Pacemakers can be remotely pwned

Kevin Fu (associate prof at the UMass Amherst/director of the Medical Device Security Center) gave a Black Hat presentation in Vegas yesterday in which he demonstrated a way of remotely disabling a pacemaker, using open radio technology. It sounds like other implantable devices, like those used for auto-administering drugs, would also be vulnerable to the attack. The attack relies on the fact that the control protocol for these devices does not use any cryptographic security — that sounds like it'd be easy enough to fix for future models. Not sure how you'd field-patch the 2.6 million devices that have already been… installed to date, though.

A computer acts as a control mechanism for programming the pacemaker so that it can be set to deal with a patient's particular defribrillation needs. Pacemakers administer small shocks to the heart to restore a regular heartbeat. The devices have the ability to induce a fatal shock to a heart.

Fu and Halperin said they used a cheap $1,000 system to mimic the control mechanism. It included a software radio, GNU radio software, and other electronics. They could use that to eavesdrop on private data such as the identity of the patient, the doctor, the diagnosis, and the pacemaker instructions. They figured out how to control the pacemaker with their device.

"You can induce the test mode, drain the device battery, and turn off therapies," Halperin said.

Translation: you can kill the patient.

Defcon: Excuse me while I turn off your pacemaker, Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

(Thanks, Kiltak!)