Hackers can attack heart devices - Wireless implants vulnerable, UW scientist says
March 11, 2008
Seattle, WA - A Seattle computer scientist who helped expose how hackers can mess with electronic voting machines is part of a team that has shown how new, wireless cardiac devices implanted in thousands of heart patients also are vulnerable to electronic attack.
"These medical devices are becoming fairly intelligent, with increasing computational and wireless capabilities," said Yoshi Kohno, a University of Washington computer scientist.
In 2003, Kohno, with Avi Rubin and other colleagues at Johns Hopkins University, gained worldwide attention when they showed how they could easily manipulate Diebold's software to alter tallies on its electronic voting machines.
Now, Kohno and others have shown they can wirelessly extract personal medical information from an implantable cardiac defibrillator as well as reprogram or disrupt the device. The team includes Harvard University cardiologist Dr. William Maisel and Kevin Fu of the University of Massachusetts-Amherst, also a computer scientist.
"Wireless technology is becoming increasingly important in medical care," said Maisel, the heart expert.
This is especially true for pacemakers and defibrillators, he said, which are the most common types of implanted medical device. They have made life much better for many patients, he said, by allowing for noninvasive adjustments, internal monitoring and wireless alerts when problems arise.
"But as wireless technology becomes more sophisticated, we also need to anticipate any potential for problems," Maisel said.
Many of these devices carry personal and medical information, he said, to be used by health care personnel in an emergency.
More than 3 million pacemakers and defibrillators have been implanted in patients over the past 15 years, the scientists estimated. One of those depending upon such a device to keep his heart beating regularly is Vice President Dick Cheney, who was implanted with a second, replacement defibrillator last summer.
There is no known case of any person with an implantable cardiac device having it hacked or disrupted by some wireless radio attack, the researchers emphasized. Still, they believe it is important to demonstrate the possibility, to protect heart patients' safety and security as wireless technologies expand in use and power.
"There is this tension in medicine between personal privacy and making the information easily accessible," Kohno said. "The challenge is to find the right balance."
The researchers, which included the UW's Daniel Halperin and five other graduate students at the two other universities, did not hack into a real heart patient. Instead, they stuck a device called an "implantable cardioverter defibrillator" inside a bag of bacon and ground beef to simulate the shielding characteristics of the human chest.
The scientists used an "inexpensive software radio" to intercept the wireless signals sent from the device, obtaining the hypothetical patient's name, medical condition, date of birth and other data. They were also able to change settings on the device and command it to deliver a big electric shock, which in a healthy patient could actually cause a heart attack.
"We hope our research is a wake-up call for the industry," said Kohno, who acknowledged that his previous work exposing the security weaknesses inherent in Diebold's electronic voting machines didn't provoke much beyond a "firestorm of debate."
Kohno noted that, with today's technology, it would still be difficult to hack into a heart patient's implanted device. But he said the idea here was to show it could be done.
It will get easier as wireless technology becomes more the norm for cardiac devices, he said.
Maisel said it was important to prove it could be done rather than simply raise it as a potential problem because of industry's tendency to dismiss such problems as hypothetical.
Beyond identifying potential problems, the scientists also tested three warning or preventive techniques that could be incorporated into the cardiac devices without using any more battery power -- an audible sound or a vibration that alerts the patients if their device is being hacked and an addition to the device that requires authentication for access.
These simple fixes, said co-author Kevin Fu, would be "potentially easy to incorporate in the devices without extensive redesigning."
The work is explained in a paper released on their Web site, secure-medicine.org. The paper (with some technical details omitted to protect against malicious copycats) will be presented May 19 at a security and privacy conference in Oakland, Calif., sponsored by the Institute of Electrical and Electronic Engineers.
P-I reporter Tom Paulson can be reached at 206-448-8318 or firstname.lastname@example.org.
In accordance with Title 17 U.S.C. Section 107, any copyrighted work in this message is distributed under fair use without profit or payment for non-profit research and educational purposes only. [Ref. http://www.law.cornell.edu/uscode/17/107.shtml]