WhiteScope, an independent provider of cyber security services and training, has just released research that shows that pacemaker programmers, from four major manufacturers, have 8,000 bugs that leave them vulnerable to hacking.
The pacemaker programmers are the devices which monitor and adjust the pacemaker. They did not disclose which pacemakers are specifically vulnerable nor did they specify the bugs. However, their investigation also found some other major problems. Particularly, that they were able to go online and purchase certain pacemaker programmers, off of sites such as eBay.
This is not supposed to happen and should be controlled by the manufacturers. Amongst other things, the reason this is a major risk is that the pacemakers don’t authenticate their programmers, meaning any programmer purchased off of the internet could interfere with a matching pacemaker.
As if all of this wasn’t worrying enough, it was also found that doctors did not need to authenticate themselves when logging onto the pacemaker programmers. Which means that anyone could log on and tamper with the programmer without the doctor knowing, which in turn might affect how the programmer might behave when it was next used on a pacemaker.
Not long after the global WannaCry ransomware attack the idea of hackers getting into something that may literally be keeping you alive is terrifying.