Pacemaker Hack: Wireless Flaw Exploited by Expert

According to a new report, weak software programming by medical companies could allow a hacker to deliver a fatal shock to a heart patient.

The report is based on research by Barnaby Jack, a security analyst for IOActive who specializes in threats to medical technology.

In a recent presentation at the Breakpoint Security Conference in Melbourne, Australia, Jack said that programming flaws associated with the wireless transmitters that send data to pacemakers could be exploited by hackers.

According to Jack, hackers could exploit this vulnerability in a way that "could definitely result in fatalities." (Source: computerworld.com)

Hack Sends 830-Volt Shock Through Pacemaker

Jack demonstrated how such an attack could be carried out by delivering an 830-volt shock to a pacemaker using a laptop computer. Witnesses reported hearing a clear, audible "pop" as a massive current was sent through the device.

Jack says the problem lies in the wide frequency range used by pacemaker transmitters. (Source: popsci.com)

After examining these transmitters, Jack found it was relatively easy to exploit the programming weakness and acquire critical information about the devices, down to specific serial and model numbers.

Having this information a hacker could alter the firmware within a transmitter, thereby directly affecting a pacemaker's functionality.

Expert's Program Detects Nearby Pacemakers

"It's not hard to see why this is a deadly feature," said Jack, who also noted that he will continue bringing attention to this issue until necessary changes are made. (Source: computerworld.com)

"My aim is to raise awareness of these potential malicious attacks and encourage manufacturers to act to review the security of their code and not just the traditional safety mechanisms of these devices," he added.

To clearly illustrate the extent of this threat, Jack is currently developing a program that uses the transmitter exploit to identify every pacemaker within wireless range and, on command, directly adjust how each detected pacemaker works.

Jack calls his program "Electric Feel."