Warning over medical implant attacks

Insulin injection Diabetics inject insulin to regulate blood sugar but too much can induce a coma

Related Stories

Many medical implants are vulnerable to attacks that could threaten their users' lives, according to studies.

Security researchers have developed attacks that locate and compromise implants used to manage conditions such as diabetes and heart disease.

One attack identified a radio signal that, if re-broadcast, would have switched off a heart defibrillator.

Researchers say more work needs to be done to secure implants and protect against malicious actions.

Radio grab

For increasing numbers of people an active life is only possible thanks to a medical implant that monitors their vital signs and which intervenes when needed.

Pacemakers that regulate heart beats, pumps that deliver insulin and defibrillators that watch for abnormal cardiac rhythms are being fitted to many more people to help them manage these chronic conditions.

Barnaby Jack, a researcher at security firm McAfee, has discovered that the wireless links used to interrogate and update these devices left them open to attack.

Start Quote

My worry is that we will learn about how to protect these systems only after an incident occurs and I would much rather see these problems addressed before there is such an incident”

End Quote Prof Kevin Fu University of Massachusetts Amherst

Read more details about the research

In two weeks of work he found a way to scan for and compromise insulin pumps that communicate wirelessly.

"We can influence any pump within a 300ft [91m] range," Mr Jack told the BBC. "We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number."

Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble".

In similar work Prof Kevin Fu, a computer scientist at the University of Massachusetts Amherst, has found that is possible to capture a signal that controls the working of a heart defibrillator.

During his research Prof Fu discovered that implanted defibrillators are tested using a specific radio signal when first placed inside a patient. The signal turns the device on and off.

Lab work revealed that it was possible to capture this signal as it was broadcast. Re-broadcasting it turned off a device close by.

Prof Fu said the limited battery life of medical devices meant they could not use any authentication or encryption to protect signals passing to and from the device - leaving them open to attack in the future.

Human heart Many hearts are kept beating thanks to a medical implant

"Patients are much better off with these devices than without," said Prof Fu, but added that the work he and others were doing was signalling forthcoming problems that needed to be addressed now.

"Future devices will be much more connected, much more connected to the internet and will have much more use of wireless technology," he said.

Manufacturers needed to think about security as they designed products and harden them against future problems, he said.

"There is no silver bullet, it's not that these problems are easy to address," he said. "But there is technology available to reduce these risks significantly."

The UK's Medicines and Healthcare products Regulatory Agency said it had never received any reports of medical implants being hacked.

"We closely monitor the safety and performance of all medical devices and take action to ensure the safety of patients," said an MHRA spokesman.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • HandshakeKiss and make up

    A marriage counsellor on healing the referendum hurt


  • Pellet of plutoniumRed alert

    The scary element that helped save the crew of Apollo 13


  • Burnt section of the Umayyad Mosque in the old city of AleppoBefore and after

    Satellite images reveal Syria's heritage trashed by war


  • Woman on the phone in office10 Things

    The most efficient break is 17 minutes, and more nuggets


  • Amir TaakiDark market

    The bitcoin wallet with controversial users


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.