Disheartening news: A pacemaker can be hacked

SACRAMENTO—It's not something your doctors want you to worry about. Really. Still, it's unsettling: With enough time, energy and expertise, a pacemaker can be hacked.

Implanted devices that keep ailing hearts beating steadily need better protection, the team that hacked into one is telling regulators and manufacturers.

"This is not an important risk for patients right now," said Dr. William Maisel, a Harvard cardiologist. "We just want the industry to be thoughtful about where we as a society are going with these devices."

Maisel worked with computer experts from the University of Massachusetts at Amherst and the University of Washington to demonstrate that an implantable defibrillator could be altered remotely to deliver a dangerous shock or withhold a potentially lifesaving one. The group presented its findings at a recent symposium on security and privacy in Oakland.

It's a timely subject. The electronic gear that can be put inside the human body is becoming more versatile and easier to operate from afar. There is no known case of malicious tampering with a device inside someone's body.

The Medical Device Security Center, a collaboration of researchers from three universities, tinkered with one after buying $30,000 worth of commercially available equipment to assist the hacking. They ran tests that deduced how a particular defibrillator worked. They used that information to alter it from less than an inch away. Potentially, they said, an attacker could disrupt heartbeats, dangerously drain a battery or even extract private medical information.

The group suggests various strategies, including making implants better able to recognize unauthorized signals and capable of alerting patients to unwanted interference.

Original here