Hackable Medical Devices
By Colin Son
As we become more and more reliant on active, implanted biotechnology the opportunities for malicious manipulation of such rise. The hacking of medical devices isn’t a new threat. I’ve commented on it, as have publications more prominent than this blog. The issue has taken on enough of intellectual seriousness that it has prompted the creation of a multi-institutional center, the Medical Device Security Center. In 2008 that group published a method of wirelessly accessing information from some models of pacemakers and then injecting active attacks to change the performance of the pacemakers. After publication they presented the same at Defcon.
At the Black Hat Conference last year an independent researcher presented a theoretical method of wirelessly changing the serum glucose readings of an implanted diabetic pump.
An attacker could intercept wireless signals and then broadcast a stronger signal to change the blood-sugar level readout on an insulin pump so that the person wearing the pump would adjust their insulin dosage. If done repeatedly, it could kill a person. Radcliffe suggested scenarios where an attacker could be within a couple hundred feet of a victim, like being on the same airplane or on the same hospital floor, and then launch a wireless attack against the medical device. He added that with a powerful enough antenna, the malicious party could launch an attack from up to a half mile away.
The most recent, highly publicized hack devised by researchers is one concerning implantable cardiac defibrillators.
In 2006, the U.S. Food and Drug Administration approved full radio-frequency based implantable devices operating in the 400MHz range, Jack said.
Any attacks on medical devices requires more than a common level of expertise but to one dedicated probably something within the ability to be self taught. There are much bigger public health issues, even within the biotechnology sphere, including the function and operating safety of such but this remains a scary prospect and one that deserves more attention. Medical device makers need to put more into the security of these devices and the FDA needs to place a focus on making sure device makers are doing such.
Colin Son is currently a neurosurgical resident. Earlier in life he was sure I wanted to be a screenwriter and went away to USC’s School of Cinematic Arts. Film school is awesome, no doubt, but he soon realized that for a career he wanted something a little more substantial. Such led him to medical school. Following my M.D. he did a year of general surgery training before matching into neurosurgery. He blogs at Residency Notes.