Implantable Medical Devices

Vulnerabilities in wireless-enabled implantable medical devices such as insulin pumps, pacemakers, and defibrillators make them tempting targets for malicious attacks. In recent years, security researchers have shown how attackers can take advantage of unencrypted and generally weak communications protocols in such devices to gain remote control of them and to get them to behave in potentially lethal ways.

In 2013, former Vice President Dick Cheney’s doctors even disabled the wireless capabilities on his pacemaker out of fear that attackers could break into it.

Just this October, consumer giant Johnson & Johnson was forced to alert users of its Animas insulin pump of a potential problem after a security researcher at Rapid7 showed how an attacker could take advantage of weaknesses in the device’s wireless management protocol and pairing protocols. The vulnerability would have let an attacker gain remote access to Animas pumps and get them to release lethal doses of insulin to the wearers of the device.

The effort needed to carry out such attacks is relatively low, says Sam Rehman, chief technology officer at Arxan.

“Innovation is driving a lot of products to the market, therefore increasing attack surfaces,” Rehman says. “With more and more devices connecting to and opening lines of communication, it’s clearly reducing the effort and skill set required for hackers to gain access and wreak havoc,” with medical devices.

Image Source: Click and Photo via Shutterstock