Image Credit: Bethesda
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Researcher Turns Pacemakers Into Mass Murder Machines

This article is over 11 years old and may contain outdated information
image

A computer security services researcher has some bad news for people with pacemakers.

Barnaby Jack of IOActive made a rather stunning announcement today at the Breakpoint security conference in Melbourne, Australia. He’s figured out how to reverse-engineer pacemaker transmitters to deliver hacked firmware to any compatible devices within a 30 foot range, which can force them to deliver electric shocks of up to 830 volts. He’s only done it with one brand of pacemaker, which he declined to name for obvious reasons, but said that it opened the door to “anonymous assassination” and, in a worst-case scenario, even mass murder.

It seems that the pacemakers in question have a “secret function” that, when activated, causes them to return model and serial number information to a remote terminal, which Jack said provides “enough information to authenticate with any device in range.” The function is presumably intended for diagnostic purposes, but he discovered that they have no encryption and even found user names and passwords for what is apparently the manufacturer’s development server.

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer,” he said. “The compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range.”

That “compromised firmware” would let the controller do all sorts of unintended and unpleasant things with and to the pacemakers, including delivering some serious electric shocks. “With a max voltage of 830 volts, it’s not hard to see why this is a fairly deadly feature,” he continued. “Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop.”

It sounds like one of those things that’s all theoretical and speculative, but the fact that Jack was able to show his super-villain stunt in action is more than a little disconcerting. I suppose we should be thankful to all involved that his demonstration video hasn’t been released to the public, but hopefully he has at least brought it to the attention of the manufacturer – and that other pacemaker manufacturers are paying attention too.

Source: SC Magazine

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy