Homeland Security News Wire – (International) Pacemakers, other implanted devices, vulnerable to lethal attacks. IT experts reported security flaws in pacemakers and defibrillators could be putting lives at risk, stating that many devices are not properly secured and therefore are vulnerable to hackers who may want to commit an act that could lead to multiple deaths, Homeland Security reported - 10 - November 28. The Sydney Morning Herald reported that a famous hacker hacked into a pacemaker in October at the Breakpoint security conference in Melbourne, Australia, and was able to deliver an 830-volt jolt to a pacemaker by logging into it remotely after hacking the device. He, however, did not reveal which models were vulnerable to hackers. The hack was possible because many implanted medical devices use wireless technology and authentication which uses a name and a password, which is the serial and model number of the device. According to the hacker, most medical devices are designed to be easy to access by a doctor who may need to change something quickly in case of an emergency. The hacker found secret commands that doctors use in order to send a “raw packet” of data over the airwaves to find any pacemaker or defibrillator in a specific range and have it respond with its serial and model number. The information allows a hacker to authenticate a device to receive data and perform commands, meaning they can send a command to jolt the heart of multiple devices and, in some cases, in a range of up to twelve meters. The U.S.Government Accountability Office released a report that highlighted problems with the security of medical devices, and called upon the Food and Drug Administration to ensure devices are secure from these attacks.
Ali Loney, on November 28, 2012