I probably never would have read the article if I hadn't quickly sensed a more than casual interest in the topic. But because it conveyed a scenario that could have some unpleasant, if not life-threatening, implications to a member of my immediate family, it became imperative that I dig deeper into the subject.
Normally, I try not to get too excited about what the cyber hackers are up to these days. It seems they can hack at will from breaking into the computers of large corporations to those of some branches of the U.S. government. They even have lowered their attacks to our small company. Just the other day, our Article Archives were breached, I'm told from somewhere in Russia, and visitors to our site were presented with a Server Error instead of being able to read the article they had selected.
Kevin Fu realized early on the dire consequences that await unsuspecting patients who live with implanted pacemakers and defibrillators. In a recent article in the MIT Technology Review, Mr. Fu explains that these life-saving devices easily could be turned into heart-attack machines if hackers are able to intercept and modify the wireless communications between patient and computer.
As you might expect, Mr. Fu and his team developed a software radio that did just that. With the radio, they were able to capture the transmissions from device to computer and rebroadcast commands of their choosing. One of the aberrant commands kept the device in an on state that depleted the battery in a short period of time. They were able to instruct the device not to respond to an abnormal heart rhythm and even to disengage the defibrillator during a heart attack. The final aggression was to actually engage the defibrillator even though the patient was not experiencing a heart attack.
Thankfully, encrypting the communications link solved the problem. Pacemakers and defibrillators on the market today use encrypted communications to ward off potential attacks. But are they truly safe? Hackers can be deterred, but can they be stopped?
My concern is for my son who has been diagnosed with cardiomyopathy. The cardiologists say his heart has been weakened, probably from one of the drugs he took several years ago during cancer treatment, and now is unable to pump enough blood for his system. Possibly in the future, he may need a transplant, but that's a totally different issue. Currently, he wears an external life vest that has a battery-operated defibrillator to restart the heart should it stop for any reason. Depending on the data collected from the life vest, the cardiologists expect to replace it with an implantable defibrillator.
And that's my concern. Doctors have the capability to remotely monitor defibrillators in patients. Encryption thwarts hacking, but what happens if someday the transmissions are somehow intercepted and decoded? Could the devices then be triggered at will by the hackers? Just one such incident would be one too many.
Paul Milo
Editorial Director
[email protected]