Heart Pacemakers Extremely Susceptible To Hacking, Study Says

As many devices, including essential ones like heart pacemakers become smarter, they are also exposed to the risks faced by smart devices. WhiteScope, a security company found 8,000 bugs in programmer tools, which could provide hackers access to pacemakers.

This means hackers would be able to interfere with a pacemaker, adjust it, monitor it, and even making it stop. The company examined four pacemaker programmers from four different manufacturers and found none was safe from hackers. Third-party libraries could be used to store data, which led to around 8,000 known vulnerabilities in such devices.

Read: South African Hospital Implants World's Smallest Pacemaker, Called Medtronic Micra Transcatheter Pacing System (TPS)

“Introduction of counterfeit firmware for a home monitoring device would require an attacker to obtain the firmware, reverse engineer the firmware, identify functionality within the code to modify, modify the code in a manner that creates the desired effect without breaking other subsystem functionality, repackage the firmware and distribute the firmware to home monitoring devices. As such, vendor evaluation of security controls should be in the context of patient care benefits and risk analysis while examining from a holistic perspective,” the company said in its press release.

While pacemakers have become smart at data gathering and transfer, providing previously unavailable data, they are yet to have any of the security protocols that are generally associated with smart devices — for example, any pacemaker can be reprogrammed using a pacemaker programmer from any other similar device from the same manufacturer, since pacemaker programmers do not authenticate individual devices.

They also do not authenticate the physician examining the data, which means the data can be accessed by anyone who knows the basic features and functioning of pacemakers. Even the files used to store the data are unencrypted and removable, which makes data tampering very easy for hackers.

This information, in the wrong hands, could mean severe risk for the patient using such devices. In the current environment, it is not tough to imagine what the data and control of pacemakers could mean for users. If a hacker gets hold of such data, he/she could sell it off, make it public or even tamper with the functioning, such as stopping the pacemaker’s functioning, which would potentially have fatal effects on the patient. Hackers might also remotely be able to encrypt the pacemakers and only unencrypt them for a ransom.

Read: Dick Cheney Deactivates Pacemaker Wi-Fi: Former VP Felt Threatened By Hackers, Wanted To Avoid 'Homeland'-Style Assassination

The report calls for pacemaker manufacturers to implement stricter standards and put in safeguards which could help treat weaknesses in the pacemaker ecosystem. Regular security checks for such devices and more importantly, regular software updates to fix vulnerabilities and bugs on such devices is the need of the hour.

For customers, it is advisable to acquire the knowledge of the security protocols implemented on such devices, before investing in them.