Personal information in the digital realm is always susceptible to malicious activity. Passwords can be stolen from a database, credit card numbers swiped at the point of sale; even the new American passports contain RFID chips which critics claim can be surreptitiously read. Now, even a pacemaker can be hacked from the outside.
Medical devices have long been equipped with radio monitoring capabilities, but as their sophistication has grown, little attention has been paid to issues of their security. That void was the driving idea behind an experiment to see if researchers could gain wireless access to a kind of pacemaker designed to be remotely adjustable. The device, called the Medtronic Maximo, is a combination pacemaker and defibrillator implanted with a radio that can be wireless monitored and fine-tuned by a patient’s doctor after implantation. Researchers from the University of Washington and University of Massachusetts discovered they could both assume control of the device—potentially causing bodily harm— and glean personal data from the signals.
The study hastens to point out that the equipment necessary to hack pacemakers is cost prohibitive (the hardware for this experiment cost more than $30,000—thank goodness) and needs to be within inches of the pacemaker to work. The results were meant to illustrate the device’s potential flaws but not to suggest these devices have an inherent danger.