After IoTs, it is the IMDs that are Most Vulnerable to Hacking

Researchers from UK and Belgium have jointly conducted a research and concluded that hacking into implantable medical devices or IMDs is as easy as counting from one to three. The research was documented in a paper titled “On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them.”

Also Read: Hacker who was due to demonstrate how heart implants could be hacked found dead

The benefits of IMDs cannot be overlooked but at the same time it is claimed that these are very vulnerable devices and to hack them is not a big deal at all as it doesn’t even require advanced social engineering skills from cyber-criminals. As soon as the attackers get control of the device, they can perform a variety of devastating actions such as killing the patient. All that is required is pushing a button.

In their paper [Pdf], researchers identified that these compact heart devices fully rely upon a proprietary wireless communication system. In a majority of cases, this communication system utilizes a long-range Rf channel. This channel can be easily hacked by attackers/cyber-criminals without even being close enough to the device. When the attackers are able to intercept the connection between the IMDs and the monitors, they can carry out a variety of attacks such as DDoS attacks or reverse engineering.

“All these attacks can be performed without needing to be in close proximity to the patient.”

Through compromising IMDs the cybercriminals can control the device and compromise its security system altogether, which is indeed an issue to be concerned about. It hints at the fact that smart devices like the IoTs and IMDs that use a wireless network to communicate aren’t reliable at all as these can be easily compromised by even non-expert hackers.

Also Read: Researchers show how medical robots can be hacked during surgery

While discussing what kind of attacks can be conducted and how poor is the security researchers said that:

“We want to emphasize that reverse-engineering was possible by only using a black-box approach. Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs,” the researchers stated in the paper. Our first attack consisted of keeping the ICD alive while the ICD is in ‘standby’ mode by repeatedly sending a message over the long-range communication channel. The goal of this attack was to drain the ICD’s battery life, or to enlarge this time window to send the necessary malicious messages to compromise the patient’s safety.”

The researchers recommended that to mitigate such threats, it is a wise idea to jam the signal. But it is a short-term remedy. To implement a more powerful security system, it is advised to enable standby mode when the communication isn’t taking place.

This is not the first time when researchers have demonstrated how life-saving medical devices can be life-threatening for patients. In 2015, it was revealed that hackers can take over drug pumps and remotely deliver a fatal dose of the medication to a patient.

Also Read: Selfie Psycho: Paramedic Fired for Taking Pictures with Dying Patients

That’s not all, about two months ago, researchers presented a video demonstration of how Johnson & Johnson’s insulin pumps are vulnerable to cyber attacks. One can only hope that experts will learn from this research and fix these vulnerabilities.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.