Skip to main content

“Fatal” security bugs discovered in defibrillators and medical implants

1124645 autosave v1 pacemaker heart
Sunzi99/Wikimedia Commons
A team of researchers found several potentially “fatal” security flaws in 10 different medical implants.

Researchers at the University of Birmingham in the U.K. and the University of Leuven in Belgium discovered vulnerabilities in the software and signals that communicate with implant devices. The software is used to update the devices or gather data readings on a patient.

Related Videos

By tinkering with the bugs, the researchers were able to change the settings on the devices and in some cases shut them down entirely as well as steal sensitive medical data about the patient.

The device manufacturer name has not been disclosed but researchers said the bugs have since been patched by the maker before the research paper was made public. The researchers only studied one manufacturer but added that its products are widely used by healthcare professionals.

The remote software for medical devices like pacemakers helps doctors manage a patient’s condition and make sure they are working properly. However, the researchers were able to reverse-engineer the software and the signal it sends to eavesdrop on the communications and alter its commands.

According to the paper, the reverse engineering was carried out using “inexpensive Commercial Off-The-Shelf (COTS) equipment”.

“We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices,” they wrote. However, a hypothetical attacker, in most cases, would need to have their equipment within five meters of the actual devices to pull most of these attacks off, the research noted.

In one example, an attacker would be able to collect sensitive data readings about the patient and change the commands for a device like pacemakers to disable certain functions or deliver an unneeded shock to the person, which could be fatal.

In another attack, the researchers were able to keep an Implantable Cardioverter Defibrillator (ICD) turned on despite “standby mode” being selected. This would drain the battery much quicker than usual, putting the patient at risk.

It was even possible, the authors claimed, to conduct denial of service attacks using a flawed implanted defibrillator.

“It is clear that the consequences of all these attacks can be severe for patients,” wrote the authors.

Previous studies have suggested that it was possible to infiltrate the communications between medical equipment and their software. In October, hackers showed how it was possible to break into insulin pumps and alter the dosage. The findings led manufacturer Johnson & Johnson to issue a warning to patients.

Editors' Recommendations

Elon Musk says Neuralink will be like a ‘Fitbit in your skull with tiny wires’
neuralink progress update 2020

The world finally got a close look at the current state of Elon Musk’s Neuralink project, courtesy of a live demo Friday evening. The demo showed a new look for the device, a peek at the robot that would install it in a person’s brain -- and a pig with stage fright.
What is the Neuralink? What does it do?
As Musk explained, many neurological problems that people experience -- such as memory loss, depression, blindness, and seizures, to name a few -- are the result of electrical signals on the brain firing improperly. The Neuralink is an implant that directly interfaces with a person’s brain, reading signals from the brain, and even altering them to fix problems.

It’s essentially a “Fitbit in your skull with tiny wires,” Musk explained.

Read more
Watch now: Elon Musk’s brain-augmenting Neuralink live demo
What Is Neuralink

Watch Live! Elon Musk's Neuralink Demonstrates Its Brain To Machine Interface

We will finally get more details into Elon Musk’s brain-machine interface company, Neuralink, during a live webcast today, Friday, August 28. 

Read more
This tiny robot could help surgeons perform ultra-delicate procedures
Origami surgical robot

Origami Miniature Surgical Manipulator

It goes without saying that surgeons need steady hands. But how steady those hands need to be depends a lot on the kind of procedure the surgeons are carrying out at the time. An amputation might require less fine-grain, subtle precision than, say, a mastectomy. And a mastectomy might require less agonizing defusing-a-nuclear-bomb dexterity than minimally invasive laparoscopic surgery, in which tiny tools and an impossibly minuscule camera are inserted into a small incision to carry out an operation.

Read more