Digital electronic technology has made modern medical miracles possible. We now have “smart” connected devices that can be implanted inside our bodies to provide tracking and treatment for a variety of chronic conditions and diseases. But this technology is a double-edged sword; unless implemented correctly, these devices can be both a benefit and a risk.
Researchers in Belgium and the UK recently published a paper describing how they were able to gain unauthorized access to medical implants. They focused on implantable cardiac defibrillators (ICDs) that are designed to be programmed using proprietary wireless radio communication. These can be controlled at a distance of up to 15 feet or more. Using readily available off-the-shelf equipment, the researchers were able to reverse engineer the proprietary communications protocol. They were able to scramble the transmitted data, and were able to initiate Denial-of-Service (DoS) attacks on the implants. They were able to demonstrate that at last 10 different types of ICDs on the market are susceptible to such hacks, with the potential of putting the patients at risk.
This research sheds light on an area of growing concern, not just for medical devices but for all connected devices in the Internet of Things (IoT). The Mirai DDoS attack from last fall demonstrated how simple devices such as baby cams can be commandeered for unintended purposes. Manufacturers have not done enough to build security features into their connected devices, and nowhere are the consequences of greater concern than with medical devices. We expect to see security issues be a topic of greater concern in the coming years, as government, professional, consumer, and industry groups demand greater protection from malicious attacks.