Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking a Pacemaker

Posted by CmdrTaco on from the probably-not-the-best-idea dept.

jonkman sean writes "University researchers conducted research into how they can gain wireless access to pacemakers, hacking them. They will be presenting their findings at the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy. Their previous work (PDF) noted that over 250,000 implantable cardiac defibrillators are installed in patients each year. This subject was first raised along with similar issues as a credible security risk in Gadi Evron's CCC Camp 2007 lecture "hacking the bionic man"."

18 of 228 comments (clear)

  1. Bionic eye by sm62704 · · Score: 5, Interesting

    I'm sure glad the device in my eye (see my sig for details) is focused by the eye's muscles rather than electronics/motors. Some things shouldn't be networkable.

    Oh yeah, the oblig: We are cyborg. You will be assimilated. resistance is not only futile but you won't resist, you'll beg to join us..

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    1. Re:Bionic eye by Ihlosi · · Score: 5, Insightful
      Once they've sewn one into my chest (thank God heart disease doesn't run in my family) I wouldn't want it to be programmable!

      Um, yes you do. Do you want them to have to cut you open because you don't like the maximum pacing rate and want to have it reduced by 5 bpm ?

    2. Re:Bionic eye by StylusEater · · Score: 5, Funny

      I can see the headlines... "Cheney's Pacemaker Hacked by Chinese Militants" ... :-) One can only wish.

    3. Re:Bionic eye by tsa · · Score: 4, Informative

      Believe me, you really want the thing to be programmable. They have to try a few settings to find oujt which makes you feel good, and if/when your body changes they can adjust the pacemaker accordingly. Modern pacemakers are marvellous pieces of technology that can give you your life back as long as you program them well!

      --

      -- Cheers!

  2. pacemakers by gEvil+(beta) · · Score: 4, Funny

    Hacking a pacemaker? What could possibly go wr... *thud*

    --
    This guy's the limit!
  3. Don't fear.... much by NIckGorton · · Score: 4, Insightful
    From TFA:

    a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker. They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal

    hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts -- they include Vice President Dick Cheney -- have no need yet to fear hackers No need to fear they tell us because:
    One:

    The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant's signals. And two:

    "To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide," Um, that was until a NYTimes article described that it could be done and (more importantly) a /. article linked to that NYTimes article so tons of geeks worldwide see the information. While security through obscurity doesn't really work, there is something to be said for people just not noticing that a thing is hackable.

    Similarly the argument that it took $30,000 worth of equipment and a 'team of experts' is retarded because the same might probably have been said about DVD encryption till an adolescent did it in his bedroom with his home computer and enough caffeine.

    If I had an AICD, I sure as hell wouldn't want to be around Cheney, lest the signal from mine be confused with his. Of course maybe that is why he has a man sized safe in his office is a Faraday cage.
    1. Re:Don't fear.... much by NIckGorton · · Score: 5, Informative

      I'm not so sure about that (speaking as an ER physician who would generally be the one saying WTF is the password???)

      In the worst case scenarios, either 1) put a donut magnet over it and it can be stopped or 2) give me a scalpel and 30 seconds and I can cut the leads, and then we can externally pace and/or defibrillate the person.

      So I am not sure that the risk of being password protected would outweigh the risk of not being password protected. I'd want mine password protected, then put the password on a medic-alert bracelet that I wear.

  4. Re:Hmmm by Ihlosi · · Score: 4, Funny
    Doesn't Dick Cheney have a pace maker?



    Yes, but the purpose of this device is unclear. What exactly is it pacing ?

  5. Wait for it by Bombula · · Score: 4, Funny

    "It wasn't me grabbing her ass your honor, someone hacked my arm!"

    --
    A-Bomb
  6. Re:remote kill? by Snowgen · · Score: 4, Interesting

    does this mean that someone can eventually kill people remotely?

    The technology for that already exists; it's called a "gun". It replaced an older technology called an "arrow", which in turn was the replacement for an even older technology called the "javelin". There was also an older technology called a "sling" which was a peripheral device designed to increase the effectiveness of the original technology call the "rock".

    People have been remotely killing other people for millions of years.

