Medical implants such as pacemakers can be tampered with to kill – without leaving a trace. But the race is on to find ways to spot the crime
IT’S the perfect murder: hack someone’s pacemaker wirelessly just long enough to stop it working. Once the deed is done, the killer radio signals are long gone and any suspicions over the cause of death are exceptionally hard to prove.
It sounds like the stuff of Hollywood – and was even used to kill off a fictional vice-president in the TV drama Homeland. But wireless hacking of cardiac implants is a genuine concern. Just last month, it was revealed that the US Department of Homeland Security (DHS) is investigating more than 20 medical devices – including implants – for security flaws that could be exploited to do harm.
Now a team of forensic medicine specialists, working with their colleagues in digital security, are working on software that would prove a lethal implant hack has been carried out. The warning from the DHS applies to a range of devices, such as implanted cardiac pacemakers and defibrillators, bedside intravenous fluid and anaesthesia pumps, medical imaging systems and hospital networks.
It comes on top of an alert from the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in June 2013 in which 300 medical devices made by 40 firms were found to have unchangeable passwords that, once guessed, could allow someone to alter critical settings. ICS-CERT is now working with the devices’ manufacturers and the US Food And Drug Administration, which certifies them, to patch the gadgets.
Even though a real US vice-president, Dick Cheney, had wireless reprogramming disabled in his implanted defibrillator as an anti-hacking precaution in 2007, it is not known if anyone has ever been injured or killed due to an implant hack.
To find out, cryptographer Noureddine Boudriga at the University of Carthage in Tunisia and forensic medic Mohamed Allouche at the University of Tunis El Manar are developing software that can tell a pathologist conducting a post-mortem if a cardiac implant has been interfered with prior to death. If it is flagged as suspicious, then an investigation could begin, when previously the attack would have gone unnoticed.
To create the software, the team first asked a pathologist to draw up the sequence of medical events that could lead to the death of a person with an implanted defibrillator, a device that shocks a chaotically beating heart back to normal rhythm. They then worked out all the potential lethal scenarios it is possible for the device to perform and added those in, too. These included sending a series of short shocks to the defibrillator to accelerate a patient’s heartbeat and cause a fatal arrhythmia, or changing the threshold at which it kicks in so the device doesn’t operate and save a life when called upon. All of these events leave digital traces in the logs stored on the defibrillator.
Kevin Fu, director of the Ann Arbor Research Center for Medical Device Security at the University of Michigan, sees merit in looking for signs of implant hacking. “Medical device forensics is an important and necessary area,” he says. Sujeet Shenoi, a computer security engineer at the University of Tulsa in Oklahoma, who trains US government agencies in digital security measures, says hacking implants is now on the US government’s radar. “The problem is that there has to be a way to access these very small, simple devices to reconfigure them, change their settings and patch the software – and that means there are any number of ways to compromise them and their firmware.” “The medical device manufacturers are now working hard behind the scenes to stop this happening,” says Shenoi.
Source: New Scientist