Now heart devices in danger of an attack by hackers
Pacemakers are vulnerable to cyber attacks by hackers, according to a new report by america’s health watchdogs.
The threat was highlighted in a nightmare scenario outlined in guidelines published by the Us Food and Drug administration to help manufacturers combat potential hackers.
It says that implantable devices, including pacemakers, defibrillators and insulin pumps operating with the help of so-called cloud-based networks, are at risk.
In its report, the FDa describes a possible situation where a manufacturer is warned that a pacemaker, for instance, ‘can be reprogrammed by an unauthorised user’.
‘If exploited, this vulnerability could result in permanent impairment, a life-threatening injury or death,’ it continues.
The concern has grown as manufacturers increasingly load the devices with software to improve performances and gather real-time data.
Researchers fear hackers could use the loophole for blackmail or even murder.
In the second series of the popular TV drama, Homeland, terrorists were leaked a serial number so they could hack into the pacemaker of VicePresident William Walden and send it into overdrive, killing him.
The fictional plot is understood to have been
‘This could result in permanent impairment’
inspired by former Vice-President Dick Cheney’s decision to have the wireless reprogramming disabled on his implanted defibrillator to prevent hacking in 2007.
In october, Johnson & Johnson issued a warning about a potential cybersecurity issue with its insulin pump, saying hackers could take control of the device, which is used to control diabetes. via its unencrypted radio frequency communication system. This allows it to send commands via a wireless remote control.
While the medical giant said the risk was low, experts believe it was the first time a manufacturer had issued such a warning to patients.
experts say that in recent years a community of diabetes pump hackers has emerged, chiefly to tweak their own devices. Dosing a patient with too much insulin could cause hypoglycemia, or low blood sugar, which in extreme cases can be life threatening.
In august, a cyber security research firm went public with allegations of potentially deadly cyber vulnerabilities in heart devices made by a Us company.
The manufacturer insisted the allegations were false, but the FDa launched an investigation.
The FDa said it knows of no cases where hackers have exploited cyber vulnerabilities to harm a patient. But a spokeswoman said: ’as hackers become more sophisticated, these cybersecurity risks will evolve.’