Wednesday, March 19, 2008

The Pacemaker Hacking Prelude


A group of researchers from the Medical Device Security Center (who would've thought we needed one of those?) have demonstrated wireless vulnerabilities in some cardiac monitor-pacemakers that may allow someone to remotely deactivate them while they're implanted in a patient. Now that's what I call malicious.

Properly called "implantable cardiac defibrillators," the devices are used to keep people's dicky tickers beating regularly, acting to speed them up if too slow or shock a heart that is beating too fast. Modern ones have wireless functions so that doctors can reprogram them to suit a patient's condition, and that's the problem, since these signals are unencrypted.

That means you could potentially intercept them, and use the data to transmit signals that would turn off the device or even deliver shocks that could trigger a heart attack.

Pacemaker wearers need not panic, though, freaky as this sounds: you'd have to be very close to someone to perform an attack, and the kit the science team used cost a chunky $30,000. Phew.