices, researchers use the heartbeat as a password

Just like a phone or computer, devices implanted inside the body can be hacked; potentially with life-threatening consequences. It’s not a common occurrence, but researchers are keen on taking protective measures now instead of later.

A new system out of Rice University uses a combination of a patient’s heartbeat and a medical care provider’s touch as a password before allowing access to an implant.

“If you have a device inside your body, a person could walk by, push a button and violate your privacy, even give you a shock,” graduate student Masoud Rostami said in a release. “He could make (an insulin pump) inject insulin or update the software of your pacemaker. But our proposed solution forces anybody who wants to read the device to touch you.”

The system works by pairing an internal reading of a person’s heartbeat with an external reading touched to their body by the medical care provider. If the two match, the provider is then able to access the implanted device. Even if someone nearby intercepted the heartbeat, heartbeats change so frequently that a minute later the intercepted beat would no longer work.

The researchers said the system would work with existing implanted devices and still allow emergency workers quick access in a dire situation.

Rice researchers aren’t the only people who have recognized the heart as a “random number generator,” to use Rostami’s words. Toronto-based Bionym recently announced Nymi, a wristband that uses the wearer’s heart rhythm to unlock devices like computers and car doors. Nymi will be available for purchase in early 2014.

Nymi smart wristband