Tattooing Patients With UV Ink Could Protect Pacemakers From Hackers

More and more implantable devices, like pacemakers or defibrillators, are turning to wireless signals as a means to communicate with external devices, but in doing so they open themselves to security breaches. Several solutions are in the works that tackle this problem by upping device defenses, but by piling on security measures, yet another risk emerges: that at a critical time an authorized physician might not be able to access the device.

So Microsoft Research proposes putting a new technological spin on an old, time-tested security protocol: protect every device with a password, then tattoo the password right onto the patient in invisible UV ink.

It’s a hard concept to argue with: cryptography works pretty well, after all, and a device that is password-protected with a random string of characters would indeed be difficult to hack. Such schemes have been proposed before, using identifier bracelets or RFID tags that contain the passcode, but these options aren’t so secure; a patient can easily lose a bracelet, and RFID tags themselves aren’t immune to malicious requests.

But tattoos can’t be lost, forgotten or, depending on placement, even viewed without the owner being aware. Moreover, using micropigmentation technology the tattoos could be invisible, revealing themselves only in the presence of focused UV light. ERs would simply keep an ultraviolet LED-equipped device on hand that allows medical personnel to see the tattoo — which would be inked into the skin at the point of implantation — and enter the password via a keypad or touchscreen.

It’s not an impenetrable security plan, but it beats a lot of the ones that have come before it. It’s possible that someone could get close enough to you to see your tattoo, but chances are if a malicious party has you shirtless and cornered under a UV lamp, you’ve got bigger problems.

And no, your password can’t be the Japanese character for “peace.”

Microsoft Research