Reel life to Real life
If you have seen the TV series Homeland you might know that the terrorist in the series are shown laying their hands on the pacemaker. The series protagonist, Damian Lewis was seen to give terrorists a serial number so they could hack the pacemaker of Vice-President William Walden. US security experts have warned that this could actually happen in real world. Taking their advise seriously, the US Department of Homeland Security (DHS) is currently investigating more than 20 medical devices which could be tampered with by third parties like terrorists or state sponsored hackers.
DHS announced in October, 2014 that it is checking anything and everything which contains a programmable chip like pacemakers, defibrillators, bedside intravenous fluid pumps, scanners and hospital networks etc.
Members of DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) say that a heart pump by Hospira and cardiac implants by Medtronic and St Jude Medical all have security flaws that could make them vulnerable to external hacking.
Forensic medicine and security specialists to develop software to spot if pacemakers have been hacked
Now forensic medicine and security specialists have joined forces to develop software which can tell a pathologist if a pacemaker has been interfered with causing any fatality. Sujeet Shenoi, a computer security engineer at the University of Tulsa in Oklahoma, told New Scientist:
“The problem is that there has to be a way to access these very small, simple devices to reconfigure them, change their settings and patch the software. “That means there are a nay number of ways to compromise them and their firmware. “The medical device manufacturers are not working hard behind the scenes to stop this happening.”
To create software which monitors unusual activity, the researchers have drawn up a list of medical events that could lead to the death of a person with an implanted defibrillator – a device which helps the heart beat more rhythmically through a series of shocks. They included sending a series of quick shocks to accelerate the heartbeat and cause a fatal arrhythmia or reprogramming the device so that it does not kick in when required.
A pathologist can then examine the defibrillator after death to see if any of the scenarios which could cause a lethal attack had taken place. If something untoward was spotted, an investigation could begin. “That would be proof against everything but a malicious pathologist,” said Noureddine Boudriga, a cryptographer at the University of Carthage in Tunisia.
In a post-mortem examination, the new software could identify whether a pacemaker was remotely ordered to produce changes that led to a heart attack. The program could be altered, said the team, to work with any other medical device. Furthermore, the team suggested that on future devices, protections be implemented to keep the devices’ service and operations data safe from external tampering.
Nonetheless, former Vice President Dick Cheney had all forms of wireless access to his own pacemaker deactivated before the device was implanted into his own chest.
Resource : New Scientist