Potentially “fatal” security flaws: Hackers could gain control of medical implants
No, those doctors who years ago shut down the wireless functionality of US vice president Dick Cheney’s heart implant weren’t being paranoid. Recent research has found that hackers could use cheap off-the-shelf equipment to take over various medical implants through software vulnerabilities.
A team of researchers from the UK and Belgium has discovered that 10 different medical implants were affected by potentially “fatal” security flaws in the software used for updates and patient data readings, according to Digital Trends, which cites a scientific report (PDF).
The researchers used “inexpensive Commercial Off-The-Shelf (COTS) equipment” to hack into devices, change their settings, and even shut some of them down. They could also exploit the vulnerabilities to see sensitive medical information about the patient.
The report didn’t name the manufacturer, but said the products are widely used. It also mentioned that the security holes have since been patched.
“We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices,” the researchers wrote. Attackers would still need to have their equipment within five meters of the targeted devices, though.
Cyberattacks could even kill a patient
The study rings an alarm about the need to have thorough security mechanisms in place to protect smart medical devices, as attacks could potentially have fatal consequences. For example, according to the report hackers could remotely change the commands for devices such as pacemakers to alter the way they work and even cause deadly shocks to the heart.
Researchers were also able to quickly drain the battery of an implantable defibrillator, which would also put a patent’s life at risk.
Vulnerable medical equipment such as defibrillators could even be used to conduct denial of service attacks, the report said.
It is not the first time that connected medical equipment was found to be vulnerable to cyberattacks. Recently, Digital Trends reported that hackers could gain control of an insulin pump and harm diabetic patients by triggering an overdose.
Of course, this doesn’t mean you should automatically switch to panic mode when you see a smart medical device. After all, they are meant to do us good and most of the time that’s exactly what they do. With smart, connected objects popping up all around us, research like this is helping doctors and medical device manufacturers realize that IoT security is crucial in healthcare.