Stopping A Heart With A Button: Pacemakers Pwned.

Now this news will certainly cause some people's heart to skip a beat, or stop altogether: a group of white-hat hackers at Defcon have figured out a way to remotely disable wirelessly controlled pacemakers from five different companies.

By reverse engineering the pacemaker's design, and armed with a $1000 rig featuring software radios and GNU control software, the researchers were able to access a test mode in the pacemakers and get patient data, as well as change the therapy parameters, and drain the batteries - all wirelessly.

The reason this is all possible? The pacemakers don't use cryptography keys to secure the wireless connection with their control computers (which are often worn outside the patient's body and control the specific therapy the patient needs, obviating the need for wires.) This essentially means the pacemakers are wide open to attack by anyone with the correct software and radio transmitter.

Thankfully, the good guys figured out this attack vector, so there's no immediate fear for pacemaker users out there. However, this raises some serious questions about wireless medical device security that need to be addressed.

The pacemakers which are affected by this particular flaw are said to be in about 2.6 million patients who've had a pacemaker installed between 1990 and 2002.

Defcon: Excuse me while I turn off your pacemaker [VentureBeat]