Sunday, August 16, 2009

Hacking a Heart - Updated

Last year, I did a post that dealt with what could be a new way to commit murder.


In it, I explained that researchers were able to use wireless signals to turn off a pacemaker.


I also explained that if someone used this technology to shut off a pacemaker for the purpose of killing the person who had it, the person who shut down the pacemaker could be prosecuted for murder under existing law. In other words, the essence of murder (or any homicide crime) is that you cause the death of another human being; we don’t concern ourselves particularly with how you caused the death, though, of course, that has to be proved at trial for the prosecution to obtain a conviction.


Looks like hacking a heart just got a lot easier. When I did the post last year, the technology used to shut off the pacemaker was expensive and could only be used if you were pretty close to the person who had the pacemaker.


That apparently isn’t true anymore. According to this story, a woman recently received a pacemaker that has a wireless connection to the Internet. The story says she’s the first American to receive such a pacemaker, implies that people in elsewhere have them; I couldn’t, though, find any mention of whether that’s true or not . . . and it’s not relevant to my point, anyway.


The story says her doctor can use the Internet to monitor her pacemaker. It also says that the pacemaker sends information to the doctor at least once a day and will alert him if things start to go wrong with it. All of that information travels over the Internet, which presumably means it can be hacked. I didn’t see any mention of encrypting the date in this story, but maybe they’re doing that. I hope so.



3 comments:

Anonymous said...

1) I think you meant data not date.
2) For more info like this
http://www.schneier.com/blog/archives/2008/03/hacking_medical_1.html
3) Even if it is encrypted who said its secure?

Anonymous said...

There is some misinformation about how this device works. Several sources have claimed that the pacemaker connects directly to the Internet, but it actually connects wirelessly to home monitoring equipment which presumably then uses the Internet to transmit the patient's status. No murder-by-pacemaker-hacking just yet.

Gavin said...

Not hard to ensure that it is simply a one way connection, spewing data out only and not receiving any.