Security Experts: Hackers Could Target Pacemakers

People these days may fear hackers are eyeing their home computers, their work computers or even the computers in their phones.

But computer security experts are worried about hackers who might one day go after computers in people's bodies. After all, medical devices designed to deliver medicine or help heart conditions are so high tech that experts consider them small computers with wireless capabilities that can run software.

"I think the risk to patients today is extremely low," said Dr. Tadayoshi Kohno, co-author of an article about the security of implantable devices published Wednesday in the New England Journal of Medicine.

"I would have no qualms about getting one of the devices on the market now if I needed them," Kohno said. "I think it's preparing for the unexpected [that matters]. ... The last thing we want is, in five or 10 years, to think, 'Oops we should have thought about security.'"

One such implantable device is an implantable cardioverter defibrillator, or ICD. More than 135,000 patients receive these defibrillators each year to prevent sudden heart attacks.

Doctors now can program ICDs to monitor someone's heart condition and send the right level of electrical shock to get the heart beating properly or deliver data about that person's heart rhythms to a doctor. But recently researchers have been able to demonstrate how a malicious hacker could potentially trigger the device to malfunction, delivering a dangerous shock.

What's more, people with ICDs often are public about them. Former Vice President Dick Cheney is one example of a high-profile American with a device.

Kohno and co-author Dr. William Maisel of the Cardiovascular Institute of Beth Israel Deaconess Medical Center in Boston have called for the U.S. Food and Drug administration regulate and to work with medical device manufacturers to stop potential security breaches in a variety of wireless, implantable devices such as pacemakers or insulin pumps.

The worry, according to Kohno, is of potential security leaks in an ever increasing network of wireless computers around us -- especially in devices most people don't think of as computers.

"We're seeing computers in our picture frames in our walls," Kohno said. "We're seeing computers in our cars. We are seeing computers in our bodies.

"As computers start surrounding us they start talking to each other," said Kohno, referring to wireless communication.

Hackers Can Get Into Cars, Too

The implications can be unexpected.

Take the case of a Texas man who police say used the Internet to remotely disable ignitions and set off car horns of more than 100 vehicles sold at his former workplace. The hack took advantage of a software program that is meant to aid repo services trying to retrieve cars.

"This is another example of how computers are everywhere, and we want to think about security beforehand rather than after," said Kohno. "When the Internet was designed, people didn't think about security, either, and when things happened it was, 'Oh, no,' and a struggle to catch-up."

Kohno and colleagues demonstrated several years ago how a hacker could send a dangerous jolt to a patient with an ICD if he or she got in range of the ICD's wireless signal -- which currently is limited to a single room.

Dan Kaminsky, director of penetration testing for IOActives, a Seattle based security company, agreed that the threat should not scare heart patients right now.

Page
  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
 
You Might Also Like...