Just as we all have our own unique fingerprint, we also differ from each other in having our own specific heartbeat. And, just as we are exposed to the risk of having our fingerprint copied, an electrocardiogram can become vulnerable to cyber-attacks..

With the objective of protecting a person’s electrocardiogram from this type of attack, two undergraduate Biomedical Engineering students at Universidad CEU San Pablo, Carmen Cabezaolías and Pablo Carnero, together with professor Ruzica Jevtic, have developed a project which has been awarded first prize in the IEEEduino international competition at the IEEE Region 8 Student and Young Professional Congress 2022.

This project consists of a BITalino wearable device connected to a low-cost microcontroller (Arduino) which produces encrypted data. The wearable device encrypts the electrocardiogram and sends it to the hospital over a wireless network in order to ensure the security of its transmission. It has been demonstrated that it can even be used to identify individuals as each of us have distinctive heart physiologies, therefore producing a unique heartbeat imprint.

However, cyber-attacks have increased on these devices, especially so-called "side-channel" attacks, in which the hacker can capture a physical signal from the device, such as its electromagnetic radiation, sound or power consumption, and then retrieve the data. With this procedure, hackers are able to retrieve the encryption key of the cryptographic algorithm from the captured signal. Once the digital key has been obtained, the hacker has complete access to the data that is being transmitted.

The increased use of wearable devices has led to the emergence of cyber-attacks. To combat them, the students have simulated attacks related to controller usage, allowing them to retrieve the secret key. Nowadays, this type of hacking is very common with credit cards, smartphones and laptops. For example, by bringing a small antenna next to the patient’s device, electromagnetic radiation can be measured and private information such as credit card PIN numbers or mobile phone passwords can be retrieved. However, very little is currently known about attacks on a wearable device that measures electrocardiograms and the students are pioneers in this area.

What are wearable devices?

Wearable devices that measure electrocardiograms have made great progress in recent years. The purpose of these devices is to monitor heart function and to track and even diagnose cardiovascular disorders.