A team of Belgian and British researchers has discovered vulnerabilities in the wireless protocol used by the latest generation of pacemakers. Here's what you can do
The communications protocol used by some late-generation pacemakers is not robust enough to withstand potential cyber attacks. This was discovered by a team of European researchers, who highlighted some flaws and vulnerabilities in the wireless transmission protocol.
The results are the work of a joint team of researchers from Leuven (Belgium) and Birmingham (UK) who claim that all new implantable medical devices, not just pacemakers, would be at risk. The cause, as said, is to be found in the use of wireless communication protocols that, in some cases, have weak or even non-existent security systems. Therefore, it is not necessary (obviously) a physical access with these devices: it is sufficient a process of "reverse-engineering" of the protocols, that is a detailed analysis of the development and functioning of the adopted communication type, to discover the weak points and then to launch, for example, a DoS attack (denial of service, "light" version of the most famous DDoS attacks).
Wireless Communication in the Service of Science and Medicine
Medical science is making great strides and the use of wireless communication in implantable devices - such as pacemakers - is a recent and very useful innovation. Doctors, thanks to the ability to communicate with such devices - without resorting to surgery on patients - can perform very important functions such as, for example, modifying a therapy or collecting data from a pacemaker, or other device implanted in a person's body. Scoprire che, questi protocolli di comunicazione sono facilmente hackerabili, anche senza l’intervento di “personale esperto”, è una doccia fredda un po’ per tutti.
Un pacemaker
Protocollo di (in)sicurezza
I sei ricercatori, in pratica, hanno vestito i panni di un hacker e, tramite lo studio del funzionamento della comunicazione wireless, hanno scoperto delle falle facilmente sfruttabili – anche senza grandi conoscenze tecniche – per mandare in tilt i device. In questo caso, purtroppo, non si tratta di bloccare il funzionamento di un computer, di un server o di una rete, ma di mettere a repentaglio la vita delle persone che dipende da questi dispositivi. I ricercatori hanno messo alla prova molti modelli di dispositivi impiantabili di ultima generazione e riscontrato “falle” nei protocolli di comunicazioni in almeno una decina di device attualmente in commercio. And they obviously submitted the problem to manufacturers before publishing their research. Not only are the protocols in question vulnerable, but it's no longer even necessary to be in close proximity to a patient to launch an attack: just by leveraging sophisticated equipment and directional antennas, distance no longer becomes an insurmountable obstacle.
How to Secure Wireless Pacemakers
Some of the countermeasures that could limit, or resolve, the discovered vulnerabilities include deliberately jamming the wireless channel when the device is in standby mode, sending a shutdown command so that the device enters sleep mode - thus not attackable from the outside - and adding standard symmetric key encryption authentication between the device and the programming system. The study, the researchers explain, should sound like a "wake-up call" so that, even in the medical-scientific sector, more attention is paid to the issue of security of the technologies adopted.