Hackers can hack medical implants, and the results could prove lethal.
IOActive researcher Barnaby Jack said he's discovered a way to hack into a pacemaker via its wireless transmitter and make the device send an 830-volt shock through a person's body that "could definitely result in fatalities," he said.
In a video, Jack demonstrated the hack during a talk at the Breakpoint security conference in Melbourne, Australia, which can be done with a laptop 30 to 50 feet away. When he sent the command, the shock made a popping sound, Computerworld reported.
Pacemakers have wireless transmitters to allow them to be programmed without an invasive procedure. Medical professionals can send pacemakers new instructions after hitting a virtual switch. Full radio-frequency medical implants that operate in the range of 400 megahertz have been approved for use by the FDA for over half a decade.
But the convenience of long-range programming opens up a new security vulnerability to remote attacks on the body where there wasn't one before.
"The new implementation is flawed in so many ways, it really needs to be reworked," Jack said. "It's not hard to see why this is a deadly feature.”
Since 2006 more than 4.6 million pacemakers and other medical implants have been sold in the United States.
Jack warned that the source of the attack isn't limited to a laptop. Malware installed on a hospital or company computer that may briefly interact with an implant could infect, reprogram or command it to perform a more lethal function.
Through his proof-of-concept application — aptly named "Electric Feel" after a song by summer-fun pop band MGMT — Jack said he was even able to access personal data stored on implants such as confidential patient information and the doctor's name.
Jack acknowledged the need for backdoors in medical devices to save a patient from having to undergo an operation, but, he pointed out, those hidden access points need to be buried in a more secure way.
Follow Ben on Twitter.