Hacking a pacemaker

Hacking a pacemaker

Henry Dalziel | General Hacking Posts | October 22, 2012

Sad update to this blog post: our condolences to Jack Barnaby’s family for his untimely death.

Truly amazing, but a hacker with a laptop and a decent wireless card could remotely hack a pacemaker!

With hacking and exploits becoming a daily occurrence – it seems that this particular aspect (internal medical devices) had been overlooked. This vulnerability was highlighted at the Ruxcon BreakPoint security conference in Melbourne. The (main) point of the presentation was to raise awareness to safeguarding embedded medical device manufacturers – kinda greyhat style.

Besides reverse engineering a pacemaker to deliver a deadly shock from up to twenty meters away fifty – the speaker, Jack Barnaby from Risky Biz, also demonstrated how he could rewrite the devices’ onboard firmware. Jack also said it possible to upload malicious firmware to servers that would be capable of infecting pacemakers and ICDs. “We are potentially looking at a worm with the ability to commit mass murder,” Jack said. “It’s kind of scary.”

You can imagine how this could be used – even for assassination! The killer would leave no evidence – nothing – all the tools required would be a laptop and a chair at a local coffee shop, or airport departure lounge near their victim.

Apparently the FDA does test (human embedded) equipment but they do not audit, (nor likely even understand) the code that makes the thing work.

Leave a comment or reply below...thanks!