Pacemaker-hacking feels like a Hollywood plot. Assassinate someone by taking over the medical device that controls his heart? Surely that isn’t possible in the real world.
How to perform
Pacemakers could be infiltrated to deliver deadly shocks, according to a security expert. It wouldn’t be simple, but it offers the very James Bond-like possibility of anonymous digital assassination.
IOActive researcher Barnaby Jack demonstrated this capability at a security conference in Melbourne, according to Australia’s SC Magazine. He used a laptop to send a series of 830-volt shocks to a remote pacemaker, and used some sort of unclear “secret function” the pacemakers possess, which could be used to activate all pacemakers and implantable defibrillators within a 30-foot radius. The devices would give up their serial numbers, which would allow the would-be assassin to breach their firmware and upload nefarious malware that could spread to other pacemakers like a virus. The devices could also give up personal data, and even supposedly secure data from the manufacturer.
“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or [defibrillator] and then each would subsequently infect all others in range,” he reportedly said.
It wouldn’t be the first time a security expert showcased the vulnerability of these lifesaving devices. In one study four years ago, researchers from the University of Washington and University of Massachusetts figured out how to assume control of implanted pacemakers and obtain personal data. Other groups are working on ways to encrypt artificial organs and limbs.
Jack said he made the demonstration to alert device makers to insecurities.
The threat level
Probably limited to assassination targets. Think: high-profile people, who have pacemakers. It would be an elaborate attack, though, since you need more than just an internet connection to pull it off. Odds are that anyone interested in doing this could get a bomb or a pistol to the target cheaper and faster. This is Hollywood not because it’s impossible, but because it’s not very efficient.