10 August 2008

Remotely turning off cardiac pacemakers

"...medical device security researchers have figured out how to turn off someone’s pacemaker via remote control...
Let’s not have a collective heart attack, at least not yet. The people on the right side of the security fence are the ones who have figured this out so far. But this has very serious implications for the 2.6 million people who had pacemakers installed from 1990 to 2002 (the stats available from the researchers). It also presents product liability problems for the five companies that make pace makers.

...the devices have a built-in test mechanism which turns out to be a bug that can be exploited by hackers. There is no cryptographic key used to secure the wireless communication between the control device and the pacemaker.

...they used a cheap $1,000 system to mimic the control mechanism. It included a software radio, GNU radio software, and other electronics. They could use that to eavesdrop on private data such as the identity of the patient, the doctor, the diagnosis, and the pacemaker instructions. They figured out how to control the pacemaker with their device. “You can induce the test mode, drain the device battery, and turn off therapies...”

Translation: you can kill the patient... (Text and image credit here)

No comments:

Post a Comment