That is a VERY old pacemaker; pacemaker technology changes drastically every 6 months, so everything they learned with that one is moot. Those pacemakers used a wired magnetic transducer placed directly over the pacemaker for communication; the latest ones are wireless technology. Anyway, who would want to hack a pacemaker? The only worthwhile thing I can think to do with an old pacemaker is to use the titanium housing.

Posted at 10:01 pm on Aug 9th, 2008 by voodoo-chile

Technically this is an ICD (Implantable Cardioverter Defibrillator), not a true pacemaker, but it performs the same function with the addition it can defibrillate the patient if his/her heart starts fibrillating.

It’s a scary concept. I can already imagine some whacko getting a couple-kilowatt transmitter and a big antenna; then killing a few million people across the country by broadcasting the kill signal.

Posted at 10:25 pm on Aug 9th, 2008 by freyyr890

What the hell is wrong with you all? Its one thing to fuck with software and build cool things out of computer parts, but purposely trying to endanger someone’s life by ‘hacking’ a pacemaker, thats just fucking sick… This information should not be publicly displayed, and you should be held responsible if someone dies because of this!!!

Posted at 10:40 pm on Aug 9th, 2008 by MotoRider420

What the h### is wrong with you all? Its one thing to f### with software and build cool things out of computer parts, but purposely trying to endanger someone’s life by ‘hacking’ a pacemaker, thats just f###### sick… This information should not be publicly displayed, and you should be held responsible if someone dies because of this!!!

Posted at 10:42 pm on Aug 9th, 2008 by MotoRider420

@MotoRider420 – don’t you understand that the people who made this hack were trying to stop these kinds of attacks from happening?? by alerting the populace to the lack of security in pacemakers, they are forcing a reaction from the manufacturers and could save many lives in the process. Go read up on the history of encryption, the only way to properly make something secure is to make the method of security available to everyone.

Posted at 11:01 pm on Aug 9th, 2008 by Aion

@3: So you’re saying it’s better to just ignore critical security problems like this until somebody *does* actually kill someone this way? These researchers are not trying to commit murder; they are trying to demonstrate that the security of these devices is important and needs to be improved.

@2: You’re missing the point as well. For one thing, people who have a pacemaker implanted aren’t simply going to get a new one every single time the technology improves. Just because the particular pacemaker these researchers happened to show can be compromised is years old, that doesn’t mean that there aren’t a lot of people walking around with the same model inside of them. Furthermore, these researchers did not spend time reverse-engineering pacemakers because they actually want to read people’s medical information or kill them; they’re showing that this is a problem and that the security needs to be improved.

Investigating ways that something can be compromised doesn’t necessarily mean that you want it to be compromised.

You may find this insightful: http://www.schneier.com/blog/archives/2008/03/the_security_mi.html

Posted at 11:05 pm on Aug 9th, 2008 by Brian

@motorider420

Its not meant for black hattery, it’s meant to push the Medical companies to create safer products. What if the company producing these items suddenly wanted royalties from your usage and threatened to turn on the kill switch? What are your options there?

Posted at 11:17 pm on Aug 9th, 2008 by savant

Wow, this is some unsettling stuff. The high power transmitter scenario sounds a bit far fetched, since a bomb in a crowded area would be way simpler, and would kill a lot more people. But I can imaging people being assassinated with directional antenna’s this way, worst part is, assassins could reprogram the pacemaker afterward to make the death appear to be the result of a normal heart attack. Hell, for all we know, this is already being done. **adjusts tinfoil hat**

Posted at 11:34 pm on Aug 9th, 2008 by Wolf

this is definitly something that shouldn’t be taken lightly, but seriously and thoughtfully. it something that needs to be made known so that people are aware of the dangers and possible risks involved. kudos to the researchers who found this flaw and woe to the companies not immediatly fixing the issue.

Posted at 12:53 am on Aug 10th, 2008 by fever

@MotoRider420,

These researchers could have probably sold this information to some black ops group or used it in a harmful way themselves. Now if someone actually uses this attack, God forbid the medical companies don’t make the changes to protect against it, we will have a much greater chance of identifying it as a homicide and not just another heart attack or failed ICD.

Also, you shouldn’t smoke marijuana and ride motorcycles.

Posted at 3:05 am on Aug 10th, 2008 by bhelx

Oh. I did’t known that hacking is about killing people.

Posted at 6:36 am on Aug 10th, 2008 by harvie

Here’s a list of politicians and celebrities with pacemakers:
Dick Cheney, Former Indonesian President Suharto, former Senator Bob Dole, Sir Elton John, Senator George Voinovich, Italian President Ciampi, Les Paul, Silvio Berlusconi, to name but a few. Back in March, Australia radio reported that US researchers had hacked pacemakers. http://www.abc.net.au/pm/content/2008/s2190073.htm

Posted at 8:10 am on Aug 10th, 2008 by Marty Capella

You don’t need anything high tech to mess with pacemakers. At my Grandmother’s church they got a new keyboard and somebody said it was bothering their pacemaker.

