Hacked terminals capable of causing pacemaker deaths
October 18, 2012
X-ray of the thorax with an pacemaker in situ (credit: Lucien Monfils/Wikimedia Commons)
Barnaby Jack, a Research Architect with the TRACE research team at McAfee, has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware, SC Magazine reports.
In a speech at the BreakPoint security conference in Melbourne Wednesday, Jack said such attacks were tantamount to “anonymous assassination” and in a realistic but worse-case scenario, “mass murder.”
In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop.
The particular pacemakers contained a “secret function” that could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity.
Each device would return model and serial numbers. “With that information, we have enough information to authenticate with any device in range,” Jack said.
In reverse-engineering the terminals — which communicate with the pacemakers — he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server.
That data could be used to load rogue firmware which could spread between pacemakers.
“With a max voltage of 830 volts, it’s not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop,” he said.
Jack said his goal was not to cause harm, but to help manufacturers secure their devices.
Comments (11)
by Jan Parker
What possibly could lead you to publish this information? Talk about do no harm. I hate discussions about responsible tech, but really, don’t people with pacemakers have enough trouble without being afraid of anyone with a cell phone in the vicinity.
by Editor
We believe it’s essential to alert developers of biomedical devices as well as patients. Please be advised that we will continue to carry this kind of information (it’s likely to get worse). (This report has nothing to do with cell phones, by the way.)
by GAUSS
The dark side of computerization.
by Bri
Just wait till cell phones are the size of red blood cells. They’ll hack into them, have them move to the appropriate areas, and make us all jump into the sea like lemmings.
by Mr.X
@Bri: Just think about the possibilities this opens up for stalkers.Put a cell phone into her/his drink, activate it latter and call all day and night long.
by Bri
Doctor I keep hearing this ringing in my ears, and voices. They keep telling me to take all my money out of the bank and send it to….. If you think that’s bad, check out the Craig Venter article, about a DNA printer. Marcos talked about a modified Ebola virus, like in Craddle of Life. Opens up so many possibilities. Like the dessert scene in The Matrix Reloaded.
by DeBee Corley
It is so unfortunate that you just can’t email the manufacturer and tell them about their flaws.
You have to use a sledge hammer.
Then they whine…
by Gorden Russell
This is the only way we can protect ourselves from Darth Vader.
by DJSNOLA
My dad has a pacemaker. Dont think I will share this story with him. You could certainly see how someone very high profile could be assassinated with this method though.
by Bri
Has anybody told Dick Cheney?
by Gorden Russell
Dick Cheney is Darth Vader.