Researcher Demonstrates Lethal Medical Device Exploit

Anthony Freed
By | October 18, 2012

Posted in: Network Security Trends

Noted security researcher Barnaby Jack has dealt another blow to medical device insecurity with an exploit that shows how attackers could hack communications terminals for pacemakers and implanted cardioverter-defibrillators (ICDs) to administer potentially lethal jolts.

In a shocking presentation at the BreakPoint Security Conference in Melbourne this week, Jack demonstrated how a malicious actor could reverse-engineer elements of a device's wireless transmitter terminal and rewrite firmware from as close as thirty feet away using only a laptop, then deliver high voltage blasts which could result in fatality for the intended target.

“With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop," Jack was quoted as saying of the exploit

Jack also discovered that, due to a lack of authentication protocols in the systems that control wireless communications with the devices, self-propagating malware could be designed to cause a chain of infections between compromised devices within close proximity of one another.

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,”Jack explained.

At last year's Hacker Halted conference in Miami, Jack similarly conducted the exploit of an implanted insulin pump. The demonstration was a followup to Jay Radcliffe's August hack of an insulin pump at the Black Hat Conference in Las Vegas, but with a twist; where Radcliff had the advantage of knowing the targeted unit's model type and serial numbers to conduct the attack, Jack was able to use an off-the-shelf antenna and receiver assembly to remotely scan for the information on the targeted device.

After using the antenna to locate and isolate the target, Jack proceeded instruct the unit to deliver a potentially lethal dose of insulin, as well as showing how he could switch the device off entirely.

For both exploits, the researcher has declined to publicly provide details on the targeted devices such as the manufacturer or model types for security reasons The point of the exploits, Jack says, is to encourage medical device producers to take the necessary precautions in design and implementation to protect users from the possibility of harm at the hands of miscreants.

You May Also Be Interested In: