Fatal Flaws In 10 Pacemakers

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. IT security experts from Tripwire commented below.

Lamar Bailey, Sr. Director, Security R&D at Tripwire:

“Connected products from refrigerators to medical devices are on the cutting edge of technology but security is taking a backseat to features as companies pump out these products as fast as possible to meet market demands. It is reminiscent of the changes that automobiles have been going through since their inception. It was not until the late 1960’s that the US government had to step in and mandate safety standards.  We will likely see a similar trend with connected medical products if the industry cannot take care of it themselves.  It is not an easy problem to solve due to a shortage of quality security engineers and the fact that most of them have been snapped up by the computer industry.

This is a problem that must be solved because any medical device that communicates to other devices is subject to attack. Many of the medical devices including pacemakers, IV pumps, etc. communicate over wireless networks so that they can be monitored and adjusted in real time but this communication can be intercepted and man in the middle attacks are possible in many instances. Hospitals are busy places, the nurses and doctors are thinking about their patients not how secure the equipment is with all the people walking in and out of various rooms. Vendors must step up and insure their devices are secure and take steps to impede any unauthorized tampering.”

Tim Erlin, Sr. Director, Product Management at Tripwire:

“The best time to deal with security flaws is before the product ships to customers. With implantable devices, it’s especially important that as many security defects as possible be addressed before a patient takes delivery.

There will always be newly discovered attack techniques and motivated researchers. With a changing threat landscape, vendors of implantable devices must plan for updating their products throughout their functional life.”