Former Vice President Dick Cheney was afraid terrorists would kill him by hacking into his heart. So back in 2013, his doctors disabled the wireless function of his heart implant to make sure that wouldn’t happen.
Cheney’s fear wasn’t completely unfounded. Hacking something like an implant, pacemaker, or a bionic limb is difficult, but it is possible. And it’s scary to think about.
A hacker could hold your bionic arm hostage, or rig your insulin pump to deliver a fatal dose. And humans are increasingly implanting technology — beyond just medical devices — into their bodies: microchips that can send and receive wireless data are becoming more popular, and brain implants might one day give us a cognitive boost.
The more cyborg-like we become, the greater the threat of hackers finding ways inside our bodies.
This wasn’t just your average dummy hooked up to the pacemaker. It’s a medically accurate mannequin called the iStan, and it’s the “most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems,” according to its manufacturer, CAE Healthcare. Medical students practice on iStan to hone their skills before working on real patients.
“It responds to 300 different types of simulated medications and procedures, and the physiological response is identical to that of a human,” Mike Jacobs, director of the simulations program at University of South Alabama, told Motherboard, where we first spotted this story. It even speaks and breathes.
The students used publicly available information on iStan to figure out weak spots in its software and “tools that are relatively easy to acquire and utilise” to exploit them, according to their research, which was published online but has not yet been peer-reviewed. (Their results should be considered preliminary.)
“The simulator had a pacemaker so we could speed the heart rate up, we could slow it down. If it had a defibrillator, which most do, we could have shocked it repeatedly,” Jacobs told Motherboard. “If it was the intent, we could definitely cause harm to the patient.”
Poor iStan didn’t stand a chance.
There are no reports of any real deaths by hackers yet, but the FDA has issued a warning about the vulnerability of medical devices to cyber attacks, noting that the agency “has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices.”
“The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack,” the statement says.
The students write in the paper that the intent behind the experiment was to help expose the security shortcomings in medical devices. Their main concern was the possibility that hackers could interfere with medical mannequins used for training students and doctors: “Subtle modifications could go undetected and yet influence training classes of medical professionals to incorrectly assess situations based on inaccurate feedback from medical devices.”
But what they found has much wider implications.
While this study was mostly a proof-of-concept rather than a real-world security assessment, “future research,” they write, “will consider the implementation of more complex security issues like the development and propagation of software designed to interfere with the operation of medical devices.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.