Is it possible for someone to hack your heart’s pacemaker? According to the Medical Device Security Center, it sure is…
Report excerpt:
“As part of our research we evaluated the security and privacy properties of a common ICD. We investigate whether a malicious party could create his or her own equipment capable of wirelessly communicating with this ICD.
Using our own equipment (an antenna, radio hardware, and a PC), we found that someone could violate the privacy of patient information and medical telemetry. The ICD wirelessly transmits patient information and telemetry without observable encryption. The adversary’s computer could intercept wireless signals from the ICD and learn information including: the patient’s name, the patient’s medical history, the patient’s date of birth, and so on.
Using our own equipment (an antenna, radio hardware, and a PC), we found that someone could also turn off or modify therapy settings stored on the ICD. Such a person could render the ICD incapable of responding to dangerous cardiac events. A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.”
In addition to medical devices, under experiment are drug monitoring and delivery systems via implanted chips. Gizomodo reported on this in their article “Implanted Microchip Will Monitor your Health, Deliver Drugs from under your Skin.”
I suppose it would be possible to manipulate the amount of drugs released via similar methodology if one were to intercept the chip.
Seems to me that these devices should have encryption built in. What are they thinking? Or maybe that’s extra….
