Tuning Into Medical Implants With The RTL-SDR

With a bit of luck, you’ll live your whole life without needing an implanted medical device. But if you do end up getting the news that your doctor will be installing an active transmitter inside your body, you might as well crack out the software defined radio (SDR) and see if you can’t decode its transmission like [James Wu] recently did.

Before the Medtronic Bravo Reflux Capsule was attached to his lower esophagus, [James] got a good look at a demo unit of the pencil-width gadget. Despite the medical technician telling him the device used a “Bluetooth-like” communications protocol to transmit his esophageal pH to a wearable receiver, the big 433 emblazoned on the hardware made him think it was worth taking a closer look at the documentation. Sure enough, its entry in the FCC database not only confirmed the radio transmitted a 433.92 MHz OOK-PWM encoded signal, but it even broke down the contents of each packet. If only it was always that easy, right?

The 433 ended up being a coincidence, but it got him on the right track.

Of course he still had to put this information into practice, so the next step was to craft a configuration file for the popular rtl_433 program which split each packet into its principle parts. This part of the write-up is particularly interesting for those who might be looking to pull data in from their own 433 MHz sensors, medical or otherwise

Unfortunately, there was still one piece of the puzzle missing. [James] knew which field was the pH value from the FCC database, but the 16-bit integer he was receiving didn’t make any sense. After some more research into the hardware, which uncovered another attempt at decoding the transmissions from the early days of the RTL-SDR project, he realized what he was actually seeing was the combination of two 8-bit pH measurements that are sent out simultaneously.

We were pleasantly surprised to see how much public information [James] was able to find about the Medtronic Bravo Reflux Capsule, but in a perfect world, this would be the norm. You deserve to know everything there is to know about a piece of electronics that’s going to be placed inside your body, but so far, the movement towards open hardware medical devices has struggled to gain much traction.

12 thoughts on “Tuning Into Medical Implants With The RTL-SDR

  1. Great, now we have the surreal outlook of people hacking into this and seeing how many people they can simply tune in, turn off, hold for ransom or corrupt.

    1. Not really. First, you can’t hold him to random as the device has no receiver and doesn’t respond to commands. Second, all you could do is disrupt or otherwise interfere with his doctor reading the data from it. And there are much easier ways of achieving that – just jam the signal. No need for reverse engineering at all.

    2. I completely agree. Having my internal details broadcast unencrypted terrifies me. Surely something is required. I know this device is read only and who cares about my gut pH, however, this a start to his technology. What could happen when higher functions are available (e.g. brain / machine interfaces.)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.