Medical Implants Under Threat
By tony leather, 10th Jul 2012 | Follow this author
| RSS Feed | Short URL http://nut.bz/24x0co8w/
Posted in WikinutNewsHealth
McAfee researcher Barnaby Jack discovered that wireless links employed to monitor these devices left them vulnerable to outside assault, in a fortnight of working discovering a way of scanning for and compromising wireless insulin pumps.
Medical Implants Under Threat
Studies have, worryingly, shown that many medical implants are at risk of abuse, vulnerable to attacks by hackers that could threaten their users lives. This was discovered when security researchers themselves developed attacks for locating and compromising medical implants like those used to manage diabetes, heart disease and other conditions
They had even designed one assault with a radio signal that, if re-broadcast, could switch off heart defibrillators, so it appears that more work needs to be done, not only to secure such implants abut also to protect against maliciously intended attacks.
Increasing numbers of people only enjoy an active life due to their having a medical implant monitoring vital signs and intervening when appropriate. These include pacemakers regulating heart beats, pumps delivering insulin and defibrillators monitoring abnormal cardiac rhythms, all to help live with these chronic conditions.
McAfee researcher Barnaby Jack discovered that wireless links employed to monitor these devices left them vulnerable to outside assault, in a fortnight of working discovering a way of scanning for and compromising wireless insulin pumps.
Diabetics typically need 5-10 units of insulin after heavy meals, to help regulate blood sugar, so any attacker causing the pump to flood their bloodstream could potentially kill them. Similarly, University of Massachusetts Amherst computer scientist Prof Kevin Fu has found a way to capture signals controlling heart defibrillator workings.
Such implanted defibrillators are tested via a specific radio signal when first inserted into the body, the signal turning the device on and off, tests revealing that capturing this signal as it was broadcast was possible, and that re-broadcasting it turned off another nearby device.
Limited medical device battery life renders it impossible to use any signal protection authentication or encryption for signals passing to and from the device - leaving them open to attack, but since patients do better with them than without, this problem is one that certainly needs to be addressed.
Considering that future devices will have to be far better connected, making more use of the internet and wireless technology, the makers of such devices need to think about security as they design products, specifically to protect them against such future attacks, which cannot be that problematic, as there is technology available to reduce these risks significantly.
Though the UK Medicines and Healthcare products Regulatory Agency has to date never received any reports of medical implants being hacked, they closely monitor the safety and performance of all medical devices, but the awful possibility of cyber-attacks is very real, and quite alarming.
Comments