Categories
In The News Security

Pacemaker Firewall

If you have a pacemaker or a defibrillator you may want to consider getting a firewall at some point in the future. They could potentially be “hacked“:

But hackers could transmit the same radio signals — causing a defibrillator to shock or shut down, or divulge a patient’s medical information — without needing a programmer, researchers found in a laboratory test of one model from Medtronic.

I’m surprised there’s no authentication at all on these things. Considering it’s implanted, it should at least require it’s own serial number to be sent back to it to suggest the sender is authorized (presumably because they have the serial number of the implanted device). By not responding to commands for 10 minutes after 3 wrong guesses, it would take a long time to hack. That’s pretty basic, and not foolproof (what about a mistyped serial number during an emergency?), but a start.