November 1, 2015 at 18:42Is it possible to crack a pacemaker: a brief history of the safety of medical devices
The fact that pacemakers are vulnerable began to be discussed back in 2008 , when a team of researchers managed to reprogram one of the devices remotely and “pull” the user's personal data out of it. It is emphasized that such an experiment, if the pacemaker was in operation, would have been fatal. A collection of links to documents and articles - under the cut.
Doctors issued a rebuttal , while naming manufacturers that had hacking protection at an acceptable level, calling the threat "hypothetical" rather than real.
For some time, those involved have disowned, and the story itself ceased to be duplicated, until in 2011 the series Homeland appeared at the box office., where the "hacked" pacemaker caused the death of the US vice president.
Then, in an interview, Dick Cheney, a former real US Deputy Prime Minister, admitted that he asked his attending physician to turn off all the wireless capabilities of his pacemaker.
Shortly thereafter, the Security Department shows a warning document ( pdf ), which for the most part contained the constants that many devices are vulnerable, and then a series of documents from the FDA appear that regulate cyber security issues in medical devices. However, there are also such phrases : the FDA recommends manufacturers to increase the security of their devices from third-party attacks in order to reduce the risks of equipment failure due to them.
The latest scandal surrounding a possible remote hacking of medical devices began to erupt after in September of this year, hackers controlled by medical institutions “killed” a mannequin, describing the hacking process in detail in a magazine ( PDF ).
This meant that neither the FDA recommendations ( PDF ), nor the safety analysis of devices ( PDF ), which came out several years and a year earlier, were accepted by any of the suppliers of medical equipment.
At risk are not only pacemakers, but all devices with remote wireless access. Wired writes about breaking infusion pumps. By the way, advice from the FDA immediately followed,quoted in Reuters .
The event around the "dead mannequin" is not the only thing that provoked a new wave of discussions on this issue. An ordinary American Marie Moe, having received her pacemaker and reading the instructions, was very worried about the possibility of Wi-fi access to her device. And this year, her problem will be discussed at the largest conference of hackers HACKLU-2015 .
At one of these conferences, Jack Barnaby , one of the most famous White Hackers, was supposed to speak , who in 2012 stated that you can kill a person with a pacemaker from a distance of up to 50 feet by “sending” 830 volts from a laptop. He owns a hacking projectinsulin pumps from up to 300 feet.
In 2013, he promised to demonstrate hacking pacemakers at a conference, but was found dead in his apartment a week before the event.
Currently, except for experimental cases, not a single attack on medical devices with a criminal purpose has been recorded, as well as for 30 years of using such devices. On average, over five million pacemakers are sold in the United States over five years.
Doctors issued a rebuttal , while naming manufacturers that had hacking protection at an acceptable level, calling the threat "hypothetical" rather than real.
For some time, those involved have disowned, and the story itself ceased to be duplicated, until in 2011 the series Homeland appeared at the box office., where the "hacked" pacemaker caused the death of the US vice president.
Then, in an interview, Dick Cheney, a former real US Deputy Prime Minister, admitted that he asked his attending physician to turn off all the wireless capabilities of his pacemaker.
Shortly thereafter, the Security Department shows a warning document ( pdf ), which for the most part contained the constants that many devices are vulnerable, and then a series of documents from the FDA appear that regulate cyber security issues in medical devices. However, there are also such phrases : the FDA recommends manufacturers to increase the security of their devices from third-party attacks in order to reduce the risks of equipment failure due to them.
The latest scandal surrounding a possible remote hacking of medical devices began to erupt after in September of this year, hackers controlled by medical institutions “killed” a mannequin, describing the hacking process in detail in a magazine ( PDF ).
This meant that neither the FDA recommendations ( PDF ), nor the safety analysis of devices ( PDF ), which came out several years and a year earlier, were accepted by any of the suppliers of medical equipment.
At risk are not only pacemakers, but all devices with remote wireless access. Wired writes about breaking infusion pumps. By the way, advice from the FDA immediately followed,quoted in Reuters .
The event around the "dead mannequin" is not the only thing that provoked a new wave of discussions on this issue. An ordinary American Marie Moe, having received her pacemaker and reading the instructions, was very worried about the possibility of Wi-fi access to her device. And this year, her problem will be discussed at the largest conference of hackers HACKLU-2015 .
At one of these conferences, Jack Barnaby , one of the most famous White Hackers, was supposed to speak , who in 2012 stated that you can kill a person with a pacemaker from a distance of up to 50 feet by “sending” 830 volts from a laptop. He owns a hacking projectinsulin pumps from up to 300 feet.
In 2013, he promised to demonstrate hacking pacemakers at a conference, but was found dead in his apartment a week before the event.
Currently, except for experimental cases, not a single attack on medical devices with a criminal purpose has been recorded, as well as for 30 years of using such devices. On average, over five million pacemakers are sold in the United States over five years.