Tuning Into Medical Implants With The RTL-SDR

With a bit of luck, you’ll live your whole life without needing an implanted medical device. But if you do end up getting the news that your doctor will be installing an active transmitter inside your body, you might as well crack out the software defined radio (SDR) and see if you can’t decode its transmission like [James Wu] recently did.

Before the Medtronic Bravo Reflux Capsule was attached to his lower esophagus, [James] got a good look at a demo unit of the pencil-width gadget. Despite the medical technician telling him the device used a “Bluetooth-like” communications protocol to transmit his esophageal pH to a wearable receiver, the big 433 emblazoned on the hardware made him think it was worth taking a closer look at the documentation. Sure enough, its entry in the FCC database not only confirmed the radio transmitted a 433.92 MHz OOK-PWM encoded signal, but it even broke down the contents of each packet. If only it was always that easy, right?

The 433 ended up being a coincidence, but it got him on the right track.

Of course he still had to put this information into practice, so the next step was to craft a configuration file for the popular rtl_433 program which split each packet into its principle parts. This part of the write-up is particularly interesting for those who might be looking to pull data in from their own 433 MHz sensors, medical or otherwise

Unfortunately, there was still one piece of the puzzle missing. [James] knew which field was the pH value from the FCC database, but the 16-bit integer he was receiving didn’t make any sense. After some more research into the hardware, which uncovered another attempt at decoding the transmissions from the early days of the RTL-SDR project, he realized what he was actually seeing was the combination of two 8-bit pH measurements that are sent out simultaneously.

We were pleasantly surprised to see how much public information [James] was able to find about the Medtronic Bravo Reflux Capsule, but in a perfect world, this would be the norm. You deserve to know everything there is to know about a piece of electronics that’s going to be placed inside your body, but so far, the movement towards open hardware medical devices has struggled to gain much traction.

Building A Heavy Duty Open Source Ventilator

Since the COVID-19 pandemic started, we’ve seen several attempts to create homebrew ventilators designed to address the shortage of these lifesaving machines. Unfortunately, most hackers aren’t terribly experienced when it comes to designing practical medical equipment. So while many of the designs might have appeared functional on the workbench, there’s little chance they’d get used in any official capacity.

The open source DP Ventilator is still clearly the product of a couple plucky hackers, but we think it shows a level of design maturity that’s been missing in many of the earlier attempts. Made primarily with 3D printed components, this mechanical device is designed to operate a hand-held manual resuscitator; essentially standing in for a human operator. This makes the design far less complex than if it had to actually pump air itself, not to mention safer for the patient since the resuscitator (often referred to as an Ambu Bag) installed in it would be a sterile pre-packaged item.

In the video after the break, you can see just how much thought and effort has been put into the device’s touch screen interface. With a few quick taps the medical professional operating the DP Ventilator can dial in variables such as breathing rate, pressure, and volume to match the patient’s needs. While the Arduino Mega 2560 at the machine’s heart wouldn’t pass muster for any regulating body in charge of medical devices, we think with a few more tweaks, this design is getting close to something that might actually be able to save lives.

Continue reading “Building A Heavy Duty Open Source Ventilator”

Teardown: Orthofix SpinalStim

If you’ve ever had a particularly nasty fracture, your doctor may have prescribed the use of an electronic bone growth stimulator. These wearable devices produce a pulsed electromagnetic field (PEMF) around the bone, which has been shown to speed up the natural healing process in a statistically significant number of patients. That’s not to say there isn’t a debate about how effective they actually are, but studies haven’t shown any downsides to the therapy, so it’s worth trying at least.

Image from SpinalStim manual.

When you receive one of these devices, it will be programmed to only operate for a certain amount of time or number of sessions. Once you’ve “used up” the bone stimulator, it’s functionally worthless. As you might imagine, there’s no technical reason this has to be the case. The cynic would say the only reason these devices have an expiration date on them is because the manufacturer wants to keep them from hitting the second hand market, but such a debate is perhaps outside the scope of these pages.

The Orthofix SpinalStim you’re seeing here was given to me by a friend after their doctor said the therapy could be cut short. This provided a somewhat rare opportunity to observe the device before it deactivated itself, which I’d hoped would let me take a closer look at how it actually operated.

As you’ll soon see, things unfortunately didn’t work out that way. But that doesn’t mean the effort was fruitless, and there may yet be hope for hacking these devices should anyone feel like taking up the challenge.

Continue reading “Teardown: Orthofix SpinalStim”

Infection? Your Smartphone Will See You Now

When Mr. Spock beams down to a planet, he’s carrying a tricorder, a communicator, and a phaser. We just have our cell phones. The University of California Santa Barbara published a paper showing how an inexpensive kit can allow your cell phone to identify pathogens in about an hour. That’s quite a feat compared to the 18-28 hours required by traditional methods. The kit can be produced for under $100, according to the University.

Identifying bacteria type is crucial to prescribing the right antibiotic, although your family doctor probably just guesses because of the amount of time it takes to get an identification through a culture. The system works by taking some — ahem — body fluid and breaking it down using some simple chemicals. Another batch of chemicals known as a LAMP reaction mixture multiplies DNA and will cause fluorescence in the case of a positive result.

