Malware on Pacemakers?  Is this real?

So the malware frenzy continues!  We already spoke about how Apple may have an issue with their manufacturer, in particular some malware could potentially be impacting the chips Apple uses from TSMC.  That said, it's scary to think how hardware can now come preinstalled with malware.  But what about it being installed after the hardware has been shipped?  Remember, we are talking hardware based malware, not software based.

What exactly is happening?

There has been a recently discovered pacemaker hack that allows a malicious user to install malware on a pacemaker from a remote location.  This is happening due to a flaw in the Carelink 2090 pacemaker programmer, as well as potentially other relevant equipment which can contain this life threatening vulnerability.

And while Medtronic has remediated some of the issues the researchers discovered, Rios and Butts say that too much remains unresolved, and that the risk remains very real for pacemaker patients. The pair will walk through their findings Thursday at the Black Hat security conference. *s

The issue is once the pacemaker is compromised, a remote attacker could stop shocks from being administered when needed, or administering shocks when they are not needed.  Long story short, it's very life threatening.

Am I safe?

If you have a pacemaker, the answer is no.  You are likely able to be compromised with this malware, but should immediately make an appointment to discuss this with your healthcare professional.  This type of serious malware which impacts personal health should not be taken lightly.  The hardware used to send updates to the firmware of your pacemaker uses unencrypted connections to communicate.  This can be exploited, and allow malware to be installed to control the pacemakers.  Similar results were found on an insulin pump.

“The time period Medtronic spent discussing this with us, if they had just put that time into making a fix they could have solved a lot of these issues,” Butts says. “Now we’re two years down the road and there are patients still susceptible to this risk of altering therapy, which means we could do a shock when we wanted to or we could deny shocks from happening. It’s very frustrating.” *s

What should I do?

Reach out to your healthcare professional if you or a loved one has a pacemaker.  Reference the articles linked above as well as this one, as many healthcare professionals may not understand terms like Malware or Remote Attacks.  To be honest, the more information you can provide to your healthcare provider, the quicker they can address any potential issues.  Informed rational decisions can be made when you have all the facts.