The poor programming of wireless bedside transmitters in pacemakers and implantable cardioverter-defibrillators (ICDs) could lead to deaths, according to new research.
Wireless bedside transmitters are used to give instructions to pacemakers and ICDs to deliver an electric shock when any irregularities in the heart are detected, however, this could be exploited by hackers.
The study has found that the US Food and Drug Administration (FDA) looks at the medical effectiveness of devices, but not the security of a device’s code.
IOActive embedded device security director Barnaby Jack, who led the study, warned that security weaknesses in some devices could be exploited to give a deadly electric shock to the wearer.
With FDA-approved full radio frequency-based implantable devices operating in the 400MHz range, hackers can extract a device’s serial and model number and reprogramme the firmware of a transmitter to deliver a shock.
Jack demonstrated this weakness at the Ruxcon Breakpoint security conference in Melbourne, Australia, by giving an 830V shock to an ICD.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“My aim is to raise awareness of these potential malicious attacks and encourage manufacturers to act to review the security of their code, and not just the traditional safety mechanisms of these devices,” Jack said.
To overcome the remote attacks against the software, Jack is developing a new application with a graphical user interface, ‘Electric Feel’, allowing users to scan a medical device before use, reports PC Advisor.
The application will provide a list, through which a user can select a device, such as a pacemaker, which can then be shut off or configured to deliver a shock.