With a little creativity it is possible to hack a heart monitor and induce a heart attack on the unsuspecting victim. A UMass professor created such a device as a test…and it worked.
Time for pacemaker manufacturers to consider a security framework around their devices and the interfaces.
Can hackers control wireless implantable devices?
Tuesday – August 18th, 2009 – 10:07am EST by Brian Dolan | ICD | MIT Review | wireless implantable devices | wireless security |
While investigating potential security holes in wireless pacemakers, Kevin Fu, software engineer and assistant professor of computer science at University of Massachusetts-Amherst, has created a prototype “heart-attack machine,” according to a MIT Technology Review report.
Fu spent nine months de-constructing the “matchbook-sized microchip and antenna coil” that connects the latest generation ICDs to the Internet to uncover its security risk potential. Fu correctly believed that hackers could be able to listen in on the wireless communication between an ICD and its programming computer and then use that signal to control the device and inflict harm on the patient.
Fu created a device, that could be “easily miniaturized” to an iPhone-sized device, that can communicate with a patient’s ICD, according to the report.
“Fu’s software radio was capable of completely reprogramming a patient’s ICD while it was in his or her body,” MIT Review writes. “The researchers were able to instruct the device not to respond to a cardiac event, such as an abnormal heart rhythm or a heart attack. They also found a way to instruct the defibrillator to initiate its test sequence–effectively delivering 700 volts to the heart–whenever they wanted.”
The research described in the MIT Review article is a must-read for any company working in the wireless implantable devices market. Read the article over at MIT Review here.
