Hacking Pacemakers

The original pacemaker was invented by Canadian John Hopps in the early 1950s. Since then millions have been implanted in patients and insertion is now considered routine

A recent study examined the number of cardiac pacemakers around the world.

There were contributions from 61 countries: 25 from Europe, 20 from the Asia Pacific region, seven from the Middle East and Africa, and nine from the Americas. The 2009 survey involved 1,002,664 pacemakers, with 737,840 new implants and 264,824 replacements. The United States of America (USA) had the largest number of cardiac pacemaker implants (225,567) and Germany the highest new implants per million population (927).

Countless lives have been saved and quality of life improved for many others. As we would expect, there have been incredible advances in the devices over the past half century. Recently, in a effort to decrease surgery complications and infection rates, manufacturers have been taking advantage of wireless technology. This has allowed physicians to monitor the devices over the internet via computer or smartphone.

Unfortunately, this wireless technology comes with a different sort of risk: hacking.

IOActive researcher Barnaby Jack has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.

The effect of the wireless attacks could not be overstated — in a speech at the BreakPoint security conference in Melbourne today, Jack said such attacks were tantamount to “anonymous assassination”, and in a realistic but worse-case scenario, “mass murder”.

In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop.

The pacemakers contained a “secret function” which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity.

With his software, he was also able to identify the user names and passwords for the manufacturers servers. He was able to develop a virus that could spread from one pacemaker to the next, enabling an electronic mass murder.

He was developing a graphical administration platform dubbed “Electric Feel” which could scan for medical devices in range and with no more than a right-click, could enable shocking of the device, and reading and writing firmware and patient data.

“With a max voltage of 830 volts, it’s not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop,” he said.

This same technology has demonstrated the vulnerability of wireless insulin pumps. There are a number of fairly obvious reasons to implement such an attack.

Dr. William Maisel, an assistant professor at Harvard Medical School, gave some examples. “Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer’s reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker’s ego.”

It is important to note that there have been no instances of such software being used in the real world. These findings from security experts are used to improve security for upgrades or future generations of the devices. Manufacturers are taking the threats seriously by jamming signals.

If all broadcasting radio “noise” on the implant frequency is blocked by a jamming device, it prevents the doctor as well as an attacker from receiving the data signals. The researchers created “the shield” prototype so doctors could still access the data but passive eavesdroppers and active attackers sending radio commands could not.

The innovation radio design device does not jam all signals, but the paper states that a “sophisticated adversary” could “transmit at 100 times the shield’s power” and the shield’s jamming broadcast would still block communications until the attacker was within five meters of the victim’s implant.

This is complicated stuff and so far, it is only security and university researchers who have pointed out the dangers. Nothing in this world is totally risk free, and the advantages of pacemakers and insulin pumps far outweigh the dangers of wireless attacks. The industry is now aware of the risks and taking appropriate measures. Certainly, no one should ever refuse a pacemaker because of this potential risk. They are much too valuable for that.

This entry was posted in Health and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s