The Escapist : News : Researcher Turns Pacemakers Into Mass Murder Machines
Barnaby Jack of IOActive made a rather stunning announcement today at the Breakpoint security conference in Melbourne, Australia. He's figured out how to reverse-engineer pacemaker transmitters to deliver hacked firmware to any compatible devices within a 30 foot range, which can force them to deliver electric shocks of up to 830 volts. He's only done it with one brand of pacemaker, which he declined to name for obvious reasons, but said that it opened the door to "anonymous assassination" and, in a worst-case scenario, even mass murder.
It seems that the pacemakers in question have a "secret function" that, when activated, causes them to return model and serial number information to a remote terminal, which Jack said provides "enough information to authenticate with any device in range." The function is presumably intended for diagnostic purposes, but he discovered that they have no encryption and even found user names and passwords for what is apparently the manufacturer's development server.
"The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer," he said. "The compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range."
That "compromised firmware" would let the controller do all sorts of unintended and unpleasant things with and to the pacemakers, including delivering some serious electric shocks. "With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature," he continued. "Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop."