Have a heart: pacemakers with wireless connections
Wireless security weaknesses are not restricted to wireless networks, Bluetooth, and RFID. Medical devices are also at risk. Modern cardiac pacemakers and implantable defibrillators have a wireless interface that doctors can use to read data logs and change settings without having to operate on patients. Pacemakers can have their rate adjusted or even be switched off completely.
Computer specialists at the University of Washington and Massachusetts have investigated the widely used Medtronic pacemaker, specifically analyzing the transmission protocol used between the implanted device and the diagnosis unit. Using a Software Defined Radio, they were able to communicate with the implant and cause the defibrillator to send pulses.
At present, the risk is largely theoretical, primarily because the communication range of the transmitter and receiver is very limited. But the researchers believe that as the number of people with pacemakers increases we must develop the means for patients to control access, ideally without increasing power consumption. One solution would be authentication of the external unit.
Implant manufacturer Boston Scientific has reportedly already integrated safety and cryptography functions in its units. Medtronic says that its latest models with a greater range also have security functions.
- Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses (PDF), Research paper by Daniel Halperin et al.