‘Cyber’ Attacks On Your Heart? Scientists Test The E-Security Of Pacemakers [Video]
Most people worry about someone hacking their Facebook accounts or personal computers, but what if a cyber criminal could strike at our very hearts...or more specifically, heart pacemakers?
While this sounds more like science fiction or a plot from the TV show Homeland, a team of engineers has caught a security vulnerability in the life-saving devices that hackers might manipulate in the future. Implantable cardiac defibrillators (ICDs) and artificial pacemakers are used to treat irregular heartbeats. These small devices are inserted in the chest or abdomen, and whenever the heart loses its rhythm, they provide a little shock to re-establish the right beat. Over 100,000 implants are performed each year.
The risk was found in 'analog sensors' that translate the natural electricity patterns emitted by the heart into digital information for the microcomputers in the pacemakers/ICDs. The researchers discovered that electromagnetic radio waves could be used to interfere with the sensors and ultimately induce an erratic heartbeat. But they also found that it would be extremely difficult for a hacker to do this in the real world today. The source of the interference had to be fairly close to the medical device, within 2 inches. The authors, however, worry that a clever hacker could capitalize on the defect in the future.
"Security is often an arms race with adversaries," said co-author Dr. Wenyuan Xu, an assistant professor of computer science and engineering at the University of South Carolina. "As researchers, it's our responsibility to always challenge the common practice and find defenses for vulnerabilities that could be exploited before unfortunate incidents happen."
The pacemaker/ICD tests in this study were conducted in an electronics laboratory and not on devices in living human beings. The investigation was led by Dr. Kevin Fu, associate professor of electrical engineering and computer science at the University of Michigan.
Other consumer products — Bluetooth headsets and web-based phone call applications like Skype — were also found to be at risk because of analog sensors in microphones. The researchers were able to screw with a simulated Bluetooth call to an automated banking line and switch the call language from English to Spanish. In another trial, they manipulated a web-based phone call so a listener heard Weezer's song 'Island in the Sun' instead of a caller's voice.
The researchers were quick to point out that no case of 'heart-hacking' has ever been reported, even though previous vulnerabilities have been cited. Last autumn, famed tech wizard Barnaby Jack rewired a pacemaker transmitter, so it could tell similar heart devices within a 30-foot range to deliver an 830-volt jolt to their hosts. The findings will be presented by Denis Foo Kune, postdoctoral researcher and visiting scholar at the University of Michigan, on May 20 at the IEEE Symposium on Security and Privacy in San Francisco.