No one ever wants to read a headline that includes the words “fatal” and “medical” in the same sentence, but that’s exactly what security experts are calling a newly discovered “fatal flaw” in connected medical implants. These devices, which rely on external updates, include implanted support tech like pacemakers, insulin pumps, and more.
Back in the good old days, you went in for surgery, you had a pacemaker installed, and you were good until the battery needed to be changed. You were taught to avoid convenience stores that operate microwave ovens for heating up frozen burritos, but otherwise, your quality of life was vastly improved.
Now, short-wave radio communication lets medical staff update your device, retrieve your health information, and even identify you as the patient based on stored medical information. This ability is where the security researchers found the security flaw, one that not only allowed them to hack in and retrieve personal information, but also to alter the function of the devices and even in some cases, to turn them off altogether.
According to a report, “The team reverse-engineered the proprietary wireless signalling systems used by the implants which revealed flaws in the way data was broadcast. The attacks only worked when the researchers’ eavesdropping equipment was within five metres of the devices.”
Fortunately, this issue is limited to medical implants manufactured by one company, but for safety reasons the name of that company hasn’t been released. The downside is that the manufacturer is one of the largest in the world for this kind of medical device. The manufacturer was alerted to the security flaw and a patch has been issued, but the finding speaks to the greater need to preemptively look for potentially life threatening flaws rather than waiting for them to be revealed.