Almost half a million pacemakers are at risk to hacking — forcing US authorities to announce a widespread recall and firmware upgrade to fix the issue.
The US Food and Drug Administration (FDA) has put out a warning about cybersecurity vulnerabilities in 465,000 pacemakers made by the firm Abbott (formerly called St. Jude Medical).
It means that, in theory, a hacker could gain access to a user’s device and change its settings — with potentially serious consequences.
All the attacker requires is “commercially available equipment” (Ars Technica previously reported pacemaker vulnerabilities can be exploited with hardware costing between $US15 and $US3,000), which will allow them to “modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.”
A firmware update has been created to fix the issue — which will require users to visit a healthcare provider for it to be installed. It takes about three minutes to do so, and doesn’t require the device to be removed for the process. Once completed, it will mean only devices with the correct authorisation will be able to communicate with the pacemakers.
So far, there have been no examples of patients coming to harm as a result of the vulnerability. But the incident stands as a sobering reminder that while advances in technology have brought huge benefits to society, they have also created unprecedented new dangers.
Former US vice president Dick Cheney was so concerned about the dangers of his pacemaker being hacked in an assassination attempt that he had his doctors disable its wireless capabilities. “I was aware of the danger, if you will, that existed,” he told 60 Minutes.