Forum Thread: Is Hacking Implanted Medical Devices the Next Big Cyber Crime?

Is Hacking Implanted Medical Devices the Next Big Cyber Crime?

Those of you who are fans of the Showtime TV show Homeland remember the episode last season when the main character, Nicholas Brody, had the pacemaker of the Vice President hacked. He chose this method of assassinating a man he felt deserved it, while leaving no trace of his involvement.

Well, that might not be too far from reality.

In a recent interview, former VP of the U.S., Dick Cheney, stated that he had the wireless access to his heart pacemaker disabled to prevent just such an assassination attempt.

Proof of Concept

Although there has never been a documented case of a medical device being hacked, numerous researchers have proven that such a hack is not only possible, but could be fatal.

As early as 2008, a group of researchers at Beth Israel Deaconess Hospital showed that they could hack a heart defibrillator/pacemaker and reprogram it to shutdown or deliver a fatal jolt of electricity to the heart. More recently, Barnaby Jack was able to override the radio signal on an insulin pump and have it dump a lethal dose of insulin to the patient.

Outdated Software

Many of these medical devices run on old and outdated versions of Windows that have numerous security vulnerabilities, as the Null Byte community knows all too well.

Because these devices must be approved by the FDA, if they update their software they must once again go through the long and expensive process of FDA approval. As a result, they stick with these easily hacked operating systems.

In June of last year, ICS CERT—part of the U.S. Homeland Security Department—identified over 400 security holes in these implantable medical devices.

An IDS for Medical Devices

A team of researchers at the University of Michigan recently designed a system for detecting malware on medical devices, called WattsUpDoc. It's a kind of intrusion detection system (IDS) that attempts to detect malware on implanted medical devices by monitoring tiny changes in power consumption. How long before such IDS's will be required on implanted medical devices?

Although, the hacking of medical devices is still a relatively new field and concept, I don't believe it will take long before we see this as a new type of cyber crime. Imagine if someone could hack your pacemaker and "hold" it for ransom? You might be willing to pay any amount!

In addition, the possibilities for use in cyber warfare should not be underestimated as more and more individuals have digital medical devices such a insulin pumps, heart pacemakers, cochlear implants, etc. Such a hack could disable a significant portion of the populace.

Pacemaker and x-ray image via Shutterstock

13 Responses

Now this is an appropriate Halloween post. Ultimately, what keeps me sane is knowing that in order to gain an appreciable amount of control of the system (enough to hold me hostage), someone would have to purchase and reverse engineer the device I was wearing. I am quite broke and unimportant so I doubt anyone would attempt this on me. This is not really going to be a worry then of the average joe. However, if someone did happen to be a good target, this could be a very real threat.

Full disclosure BTW, I do not have one of the above devices.

Why on earth would personal med device like these are required a connection to receive and sending radio waves?.

They have wireless connections to enable the doctors to manage them. For instance, to change the voltage on a pacemaker.

sorry for disturbing you again.. :D i have installed kali linux on Java VM Machine. maybe that's why i can't do everything correct? what do you think?

Giorgi:

A Java VM? Didn't you use Virtual Box?

OTW

yes.. Java VM. i didn't use Virtualbox :D

Giorgi:

Use Virtual Box, VMWare Workstation or Virtual PC.

VMWare Workstation is best, but Virtual Box is free and works OK.

OTW

with VMWARE workstation am i able to hack wi-fi? Coz Oracle Virtualbox couldn't recognize airmon-ng interfaces

Giorgi:

With VMWare workstation, you can hack wi-fi. You can as well with Virtual Box.

If using a virtualization software is giving you problems, you might try a dual boot system.

OTW

This is truly scary. And unnecessary. Who makes their life work about how to mess with people with health conditions?!?!

Mai:

Welcome to Null Byte!

Your point is well taken, but whenever something is possible, someone will do it. As I pointed out, VP Cheney, had his wireless connection to his pacemaker disconnected on the threat of assassination. People in powerful positions, as you know, are always under threat of assassination and Cheney had made a lot of enemies.

OTW

This is crazy and scary for the future of artificial and electrical implants. Not knowing or understanding the people that would want to hack these devices... but still a very interesting subject.

This reminds me of Jack Barnaby, and if he was alive today then I reckon there would be a documented occurrence of several pieces of medical equipment hacked.

Share Your Thoughts

  • Hot
  • Active