Continue reading “Infection? Your Smartphone Will See You Now”

Seek And Exploit Security Vulnerabilities In An Infusion Pump

Infusion pumps and other medical devices are not your typical everyday, off-the-shelf embedded system. Best case scenario, you will rarely, if ever, come across one in your life. So for wide-spread exploitation, chances are that they simply seem too exotic for anyone to bother exploring their weaknesses. Yet their impact on a person’s well-being makes potential security holes tremendously more severe in case someone decides to bother one day after all.

[Scott Gayou] is one of those someones, and he didn’t shy away from spending hundreds of hours of his free time inspecting the Smiths Medical Medfusion 4000 infusion pump for any possible security vulnerabilities. Looking at different angles for his threat model, he started with the physical handling of the device’s user interface. This allowed him to enable the external communication protocols settings, which in turn opened to the device’s FTP and Telnet ports. Not to give too much away, but he manages to gain access to both the file system content and — as a result of that — to the system’s login credentials. This alone can be clearly considered a success, but for [Scott], it merely opened a door that eventually resulted in desoldering the memory chips to reverse engineer the bootloader and firmware, and ultimately executing his own code on the device.

Understanding the implications of his discoveries, [Scott] waited long enough to publish his research so the manufacturer could address and handle these security issues. So kudos to him for fighting the good fight. And just in case the thought of someone gaining control over a machine that is crucial to your vitality doesn’t scare you enough yet, go ahead and imagine that device was actually implanted in your body.

Hackaday Prize Entry: HeartyPatch

[Ashwin K Whitchurch] and [Venkatesh Bhat] Have not missed a beat entering this year’s Hackaday Prize with their possibly lifesaving gadget HeartyPatch. The project is a portable single wire ECG machine in a small footprint sporting Bluetooth Low Energy so you can use your phone or another device as an output display.

Projects like this are what the Hackaday Prize is all about, Changing the world for the better. Medical devices cost an arm and a leg so it’s always great to see medical hardware brought to the Open Source and Open Hardware scene. We can already see many uses for this project hopefully if it does what’s claimed we will be seeing these in hospitals around the world sometime soon. The project is designed around the MAX30003 single-lead ECG monitoring chip along with an ESP32 WiFi/BLE SoC to handle the wireless data transmission side of things.

We really look forward to seeing how this one turns out. Even if this doesn’t win a prize, It’s still a winner in our books even if it only goes on to help one person.

Transcranial Electrical Stimulation With Arduino, Hot Glue

The advance of electronic technology has been closely followed by the medical community over the past 200 years. Cutting edge electronics are used in medical imaging solutions to provide ever greater bandwidth and resolution in applications such as MRI machines, and research to interface with the human nervous system continues at a breakneck pace. The cost of this technology – particuarly in research and development – is incredibly high. Combine this with the high price of the regulatory approvals necessary for devices which deal in terms of life and death, and you’ll find that even basic medical technology is prohibitively expensive. Just ask any diabetic. On the face of things, there’s a moral dilemma. Humanity has developed technologies that can improve quality of life. Yet, due to our own rules and regulations, we cannot afford to readily distribute them.

One example of this is that despite the positive results from many transcranial electrical stimulation (TCS) studies, the devices used are prohibitively expensive, as are treatment regimens for patients. Realising this, [quicksilv3rflash] decided to develop a homebrew, open source transcranial electrical stimualtion device, and published it on Instructables. Yes, that’s the world we’re now living in.

It’s important to publish a warning here: Experimenting with this sort of equipment can easily kill you, fry your brain, or have any number of other awful results. If you don’t have a rock solid understanding of the principles behind seperate grounds, or your soldering is just a little sloppy, you don’t want to go anywhere near this. In particular, this device cannot be powered safely by a wall-wart.

To be honest, we find it difficult to trust any medical device manufactured out of modules sourced from eBay. But as a learning excercise, there is serious value here. Such a project requires mastery of analog design to avoid dangerous currents being passed to the body. The instructions also highlight the importance of rigorously testing the device before ever connecting it to a human body.

The equipment is based around an Arduino Nano receiving commands from a computer over serial, fed by an application written in Python & PyGame. To think, this writer thought he was being bold when he used it to control a remote control car! The Arduino Nano interprets this data and outputs it over SPI to a DAC which outputs a signal which is then amplified and fed to the human brain courtesy of op-amps, boost converters and sponge electrodes. The output of the device is limited to +/-2.1mA by design, in accordance with suggested limits for TCS use.

It should be noted, [quicksilv3rflash] has been experimenting with homebuilt TCS devices for several years now, and has lived to tell the tale. It’s impressive to see a full suite of homebrew, opensource tools being developed in this field. [quicksilv3rflash] reports to have not suffered injuries from the device, and several devices have been shipped to redditors. We’ve only found minimal reports on people receiving these, but nothing on anyone actually using the hardware as intended. If you’ve used one, get in touch in the comments.

It goes without saying – this sort of experimentation is dangerous and the stakes for getting it wrong are ludicrously high. We’ve seen before what happens when medical devices malfunction – things get real ugly, real fast. But hackers will be hackers and if you were wondering if it was possible to build a TCS device for under $100 in parts from eBay, well, yes. Yes it is.