This is all you need to illicitly reprogram implantable medical devices, according to researchers from the University of Leuven and University Hospital Gasthuisberg Leuven in Belgium, and the University of Birmingham in England: On the left is a universal serial radio peripheral, and on the right a data acquisition system.
It's possible to transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work, researchers in Belgium and the U.K. have demonstrated.
By intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, the researchers found they could steal patient information, flatten the device's battery, or send malicious messages to the pacemaker.
The attacks they developed can be performed from up to five meters away using standard equipment -- but more sophisticated antennas could increase this distance by tens or hundreds of times, they said.
"The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy," the researchers wrote in a new paper examining the security of implantable cardioverter defibrillators ICDs , which monitor heart rhythm and can deliver either low-power electrical signals to the heart, like a pacemaker, or stronger ones, like a defibrillator, to shock the heart back to a normal rhythm.
Their findings add to the evidence of severe security failings in programmable and connected medical devices such as ICDs.