Feeds

Boffins find 'scary radio attack'* against pacemakers

*Attack is actually 'very difficult in real world'

Beginner's guide to SSL certificates

It's a little difficult to credit as a discovery the fact that analogue receivers – whether they be on a bluetooth device or a pacemaker – are vulnerable to radio interference.

That, however, is what's going to be presented at an IEEE conference later this week. Here's an excerpt of a story from America's Institution of Engineering and Technology's E&T Magazine:

“The researchers tested cardiac defibrillators and pacemakers in open air to determine which radio waveforms could cause interference.

“Then they exposed the medical devices to those waveforms in a both a saline bath and a patient simulator.”

The video below gives this explanation at about 1:07:

“The researchers found that they could use radio interference to send false heartbeat signals to the devices in controlled lab conditions. Theoretically, a false signal could inhibit needed pacing, or cause unnecessary defibrillation shocks.

“Experiments show that this would be very difficult to do in real world conditions, however.” (Emphasis added).

Watch Video

This would be unexceptional, except that pretty much every outlet to cover the story runs with a long boilerplate generalising the “hacker threat” we all live under before finally admitting that right now, an exploit would be a bit of a challenge.

Since the pacemaker exists inside the body, it inherits a degree of shielding which means, as the researchers note, that the attacker would have to bring a malicious device within a few centimetres of the body.

Which is, of course, why phone makers like Apple have recommended for years that people with pacemakers exercise sensible caution. This Apple document, now six years old, is a handy example.

The researchers suggest "solutions to help the sensors ensure that the signals they're receiving are authentic. Software could 'ping' the cardiac tissue to determine whether the previous pulse came from the heart or from interference. If the source was not the heart, the software could raise a red flag."

This, at least is sensible, even without drawing a picture of an evil hacker on the wall. Since interference is well-known, if a pacemaker or defibrillator can filter out false alarms with a kind of feedback loop, that's a good thing.

The researchers also suggest shielding consumer devices against RFI because some signals can have odd effects – such as turning on microphones or sending false signals through the analogue interfaces. ®

Internet Security Threat Report 2014

More from The Register

next story
Renewable energy 'simply WON'T WORK': Top Google engineers
Windmills, solar, tidal - all a 'false hope', say Stanford PhDs
Bond villains lament as Wicked Lasers withdraw death ray
Want to arm that shark? Better get in there quick
The next big thing in medical science: POO TRANSPLANTS
Your brother's gonna die, kid, unless we can give him your, well ...
SEX BEAST SEALS may be egging each other on to ATTACK PENGUINS
Boffin: 'I think the behaviour is increasing in frequency'
NASA launches new climate model at SC14
75 days of supercomputing later ...
Britain's HUMAN DNA-strewing Moon mission rakes in £200k
3 days, and Kickstarter moves lander 37% nearer takeoff
Reuse the Force, Luke: SpaceX's Elon Musk reveals X-WING designs
And a floating carrier for recyclable rockets
Simon's says quantum computing will work
Boffins blast algorithm with half a dozen qubits
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?