  7. A better method by yamamushi · · Score: 5, Interesting

    The article details how the researchers had to be within 2 inches of the pacemaker, and several thousands of dollars worth of equipment. I suspect there is an easier way to deactivate a pacemaker, find out what frequency they operate at. I've got an FM radio blocker, that is basically just a 100mhz oscillator, a potentiometer, and a battery. It works by canceling out a given frequency, thus letting me silence my neighbors stereo from 50ft away. I know the technique works for the 2.4ghz band, for blocking out wireless phone signals and whatnot. I suppose finding an oscillator in the high ghz range would suffice for 'killing' a pacemaker.

    --
    - Aetheral Research -
  8. Re:Easy solution by CrashPoint · · Score: 4, Funny

    Why don't they build firewalls into the pacemakers?
    Because then you'd get heartburn. Geez.
  9. Yee-ha! by clickety6 · · Score: 4, Funny



    I'm gonna overclock this sucker!
    Better than a triple espresso!

    --
    ----------------------------------- My Other Sig Is Hilarious -----------------------------------
  10. Re:remote kill? by Oktober+Sunset · · Score: 4, Insightful

    Killing people remotely is not hard, doing it without anyone knowing it was you, without any indication at the time that it was anything other than natural causes, requiring no opportunity other than being within wireless range and leaving no evidence behind whatsoever. That's the novel part.

    --
    What if Tetris was invented by Nazis?
  11. Re:That kind of attitude is the problem by Ihlosi · · Score: 4, Insightful
    Why _does_ a pacemaker need a WiFi interface anyway?

    Because sticking a JTAG connector through someones chest is fairly painful. You're welcome to experiment on yourself to confirm this.

    Also, it's not a WiFi interface. It's a short-range (it goes through your chest, and water absorbs radio waves like crazy), custom, wireless interface. You have no freaking need for those to be networked, in any form or shape.

    And you're, what ? An M.D. ? A biomedical engineer ?

    Tell you what: Have fun with your dumb fixed-rate 75 bpm pacemaker, but don't expect to be running up any stairs anytime soon.

    Any interface to it or from it can be contact-based just as well.

    It basically is, genius. Or do you want it so contact-based that they have to shoot a couple of amps through your chest in order to make the pacemaker respond ? Hint: Think of a vital organ that's very, very close to the pacemaker and reacts very badly to having current shot through it.

    More importantly, we already do _both_ of those for life-and-death systems like flight control systems on airplanes or brake computers on cars. They're both built and reviewed to be as good as bulletproof, _and_ not wired to talk to the outside world, unless one physically plugs in a special connector and a special computer into it.

    They're also conveniently located outside the human body, so plugging a special connector into them doesn't involve going through someones tissue first.

  12. Re:So they can crack RSA and then get the pacemake by frog_strat · · Score: 5, Interesting

    Working on the communications software for one of these devices, I can say for sure there is no encryption on at least one of them. A decision was made by the company to not worry about this issue at the moment.

  13. Hacking the VP by tobiasly · · Score: 5, Funny

    Yes, that's a very real concern that the secret service has been terrified of for years. Most people know that Cheney has a pacemaker, but the real secret is that they forgot to turn off SSID broadcast and its password is "Linksys".

  14. Re:Ah, the smart-arse non-sequiturs by I_Love_Pocky! · · Score: 4, Informative

    I appreciate your enthusiasm, but thank god you aren't designing these devices. I work for one of the competitors to Medtronic (the company whose devices were studied). We have encryption in our RF communication. We DO take security into consideration, but there are trade offs that have to be considered. Battery life is generally the most important consideration. Every time surgery needs to be performed to physically access the device (usually because of a depleted battery) there is a risk of complications. These aren't insignificant risks either. Keep in mind the people getting these devices have health problems of some sort or they wouldn't be getting them. With that in mind, security solutions in this domain have to be very well thought out so as to avoid draining the battery significantly. So please, don't for a second presume that we are a bunch of monkeys sitting around on our asses ignoring real concerns. The real issue is that there are far more concerns than you are aware of. We do evaluate these concerns and try to build the best devices possible with the fewest compromises.