Pacemakers, defibrillators open to attack (The Register)

Crims could send 830 volts straight to your heart...

The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that "the most obvious scenario would be a targeted attack against a high profile individual."

Jack also warned of a worst-case scenario "worm with the ability to commit mass murder".

Such devices are accessible through a wireless interface designed to deliver telemetry and allow maintenance. But Jack, who works for US-based security company IOActive, has subverted security in that interface and showed delegates a video demonstration of a wireless attack against an Implantable Cardioverter-Defibrillator (ICD). "There's 830 volts going into the heart there, which is a bummer," he said as an audible zap played over the conference audio system.

The attacks work at a range of up to 50 feet.

Read the rest of this piece at The Register.


The pacemakers are something they have been making sure of. I guess they are up to the task. - Flemings Ultimate Garage



Scary stuff. For me, this type of article is where disclosure of security research crosses the line as people could actually get hurt. I think in this case, a code of ethics in disclosure would be useful - i.e "You found the bug, you fix the bug" before disclosure? If the company doesn't want to fix it after taking account of the research, they should be held liable.

Interesting to note that before drugs come to the market they have to undergo strict testing. What happened to the code audit before the device was deemed fit to be implanted? Perhaps a new area of IT compliance to be introduced?