In a presentation at the BreakPoint security conference in Melbourne, IOActive researcher Barnaby Jack described an attack on pacemakers that could, he says, deliver lethal shocks to their owners. Jack claims that an unspecified pacemaker vendor's devices have a secret wireless back-door that can be activated by knowledgeable attackers from up to 30 feet away, and that this facility can be used to kill the victim right away, or to reprogram pacemakers to broadcast malicious firmware updates as their owners move around, which cause them to also spread the firmware, until they fail at a later time. Darren Pauli from Secure Business Intelligence quotes Jack as saying,
“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,” Jack said.
He was developing a graphical adminstration platform dubbed “Electric Feel” which could scan for medical devices in range and with no more than a right-click, could enable shocking of the device, and reading and writing firmware and patient data.
“With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop," he said.
Manufacturers of implanted devices have been resistant to calls to publish their sourcecode and to allow device owners to inspect and modify that code, citing security concerns should latent vulnerabilities be exposed, and put implantees at risk. But as Jack's presentation demonstrates, vulnerabilities can be discovered without publication -- and if they are discovered and not disclosed, they may never be patched (or may not be patched until coming to light in some kind of horrific attack). In other words, secrecy helps bad guys, but keeps good guys and innocent bystanders in the dark.