Over 700,000 Pacemakers Discovered To Have A Cyber-Flaw

An update is already being released to fix the issue.
|

Over half a million people worldwide could potentially be open to ‘pacemaker hacking’ after a manufacturer has revealed, in an open letter, that their devices contained a software vulnerability.

While highly unlikely, it would be theoretically possible to remotely control the device’s functions.

Last week the Food and Drug Administration (FDA) in America, confirmed that 465,000 pacemakers were suffering cyber-security issues.

Open Image Modal
DieterMeyrl via Getty Images

Now the same producer, Abbott, have told the BBC there are a further 280,000 in other countries with the same problem, after they acquired the manufacturer ‘Jude Medical’ earlier this year.

Although they didn’t confirm whether this affected UK-devices or just elsewhere. 

The radio-frequency enabled pacemakers, which are surgically implanted into the chest to regulate an irregular heart rhythm, could theoretically be taken over by anyone within 50 feet of a patient.

By taking advantage of the flaw they could, and again this is just theoretical, cause the electrodes to pace too quickly or deplete the battery supply, causing it to stop.

Abbott are keen to stress that there have been no reports of this occurring.

In addition both the Department of Homeland Security and Abbot themselves have pointed out that not only would it require a highly complex set of circumstances for this take place, but that any person attempting to do it would require an almost professional level of skill.

Despite the risk being extremely low, patients are being advised to ask their doctor about an available update that will address the issues.

The pacemaker can receive the updated code wirelessly and the whole process takes about 3 minutes.

Any installed after 28 August will already come with the latest update pre-installed.

Matthew Green, a Professor at John Hopkins University and specialist in cryptography, tweeted: “This is all theoretical, I stress. But I saw no reason that you couldn’t harm or even kill every patient with an ICD in a matter of days.” 

“Now one hopes nobody would ever be enough of a psychopath to do this. But to threaten to do this to extort money? Sure.” 

To put this in context then, while it’s clearly a serious issue the circumstances needed for this to even be an issue are fantastically unlikely.

The fact the FDA aren’t taking immediate action as well should reassure any owners of the device.