Can Pacemakers be Hacked?

Can pacemakers really be hacked, meaning that even medical devices meant to save lives aren’t safe from hackers and could actually be used for harm? Emmy winning drama ‘Homeland’ used this as a plot line, showing *SPOILER terrorists hacking in to the vice president’s pacemaker (or more realistically a implantable cardioverter-defibrillator (ICD), Credit). in order to assassinate him. While many scoffed this off as science fiction, the technique was proven successful – though not by terrorists – in 2008.

The world of hacking sounds like something out of a C. S. Lewis novel. There are the “white hats”, or the good guys, who try and find the hacks in the software before the dreaded “black hats”, or bad guys, get their mischievous hands on them.

The late Barnaby Jack was a respected white hat, working for IOActive, a computer security service. Jack was 35 years-old, was living in San Francisco and was working on a presentation that exposed an unnamed manufacturer’s flaw. The flaw shows that pacemakers and ICD’s could be controlled wirelessly.

Jack died July 25th in his apartment just days before this presentation.

The plot on ‘Homeland’ brought this issue of hacking to the forefront and speculation has created a greater demand for information. The writers of the show got the idea from Barnaby J. Feder (not the same Barnaby as above, oddly enough) and his article for The New York Times on the subject.

The article states that labs in the University of Wisconsin and Michigan had, in 2008, foundPacemaker a way for these pacemakers to be hacked but only if the machines are inches away. This is true for any device made before 2006. After that, the Food and Drug Administration began to approve pacemakers and ICD’s with radiofrequency technology, which allows for wireless hacking. Credit

Barnaby Jack, in his blog post after the episode aired, stated the show over-dramatized the hack and that it was actually easier to accomplish. His first thought after watching the episode? “TV is so ridiculous! You don’t need a serial number!” Credit. Even though the chances of an attack via pacemaker is slim, there are people – like IOActive – working on keeping them safe.

In his last blog for the IOActive company, Jack was only positive in the continued success and safety of pacemakers:

“Our goal with this research is not for people to lose faith in these life-saving devices. These devices DO save lives. We are also extremely careful when demonstrating these threats to not release details that could allow an attack to be easily reproduced in the wild…We are actively engaging medical device manufacturers and sharing our knowledge with them.” Credit

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>