Pacemakers Are Vulnerable to Hackers
July 23, 2008
Implantable medical devices like pacemakers seem safe for the 25 million Americans who view them as life savers. However, researchers have shown that a combination pacemaker and defibrillator with wireless capabilities--the Medtronic Maximo DR--can be hacked.
In an academic paper, computer scientists from Beth Israel Deaconess Medical Center, Harvard Medical Center, the University of Massachusetts, Amherst and the University of Washington, presented a paper entitled "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero Power Defenses," to the 2008 IEEE Symposium on Security and Privacy.
The authors write that given the advances in implantable cardiac defibrillator (ICD) technology, "now is the right and critical time to focus on protecting the security and privacy of future implantable devices."
Using an antenna, radio hardware and a PC, they found that a hacker could indeed violate the privacy of patient information and medical telemetry of Medtronic's ICD, since the ICD wirelessly transmits patient information without encryption.
A hacker "could intercept wireless signals from the ICD and learn information including: a patient's name, medical history, date of birth and so on," the authors write.
Such a person could turn off or modify settings stored on the ICD, incapacitating the device so it can no longer respond to dangerous cardiac events. A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, which is often lethal, the authors report.
The team proposed three approaches for increasing the safety of the devices, using WISP technology from Intel Research. They explain that some implantable devices, such as pacemakers and ICDs, have non-replaceable batteries. When batteries are low, the entire implantable devices often need to be replaced. From a safety perspective, it is critical to protect the battery life on these devices. Therefore, all three defense approaches use zero-power: they do not rely on the IMD's battery but rather on power from external radio frequency signals.
The first zero-power approach uses an audible alert, warning patients when a hacker attempts to wirelessly communicate with their IMD. The second approach shows that it is possible to use cryptographic (secure) authentication methods using RF power. (The researchers said they purposely did not reveal details of how this might work.)
The third zero-power approach presents a new method for communicating cryptographic keys--sophisticated passwords--so that people wearing the implanted devices can actually "hear or feel" when a hacker tries to disrupt their IMD.
The authors conclude, "We strongly believe that nothing in our report should deter patients from receiving these devices if recommended by their physician."
Meanwhile, Medtronic said in a statement that the company is continuing to come up with new designs to improve security of its cardiac devices.
The May 2008 paper appears on the website: www.secure-medicine.org. (Also see the Medical Device Security Center homepage).