August 11th, 2008
Heart pacemakers vulnerable to attack
Technology failures, design flaws, and software bugs can be found in the most unexpected places. Now, researchers have developed a method for remotely compromising heart pacemakers surgically implanted in a patient’s chest.
The Medical Device Security Center describes the vulnerability in a paper titled, “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses“:
Our investigation shows that an implantable cardioverter defibrillator (1) is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry, and (2) may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered. Moreover, standard approaches for security and access control
According to Wikipedia, implantable cardioverter-defibrillators (ICD) are:
‘[S]mall battery-powered electrical impulse generator which is implanted in patients who are at risk of sudden cardiac death due to ventricular fibrillation. The device is programmed to detect cardiac arrhythmia and correct it by delivering a jolt of electricity. In current variants, the ability to revert ventricular fibrillation has been extended to include both atrial and ventricular arrhythmias as well as the ability to perform biventricular pacing in patients with congestive heart failure or bradycardia.
The paper adds:
ICDs have modes for pacing, wherein the device periodically sends a small electrical stimulus to the heart, and for defibrillation, wherein the device sends a larger shock to restore normal heart rhythm.
Here’s a picture of a pacemaker device (scale in centimeters). [The picture is for illustration purposes only; according to one commenter, Guidant pacemakers are encrypted and therefore not subject to the exploits described in this post. Since encryption can be broken, verifying this claim would require careful analysis.]
The research team consists of people from both medicine and computer technology:
Our investigation was motivated by an interdisciplinary study of medical device safety and security, and relied on a diverse team of area specialists. Team members from the security and privacy community have formal training in computer science, computer engineering, and electrical engineering.
The extensive list of specific vulnerabilities could lead to life-threatening scenarios:
- Triggering ICD identification
- Disclosing patient data
- Disclosing cardiac data
- Changing patient name
- Setting the ICD’s clock
- Changing therapies
- Inducing fibrillation
- Power denial of service attack
As technology proliferates through our daily lives, risks associated with poor planning, lack of testing, and failed implementations also increase. In many cases, however, we cannot reasonably expect product designers to foresee the future technology environments into which their products may be placed.
The researchers summarized the problem:
Our research into implantable cardioverter defibrillators has demonstrated failure modes that do not appear to be addressed by some present-day design strategies and certification processes.
Note to pacemaker patients: these exploits are based on laboratory experiments only. The authors emphasize that, to their knowledge, no IMD patient has ever been harmed by a malicious attack.
[Via Zoliblog. Broken heart image via IrishHealth.com. Pacemaker image via Wikipedia Commons.]
Michael Krigsman is CEO of Asuret, Inc., a software and consulting company dedicated to reducing software implementation failures. Click here to discuss this post with him on Twitter. See his full profile and disclosure of his industry affiliations.
Subscribe to IT Project Failures via Email alerts or RSS.
| 08/11/08
