We’ve spent the two dozen years putting computers in everything from our bodies to our cars. Now those devices increasingly have wireless connections to the outside world. Throw in a little lax security and the whole world becomes hackable.
Hospital equipment like external defibrillators and fetal monitors can at least be picked up, taken apart, or carted away. Implanted devices — equipment surgically implanted into the body — are vastly more difficult to remove but not all that much harder to attack.
You don’t even have to know anything about medical devices’ software to attack them remotely, Fu says. You simply have to call them repeatedly, waking them up so many times that they exhaust their batteries-a medical version of the online “denial of service” attack, in which botnets overwhelm Web sites with millions of phony messages. On a more complex level, pacemaker-subverter Barnaby Jack has been developing Electric Feel, software that scans for medical devices in crowds, compromising all within range. Although Jack emphasizes that Electric Feel “was created for research purposes, in the wrong hands it could have deadly consequences.” (A General Accounting Office report noted in August that Uncle Sam had never systematically analyzed medical devices for their hackability, and recommended that the F.D.A. take action.)