Is Hacking Implanted Medical Devices the Next Big Cyber Crime?
Those of you who are fans of the Showtime TV show Homeland remember the episode last season when the main character, Nicholas Brody, had the pacemaker of the Vice President hacked. He chose this method of assassinating a man he felt deserved it, while leaving no trace of his involvement.
Well, that might not be too far from reality.
In a recent interview, former VP of the U.S., Dick Cheney, stated that he had the wireless access to his heart pacemaker disabled to prevent just such an assassination attempt.
Although there has never been a documented case of a medical device being hacked, numerous researchers have proven that such a hack is not only possible, but could be fatal.
As early as 2008, a group of researchers at Beth Israel Deaconess Hospital showed that they could hack a heart defibrillator/pacemaker and reprogram it to shutdown or deliver a fatal jolt of electricity to the heart. More recently, Barnaby Jack was able to override the radio signal on an insulin pump and have it dump a lethal dose of insulin to the patient.
Many of these medical devices run on old and outdated versions of Windows that have numerous security vulnerabilities, as the Null Byte community knows all too well.
Because these devices must be approved by the FDA, if they update their software they must once again go through the long and expensive process of FDA approval. As a result, they stick with these easily hacked operating systems.
In June of last year, ICS CERT—part of the U.S. Homeland Security Department—identified over 400 security holes in these implantable medical devices.
A team of researchers at the University of Michigan recently designed a system for detecting malware on medical devices, called WattsUpDoc. It's a kind of intrusion detection system (IDS) that attempts to detect malware on implanted medical devices by monitoring tiny changes in power consumption. How long before such IDS's will be required on implanted medical devices?
Although, the hacking of medical devices is still a relatively new field and concept, I don't believe it will take long before we see this as a new type of cyber crime. Imagine if someone could hack your pacemaker and "hold" it for ransom? You might be willing to pay any amount!
In addition, the possibilities for use in cyber warfare should not be underestimated as more and more individuals have digital medical devices such a insulin pumps, heart pacemakers, cochlear implants, etc. Such a hack could disable a significant portion of the populace.