Pacemakers 'Recalled' Amid Hacking Concerns
Around 465,000 pacemakers have been 'recalled' over hacking fears. However, the St Jude Medical brand devices will be patched with a software update rather than removed and replaced.
The pacemakers are radio controlled to allow doctors to alter the specific rhythm they aim for when regulating a heart beat. This radio control means doctors can adjust to the patients changing needs without the need to remove the pacemaker for alterations. That's important as the surgery for such a removal is inherently risky.
No Signs Of Hack Attacks
While the precise details haven't been revealed for obvious reasons, the way in which doctors can wireless issue commands to the pacemaker turns out to have a security flaw. That could allow a hacker to get unauthorized access and either switch off or adjust the pacemaker's rhythm, either of which is potentially fatal.
There's no evidence that any hackers were aware of the details of the vulnerability or have sought to exploit it. The manufacturers say the Department of Homeland Security concluded a successful attack would "require a highly complex set of circumstances." However, the risk is being taken seriously, given that a successful hacker could use the vulnerability to carry out an extortion scheme.
Doctors Must Issue Update
Two research firms have highlighted the potential weaknesses in the pacemakers. One took the unusual approach of not informing the manufacturers until after tipping off an investment firm, which then 'shorted' the manufacturer's stock: in effect betting that the price would fall. The researchers said the approach was justified because it caused a financial shock that better got the manufacturer's attention. (Source: theguardian.com)
The update must be issued by the healthcare professionals that fitted the pacemakers and have the ability to alter the settings. Users have been advised to talk to their doctors at their next scheduled visit. As well as the 465,000 pacemakers covered by the FDA 'recall', another 280,000 pacemakers fitted in patients outside the US could receive the update. (Source: cnn.com)
What's Your Opinion?
Does this sound like a serious risk or just a case of safety first? Should medical professionals face tighter regulations on the security of wirelessly-controlled medical devices? Is the risk of hacking an inevitable price for having smarter technology in healthcare?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Security by obscurity is no security at all
It's not a serious risk for anyone without a pacemaker, which I'm gonna guess the vast majority of shareholders in the companies that make pacemakers. So, tipping off an investment firm about the problem was a genius move. Money talks!
Even if there was little risk that someone with the knowledge necessary to hack into these pacemakers and is also a demented sicko, imagine the life change of someone who has a pacemaker learning about this threat. Without a good understanding of the threat, I imagine many would shrink under the threat, as little as it probably is.
seen this before
This very exploit was shown on the series 'Homeland' where a hacker killed the VP of the U.S. for political means. It's a known exploit.