The poor programming of wireless bedside transmitters in pacemakers and implantable cardioverter-defibrillators (ICDs) could lead to deaths, according to new research.

Wireless bedside transmitters are used to give instructions to pacemakers and ICDs to deliver an electric shock when any irregularities in the heart are detected, however, this could be exploited by hackers.

The study has found that the US Food and Drug Administration (FDA) looks at the medical effectiveness of devices, but not the security of a device’s code.

IOActive embedded device security director Barnaby Jack, who led the study, warned that security weaknesses in some devices could be exploited to give a deadly electric shock to the wearer.

With FDA-approved full radio frequency-based implantable devices operating in the 400MHz range, hackers can extract a device’s serial and model number and reprogramme the firmware of a transmitter to deliver a shock.

“Security weaknesses in some devices could be exploited to give a deadly electric shock to the wearer.”

Jack demonstrated this weakness at the Ruxcon Breakpoint security conference in Melbourne, Australia, by giving an 830V shock to an ICD.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“My aim is to raise awareness of these potential malicious attacks and encourage manufacturers to act to review the security of their code, and not just the traditional safety mechanisms of these devices,” Jack said.

To overcome the remote attacks against the software, Jack is developing a new application with a graphical user interface, ‘Electric Feel’, allowing users to scan a medical device before use, reports PC Advisor.

The application will provide a list, through which a user can select a device, such as a pacemaker, which can then be shut off or configured to deliver a shock.