Friday, October 19, 2012

Pacemakers Can Be Hacked... Shocking (literally)

Hackers may be able to control pacemakers from several manufacturers, making them capable of delivering a deadly, 830-volt shock.  All the hacker needs is a laptop up to 50 feet away.  This is all due to bad programming.  The new research comes from Barnaby Jack of security vendor IOActive, known for his analysis of other medical equipment such as insulin-delivering devices. 

Jack spoke at the Breakpoint security conference in Melbourne on Wednesday, saying that the flaw lies with the programming of the wireless transmitters used to give instructions to pacemakers and implantable cardioverter-defibrillators (ICDs), which detect irregular heart contractions and deliver an electric shock to avert a heart attack.  A successful attack using the flaw "could definitely result in fatalities," said Jack. 

Jack was able to send a series of 830-volt shocks (enough to cause death) to a pacemaker and use a "secret function" to activate other pacemakers within a 30-foot radius. With the function activated, the devices would give up their serial numbers, allowing hackers to upload malware that could spread like a virus to other pacemakers. Jack said that the devices, if infected, could release personal and manufacturer data.

"The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and… the compromised programmer would then infect the next pacemaker or [defibrillator] and then each would subsequently infect all others in range,” he said.

No comments:

Post a Comment