Researchers Warn of mmWave Heart-Monitoring Privacy Risks — And Develop "Camouflage" Against Them
Low-cost high-sensitivity radar sensors capable of monitoring your heart rate across the room can now be spoofed, thanks to MetaHeart.
Researchers from Rice University, the University of Maryland, Brown University, the Los Alamos National Laboratory, and the Sandia National Laboratories have warned of the invasive potential of radar-based heart rate monitoring systems — while coming up with a way to "camouflage" your pulse from such systems.
"Sensing technologies are becoming higher resolution and more pervasive, and concerns around what that means for privacy should be taken seriously," says senior author Edward Knightly of the team's research focus. "It is important to explore potential vulnerabilities and think about how we might address them."
The vulnerability at the heart of the team's research is based around millimeter-wave (mmWave) radar sensors, now available off-the-shelf at a low cost and capable of picking up even small motions — to the point of being able to monitor breathing and pulse rate across a room. Used properly, these devices can deliver presence and activity monitoring as well as health monitoring; used improperly, the team argues, they could represent a new way to invade people's privacy.
The researchers set up a scenario in which a surveillance target, Alice, was monitored by a malicious attacker, Trudy, using a millimeter-wave radar sensor — inferring stress and fatigue levels and other details about Alice's potential emotional state. This same approach, they argue, could also be used to monitor employees and make sure they're working hard enough to please upper management.
"We used this scenario to stage a technologically possible use case for a radar-based heart rate monitoring system," explains co-author Dora Zivanovic.
The research goes beyond just warning of the potential impact of such a system, though, by providing a way to fight back: MetaHeart, a programmable metasurface that reflects a fabricated heart rate to the sensor, acting as "camouflage" against monitoring. "We fool the radar on the level of the electromagnetic signal itself,” Zivanovic explains. “You can program the device with any heartbeat pattern you like."
In testing, MetaHeart delivers a 98% success rate in spoofing a heart rate — and even worked when the target left the room, leaving the MetaHeart device behind.
The team's work has been published in the journal Computer Connections under closed-access terms.