Hack Attacks Warning On Medical Implants

Security firms have warned hackers could use radio signals to attack pacemakers and other medical implants, potentially killing people.

Researchers from McAfee have shown they can take control of insulin pumps implanted inside diabetes patients, while scientists at the University of Massachussetts have shown they can use radio attacks to turn off defibrillators inside heart patients.

Hackers could kill

Implants such as pacemakers and insulin pumps, sit within patients and keep them alive. They are increasingly being given radio communications so they can be remotely controlled and updated, minimising the number of times they need to be accessed through surgery, and allowing information to be sent and received.

The problem is that the security on the radio link is breakable, and the implants’ operation can be remotely over-ridden.

Barnaby Jack, of Intel security subsidiary McAfee, has shown he can interfere with insulin pumps, by overriding their radio control. The pumps hold 300 units of insulin, enough for about 45 days, and are refilled by a syringe. Jack showed he could get the pumps to empty their reservoir completely in one go – which would cause very severe hypglycaemia (low blood sugar level). The pump has a vibrating alert when it is delivering insulin, and Jack managed to override this also, making the attack potentially deadly.

“We can influence any pump within a 300ft [91m] range,” Jack told the BBC. McAfee has previously announced products to secure embedded devices, which could include implants.

Attacks on surgical implants have been known about for some time. A group of researchers from the University of Massachussetts published a paper in 2008 dealing with attacks on implanted defibrillators, and ways to defend against them.  Defibrillators are switched on using a specific radio signal when they are implanted and a hacker that captured this signal could use it to switch the implant off.

These attacks are hard to block because implants are powered by batteries. Adding features such as encryption would increase their power demands and reduce the time they would remain working, so patients would have to undergo surgery sooner to replace the  batteries.

Think you know security? Test yourself with our quiz.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

View Comments

  • It would help if the devices were identified. I am not familiar with pumps that hold 45 days worth of insulin? Insulin should be kept cool, and the ones that I am familiar with only hold about 3 days.

  • Uh, 300 units over 45 days is only 6.66 units per day. That is about one eighth to one thirteenth of the normal amount of insulin required by adults over the course of a day. I take 70 to 80 units per day and have for years - and that's not uncommon for a type 1 diabetic.
    It's still a risk - I wouldn't want to get three days worth of insulin in a couple of minutes. That could make the rest of the day very rough at best!
    News writers should reality check their numbers - 6.6 units might be OK for an experimental animal, but not for adult humans.

  • Thanks for your comments.

    We are planning to talk directly to Barnaby Jack and will nail down what kind of pump he actually worked with.


  • Potentially, anything connected can be hacked.

    This is nothing more than propaganda to throw a dark cloud over "hacktivists".

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

2 days ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

3 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

3 days ago