(NaturalNews) The software in electric heart monitors can be hacked to collect private patient information or even deliver powerful electric shocks, according to a study conducted by researchers from the University of Washington, the University of Massachusetts at Amherst, and the Harvard Medical School.
Researchers used a personal computer, a wireless radio, an oscilloscope, a few antennas and free software to hack into the software controlling an implantable cardioverter defibrillator (ICD). ICDs are wired to the heart so that when the heart experiences the random muscle twitches known as ventrical fibrillation, it can be shocked back into its normal rhythm. But by gaining access to the device, the researchers were able to disrupt its operation and even use it to administer a powerful shock that is said to feel like a kick to the chest.
Many pacemakers, ICDs and other medical devices are designed to be remotely controlled over unsecured wireless networks, the researchers noted. So far, medical device manufacturers have neglected the security risks that these devices entail. According to Gadi Evron, a networking security expert, these issues will only become more pressing as computerized and networked medical devices become more popular.
"What I would like to see are security standards being put into place alongside with ... regulations," Evron said.
The actual risk of an ICD being hijacked is low, said study co-author Tadayoshi Kohno, because all the hardware would need to be within 4 inches of the medical device to be hacked.
But while Kohno does not recommend that patients eschew potentially life-saving devices, he does believe the security
concerns need to be addressed.
"Future devices need to incorporate a strong security mechanism," he said.
Kohno was one of the researchers who first drew attention to the security vulnerabilities of electronic voting machines.
"One of the lessons we learned from electronic voting [is that] it's important to understand the risks of new technologies before they're widely deployed," he said. "I really wish that someone had done a similar type of public analysis five or 10 years before we did the analysis that we did."