Radio Controlled Pacemakers Are Easily Hacked

Doctors use RF signals to adjust pacemakers so that instead of slicing a patient open, they can change the pacemakers parameters which in turn avoids unnecessary surgery. A study on security weaknesses of pacemakers (highlights) or full Report (PDF) has found that pacemakers from the main manufacturers contain security vulnerabilities that make it possible for the devices to be adjusted by anyone with a programmer and proximity. Of course, it shouldn’t be possible for anyone other than medical professionals to acquire a pacemaker programmer. The authors bought their examples on eBay.

They discovered over 8,000 known vulnerabilities in third-party libraries across four different pacemaker programmers from four manufacturers.  This highlights an industry-wide problem when it comes to security. None of the pacemaker programmers required passwords, and none of the pacemakers authenticated with the programmers. Some home pacemaker monitoring systems even included USB connections in which opens up the possibilities of introducing malware through an infected pendrive.

The programmers’ firmware update procedures were also flawed, with hard-coded credentials being very common. This allows an attacker to setup their own authentication server and upload their own firmware to the home monitoring kit. Due to the nature of the hack, the researchers are not disclosing to the public which manufacturers or devices are at fault and have redacted some information until these medical device companies can get their house in order and fix these problems.

This article only scratches the surface for an in-depth look read the full report. Let’s just hope that these medical companies take action as soon as possible and resolve these issue’s as soon as possible. This is not the first time pacemakers have been shown to be flawed.

Swallow the Doctor — The Present and Future of Robots Inside Us

I recently finished the Silo series by Hugh Howey, a self-published collection of novellas that details life in a near-future, post-apocalyptic world where all that remains of humanity has been stuffed into subterranean silos. It has a great plot with some fun twists and plenty of details to keep the hacker and sci-fi fan entertained.

One such detail is nanorobots, used in later volumes of the series as both life-extending tools and viciously specific bio-weapons. Like all good reads, Silo is mainly character driven, so Howey doesn’t spend a lot of eInk on describing these microscopic machines – just enough detail to move the plot along. But it left me wondering about the potential for nanorobotics, and where we are today with the field that dates back to Richard Feynman’s suggestion that humans would some day “swallow the doctor” in a 1959 lecture and essay called There’s Plenty of Room at the Bottom.”

Continue reading “Swallow the Doctor — The Present and Future of Robots Inside Us”

Reusing an old pacemaker as a flash timer

pacemaker-flash-timer

Most people use pacemakers to, you know, keep their heart pumping at a steady rhythm. [David Prutchi] on the other hand has found a pretty novel use for some of the old pacemakers he has in his collection.

We really had no idea that pacemakers had uses outside the world of medicine, but [David] has taken advantage of their reliability in one of his favorite hobbies – high speed photography. In a darkened room, he set up an infrared barrier which feeds its signal to the atrium input of an old pacemaker. The signal is relayed through the ventricular output, which then fires his camera’s flash.

The pacemaker allows [David] to set an “AV” delay, which is the interval between when the atrium input receives an electrical impulse and when that signal is repeated from the ventricular output. This allows him to finely tune how much time elapses from when a drop of milk breaks the IR barrier to when his flash actuates.

We think this is a pretty cool way to reuse an old pacemaker, but check out the shots he has captured and judge for yourself.

Defcon 16: Pacemaker-B-Gone

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine’s reprogrammable functions, including accessing patient data and even turning it off.

Although this was only done with one particular pacemaker, it proves the concept and should be taken seriously by the medical companies who produce these devices. If you are interested in the technical aspects, check out the paper the team released in May disclosing the methods.