Hacks and Heart Attacks
I awoke this morning to reports that researchers have found a way to hack into and disrupt implanted deliberators and heart regulating devices.
The research conducted by the Medical Device Safety Institute at Beth Israel Deaconess Hospital in Boston is sketchy on the details, but firm on its conclusions: A person with specific technical knowledge could use common wireless technology to infiltrate an implanted heart regulating device, retrieve data and--potentially--disrupt its normal operation.
The findings of the report will be presented at a security symposium in Boston in May. While the researchers won't disclose specifics of their technique, they are recommending improved security safeguards and the use of encryption to protect the devices, the data they hold and patients' health.
For years, many corporate security practitioners have dismissed the threats poised to IP-enabled, non-IT devices, such as smart refrigerators, embedded computers in cars and home heating systems. They often said that those threats--while possible--posed no real threat to enterprise operations. Who even knew that there were 802.11 pacemakers?
The risk of a person being affected by such an attack is remote since it requires specific, advanced technical knowledge. However, the spector of possible attack should be enough to give pause to those who design IP-enabled or any product that relies on silicon controls to give greater consideration to security.