Hacker exposes pacemaker security flaws that allows deadly shock

Well-known hacker Barnaby Jack and recently named IOActive director of embedded device security has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to the heart its goal is to protect.

Jack shared minimal details of his research at the BreakPoint security conference in Melbourne, Australia, this week. Jack, whose previous work, including exposing flaws in ATMs  and car security, has been well publicized in detail, held back information in this case due to the severity of such a hack.

According to reports from  Melbourne, Jack said such attacks were as good as “anonymous assassination” and could result in “mass murder.”

The wireless attack allows access to pacemakers within 30 feet and rewrites their firmware. The specific pacemakers explored contained a “secret function” that could be used to activate all pacemakers and implantable cardioverter-defibrillators.

The security holes would allow for the medical devices to be turned off or sent 830 volts, inducing cardiac arrest or delivering shocks in loops.

Worse yet, the malware could be set to spread from pacemaker to pacemaker once ID numbers of the devices were obtained.

Jack did not release the brand of pacemaker he worked on. He believes the pacemaker’s designer need to take responsibility for the flaws, claiming fail safes are not being engineered in as they should.

What do you think? Is this an extreme example of wireless security flaws or poor medical device design decisions? Could this present a possible larger security breach, for example, allowing attacks on national leaders who use pacemakers? Share your thoughts below.