Could hackers attack medical devices?

Apr 10, 2012

Security researchers have found that they can take control of wireless medical devices like pacemakers.

Medical devices can make life much easier for people with long-term health problems. For example, insulin pumps allow diabetic people to get a steady flow of insulin, instead of having to inject themselves with it through the day.

Some of these devices allow patients or doctors to control them wirelessly. Diabetics can use a wireless controller to receive extra insulin after a meal, while devices like pacemakers which go inside the body could not be accessed easily without wireless technology.

But there are risks to going wireless. Wireless messages can be plucked out of the air, or faked by an attacker. Many wireless systems, such as mobile phones and wifi networks, protect against this by encrypting what they broadcast. However, encryption uses computing power, and computing power needs electricity, so encryption would drain the batteries that are, in some cases, keeping patients alive.

Because medical devices are not secured, researchers were able to grab the signal used to turn implanted heart defibrillators on and off and use them themselves. Another group were able to prompt insulin pumps to deliver all their insulin at once - which, if the pump was connected to a person, would be fatal.

The researchers say that patients are still much better off with these devices than without, but that security should be considered when designing future devices. There have been no reports of a medical device being hacked when in use.