Skip to main content

“Fatal” security bugs discovered in defibrillators and medical implants

1124645 autosave v1 pacemaker heart
Sunzi99/Wikimedia Commons
A team of researchers found several potentially “fatal” security flaws in 10 different medical implants.

Researchers at the University of Birmingham in the U.K. and the University of Leuven in Belgium discovered vulnerabilities in the software and signals that communicate with implant devices. The software is used to update the devices or gather data readings on a patient.

By tinkering with the bugs, the researchers were able to change the settings on the devices and in some cases shut them down entirely as well as steal sensitive medical data about the patient.

The device manufacturer name has not been disclosed but researchers said the bugs have since been patched by the maker before the research paper was made public. The researchers only studied one manufacturer but added that its products are widely used by healthcare professionals.

The remote software for medical devices like pacemakers helps doctors manage a patient’s condition and make sure they are working properly. However, the researchers were able to reverse-engineer the software and the signal it sends to eavesdrop on the communications and alter its commands.

According to the paper, the reverse engineering was carried out using “inexpensive Commercial Off-The-Shelf (COTS) equipment”.

“We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices,” they wrote. However, a hypothetical attacker, in most cases, would need to have their equipment within five meters of the actual devices to pull most of these attacks off, the research noted.

In one example, an attacker would be able to collect sensitive data readings about the patient and change the commands for a device like pacemakers to disable certain functions or deliver an unneeded shock to the person, which could be fatal.

In another attack, the researchers were able to keep an Implantable Cardioverter Defibrillator (ICD) turned on despite “standby mode” being selected. This would drain the battery much quicker than usual, putting the patient at risk.

It was even possible, the authors claimed, to conduct denial of service attacks using a flawed implanted defibrillator.

“It is clear that the consequences of all these attacks can be severe for patients,” wrote the authors.

Previous studies have suggested that it was possible to infiltrate the communications between medical equipment and their software. In October, hackers showed how it was possible to break into insulin pumps and alter the dosage. The findings led manufacturer Johnson & Johnson to issue a warning to patients.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Intel Core i9 CPUs are about to get hit with a downgrade, report says
Intel's 14900K CPU socketed in a motherboard.

High-end Intel CPUs are about to lose some significant performance, according to a new report from BenchLife (via VideoCardz). The outlet claims Intel has sent guidance to motherboard partners to implement the Intel Default Settings on Z790 motherboards, following a wave of reports of instability on recent high-end Intel CPUs.

According to the report, these default settings will enforce a PL2 of 188 watts. Intel maintains power limits (PL) for its processors. PL1 is the base power, or the power that the processor can sustain for long periods of time. PL2 is the maximum boost power, which the processor can hit for brief spurts when under a heavy load.

Read more
Best Buy laptop deals: Cheap laptops starting at $159
Apple M1 MacBook Air open on a desk with plants in the background.

If you’re looking for an affordable laptop, Best Buy is a great outlet to turn to. It carries some of the best laptops on the market, and often you’ll find many of the best laptop deals taking place at Best Buy. And while it’s a great place to land some savings on almost any device, including tablet deals, headphone deals, and smartwatch deals, the Best Buy laptop deals you can shop right now are worth taking a look at. Among them you’ll find many quality laptop options at some of the best prices we’ve seen, so read onward for more details. And if Best Buy doesn’t have what you’re looking for, you can check out some of the best Amazon deals and best Walmart deals, where you’ll also find a discounted laptop or two.
HP 14-inch laptop — $159, was $180

The HP 14-inch laptop is a fast and fun computing device. It's a great option for anyone searching the best laptops for high school students or the best laptops for college. It has an Intel Celeron processor and 4GB of system RAM that combine to push through homework assignments, work presentations, and hours upon hours of binge watching. The 14-inch screen sports HD resolution and makes this HP laptop a great way to enjoy movies, photos, and other digital content. The HP 14-inch laptop is able to reach up to 14 hours of battery life on a single charge, making it a great all-day option for people who like to do their work on the go.

Read more
Surfshark CleanWeb merges ad blocking and a VPN to stop hidden digital horrors
Surfshark CleanWeb combines a VPN and an ad-blocker for maximum privacy

While one could argue that internet browsing has never been anonymous or completely safe, there's no argument against the point that it's getting worse. Intrusive advertisements, corporate and e-commerce trackers, traffic tied to your home IP address, and phishing scams are just a few of the major headaches waiting for you when you browse. It's device-agnostic, as well. You'll be tracked and bombarded no matter what your device is, from a smartphone to a desktop computer. Worse yet, the tracking jumps between platforms in most cases, which is why you often see advertisements on social media and other websites for products you've viewed in the past. A VPN or virtual private network can help, but it won't stop everything. That is unless you use Surfshark CleanWeb, an excellent and more comprehensive online tool than free ad blockers and most comparable solutions. It blends the support of a powerful ad blocker and a VPN to give you some of the best coverage out there. Let's explore further, and we'll also discuss how you can save over 80% on one-year and two-year plans and get two months free.

 
What can Surfshark CleanWeb block?
Forget about intrusive ads and pop-ups on your devices — the Surfshark ad blocker stops them. It can also prevent annoying video ads on smart TVs, repeated cookie requests and pop-ups from your browser(s), and more. For example, once installed, Surfshark's CleanWeb 2.0 browser extension can warn you to prevent you from visiting malware-filled fake websites and protect you from hidden website data breaches.

Read more