Also it amazes me how many people on here are supporting security through obscurity.

Posted at 8:36 am on Aug 10th, 2008 by johnny

I guess most people don’t realize that a lot of security hacking is done not to benefit the hacker directly, but to further the common good. Not all hackers are black hats. Plus you make a good bit of money selling this to companies if they don’t want to have a chance at getting sued later on in the line when a malicious hacker figures out how to broadcast the kill signal.

Posted at 12:31 pm on Aug 10th, 2008 by Sam

@ #3/4 – You are the reason that they put an injunction on the MIT guys for publishing MTBA weaknesses. Do you think that freedom of speech ends when it’s inconvenient for someone else? Maybe you should be a Bush administration advisor. I’m sure you can equivocate for ages on how the first amendment only applies to your approved ideals.

Posted at 12:33 pm on Aug 10th, 2008 by M4CGYV3R

someone should take out Cheney with this.

Posted at 1:49 pm on Aug 10th, 2008 by richard

@motorider – please at least read before you make a ignorant post such as that. This is great informative news, exactly along the lines of security faults in Epassports and FastTrack passes. Security is the issue. Exposing flaws generates fixes. Have you ever heard of a bump key? Well thanks to efforts like this, a BUMP KEY is now considered a burglary tool (at least in California). Great Job Hackaday!

Posted at 4:51 pm on Aug 10th, 2008 by 36chambers

I was a software engineer for two different implantable devices. Yes, like anything else they are hackable. The older models (and newer ones) are very unlikely to have encryption or a ton of security, mainly because that adds complication and requires additional power. These devices are made to be as simple as possible because they have to be reliable and extremely small, on top of that they have to run on a battery for YEARS.

Yes, it is security through obscurity but obscurity doesn’t cost power, take additional space or add complexity.

But the main reason you shouldn’t be concerned about it, to communicate with the device, or to activate the wireless, you typically have to be within a few inches of the device. The wireless communications are very power hungry so typically they are only turned on by circuits that are passively powered or via magnets.

So yes, if some strange guy is holding a weird device over your chest maybe you have something to be concerned about.

Overall this story is mainly FUD. Modern pacemakers are extremely well engineered and the amount of testing that goes into them is impressive. It is one of the industries where a minor bug could easily turn into multimillion dollar lawsuits.

Posted at 11:10 am on Aug 11th, 2008 by jhaluska

@jhaluska

you may be right about the range limitation, but I’d be surprised if it wasn’t possible to build a very powerful focused transmitter that could open the distance to say 25 yards (remember those shopping cart wheel locker hacks a while back). It wouldn’t even have to be tiny, anything that could fit within one of those modern suitcases would probably be small enough.

Posted at 3:19 pm on Aug 11th, 2008 by Wolf

this is just plain sick! why would you even think of even trying something like this!

Posted at 11:51 pm on Aug 15th, 2008 by rujoesmith

@jhaluska,

You make very good points. You are right in saying that this hack is not immediately dangerous or anything to be worried about. I couldn’t see someone really getting away with this on a high profile person in it’s current state. But I think the story and the hack in general is more of a proof-of-concept to get people thinking about relying on electronic devices for their health. Who knows what kind of advancements in the medical technology may yield. It may soon be common to have multiple devices in your body monitoring your health and all of them with similar wireless access. It is then that these things should really be taken into consideration but we should at least begin to think about it now.

@richard,

Some government web crawler just put you on a terrorist watch list. You should spell it chaynee from now on.

Posted at 11:34 pm on Aug 17th, 2008 by bhelx

The thing is, anyone with a giant magnet could disrupt ANY pacemaker, defibrillator.

However, these things are easily programmed via a special magnet, and a computer.

This is typically proprietary technology, and hospitals employ contractors FROM the pacemaker companies to run the equipment with a cardiologist who’s an expert with electrical therapies of the heart.

I dunno what sort of thing hackers can do remotely. I mean, you do checkups by phone, and if a hacker knew you were on the phone doing a checkup, they could MAYBE affect your pacemaker. But PERFECT TIMING is of the essence, and this is FAR from a mass-pacemaker disruption.

If you take a giant magnet that is going to read and write to the pacemaker of many people, it’s going to disrupt them all in the first place.

There’s not much to fear, this is good progress, though, and I don’t think pacemakers are going to be the target of any sick fucks.

Posted at 11:00 am on Nov 10th, 2008 by Lank

I have a pacer, and i am VERY GLAD that these intelligent people are thinking a step ahead in order to save lives by thinking as the “bad guy” and then solving the problem to stop “him”.
Wheather or not this is actual, it is still very commending and thought-stimulating for those who in the future would devise medical equipment, in order to stop any would-be devious attacks on a patient’s life.
Thank you !

Posted at 9:24 pm on Dec 4th, 2008 by IIZZKK