A virus that reprograms your pacemaker to deliver an electric shock

PublishedDecember 19, 2012

We may earn a commission from links on this page.

What's likely to become a health threat you never expected next year? 4Chan griefers could actually deliver death or injury from the safety of their forums with a virus designed to infect medical devices. Many of these devices, such as pacemakers, can be reprogrammed wirelessly. And that means bad guys could reprogram your pacemaker (or insulin delivery system) with some bad code. No, it's not science fiction. The John J. Reilly Center at University of Notre Dame has released its first annual "List of Emerging Ethical Dilemmas and Policy Issues in Science and Technology" for 2013, and near the top of the list is "hacking into medical devices."

Watch

Boogeyman Star Sophie Thatcher Wrote Howl's Moving Castle Fan Fiction | io9 Interview

view video

Boogeyman Star Sophie Thatcher Wrote Howl's Moving Castle Fan Fiction | io9 Interview

The Boogeyman's Sophie Thatcher Reveals What Draws Her to Dark Characters | io9 Interview

Friday 10:30AM

IMDb Changes Rating System After Little Mermaid Review-Bombed | Future Tech

Friday 10:03AM

They write:

Barnaby Jack, a hacker and director of embedded device security at IOActive Inc., recently demonstrated the vulnerability of a pacemaker by breaching the security of the wireless device from his laptop and reprogramming it to deliver an 830-volt shock. Because many devices are programmed to allow doctors easy access in case reprogramming is necessary in an emergency, the design of many of these devices is not geared toward security. We don't yet have evidence of a hacker breaching the security of a medical device with malicious intent, although we now know that it's possible, and over the last few months, government and health care agencies have been discussing the best ways to protect patients.

This fall, the US Government Accountability Office released a report detailing their concerns about how hostile actors could attack people with remotely-programmable medical devices in their bodies. The GAO notes reassuringly:

Although researchers have recently demonstrated the potential for incidents resulting from intentional threats in two devices-an implantable cardioverter defibrillator and an insulin pump-no such actual incidents are known to have occurred, according to the Food and Drug Administration (FDA).

So nobody has been hurt yet, thankfully. But if we take no steps to secure these medical devices, next year could mark the first assassination by computer virus.

Read more of the Reilly Center's report on emerging ethical dilemmas and policy issues on their website.