Receiving pH Readings from a Wireless Medical Implant with RTL-SDR

Over on Hackaday we've learned about an interesting investigation by James Wu who was recently implanted with a stomach pH (acidity) monitoring device called the "Medtronic Bravo Reflux Capsule". Whilst inspecting the patient demo capsule James noted that the device transmitted data wirelessly via a very small low power transmitter, in particular noticing a telltale "433" written on a component on the device, indicating that it uses the 433 MHz ISM band.

Back at home he pulled up the FCC filing for the device, which unveiled that it is OOK-PWM modulated, and operates at 433.92 MHz. The rest of the filing also had information noting that the implant transmits a 59-bit data packet every 12 seconds, and contained a nice breakdown of the packet structure, making it easy for decoding.

With all the information about the device's wireless transmissions now known, James grabbed his RTL-SDR and fired up SDR# to confirm that the signal was indeed transmitting every 12 seconds at 433.92 MHz. Next he was able to decode the data from the device by inputting the protocol information learned from the FCC filing into an rtl_433 command line string.

After a bit of further work James discovered that the pH data was actually two readings in one data string. At this stage he finally had the pH reading, however it was represented as an 8-bit ADC reading with a value between 0 to 255. James plotted the relationship between the 8-bit raw ADC reading, and the pH value shown on the official Medtronic receiver. With this he was able to determine a linear relationship between the ADC reading and real pH reading, but notes that there may be a more accurate calibration curve required for actual medical use.

Decoding pH readings from a stomach implant with an RTL-SDR

If you're interested in wireless medical devices, in the past we've seen how SDRs could be used to not only receive data coming from Minimed Insulin pumps, but to maliciously control them with a HackRF too. We've also seen that data could possibly be received from implanted heart defibrillators as well.

Tweet
Share
Reddit
Vote
Email

Related posts:

  1. Reverse Engineering Wireless Blinds with an RTL-SDR and Controlling them with Amazon Alexa
  2. Reverse Engineering and Controlling a Wireless Doorbell with an RTL-SDR and Arduino
  3. Analyzing 433 MHz Transmitters with the RTL-SDR
  4. Replicating A Rolljam Wireless Vehicle Entry Attack with a Yardstick One and RTL-SDR
  5. Recovering 433MHz Messages with RTL-SDR and MATLAB
Subscribe
Notify of
guest

1 Comment
Inline Feedbacks
View all comments
GiamMa
#219317

To learn more of risk assessment of cyber-attacks on telemetry-enabled in a medical implantable electronic devices (MIED) https://giammaiot.blogspot.com/2021/07/decoding-radio-protocol-ph-wireless.html , for anyone wishing to deepen the subject.

0
Reply