Skip to main content
  1. Home
  2. Computing
  3. News

“Fatal” security bugs discovered in defibrillators and medical implants

By

1124645 autosave v1 pacemaker heart
Sunzi99/Wikimedia Commons
A team of researchers found several potentially “fatal” security flaws in 10 different medical implants.

Researchers at the University of Birmingham in the U.K. and the University of Leuven in Belgium discovered vulnerabilities in the software and signals that communicate with implant devices. The software is used to update the devices or gather data readings on a patient.

Recommended Videos

By tinkering with the bugs, the researchers were able to change the settings on the devices and in some cases shut them down entirely as well as steal sensitive medical data about the patient.

Please enable Javascript to view this content

The device manufacturer name has not been disclosed but researchers said the bugs have since been patched by the maker before the research paper was made public. The researchers only studied one manufacturer but added that its products are widely used by healthcare professionals.

The remote software for medical devices like pacemakers helps doctors manage a patient’s condition and make sure they are working properly. However, the researchers were able to reverse-engineer the software and the signal it sends to eavesdrop on the communications and alter its commands.

According to the paper, the reverse engineering was carried out using “inexpensive Commercial Off-The-Shelf (COTS) equipment”.

“We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices,” they wrote. However, a hypothetical attacker, in most cases, would need to have their equipment within five meters of the actual devices to pull most of these attacks off, the research noted.

In one example, an attacker would be able to collect sensitive data readings about the patient and change the commands for a device like pacemakers to disable certain functions or deliver an unneeded shock to the person, which could be fatal.

In another attack, the researchers were able to keep an Implantable Cardioverter Defibrillator (ICD) turned on despite “standby mode” being selected. This would drain the battery much quicker than usual, putting the patient at risk.

It was even possible, the authors claimed, to conduct denial of service attacks using a flawed implanted defibrillator.

“It is clear that the consequences of all these attacks can be severe for patients,” wrote the authors.

Previous studies have suggested that it was possible to infiltrate the communications between medical equipment and their software. In October, hackers showed how it was possible to break into insulin pumps and alter the dosage. The findings led manufacturer Johnson & Johnson to issue a warning to patients.

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
LG’s new Gram Pro finally looks like a serious MacBook Pro rival
An LG Gram laptop on a table.

Just ahead of CES, LG has announced a refresh to its Gram Pro lineup, as well as launched a budget-friendly Gram Book. The tweaked Gram Pro laptops are the most exciting, though, with the the LG Gram Pro 17 catching my eye.

First off, it's been thinned out a bit, dropping down to 0.62 inches thick, which is almost the same thickness as the 16-inch MacBook Pro. The LG Gram Pro 17 is also a full pound and a half lighter than the MacBook Pro, both of which are striving to be one of the best laptops you can buy.

Read more
Nvidia’s new GPUs show up in prebuilts, but the RTX 5090 is missing
iBUYPOWER RTX for AI PCs side view of pre-built on sale hero

Nvidia's upcoming RTX 5080 and RTX 5070 Ti just appeared in several iBUYPOWER gaming PCs. This is the first U.S. retailer to list Nvidia's RTX 50-series in prebuilt systems. The listings are interesting, with performance figures that really don't add up. Still, the biggest question is: Where's the GPU that's bound to beat all the current best graphics cards? Yes, we're talking about RTX 5090.

The listings have already been taken down, but they were preserved by VideoCardz. A total of five systems were listed by iBUYPOWER, but they all contained the same two GPUs -- either the RTX 5080 or the RTX 5070 Ti. Both cards are said to come with 16GB of memory, and we expect them to be announced on January 6 during the CES 2025 keynote held by Nvidia's CEO, Jensen Huang.

Read more
OLED gaming monitors are about to get a lot brighter
Path of Exile 2 running on an Asus gaming monitor.

One of the biggest criticisms leveled against OLED monitors, despite being some of the best gaming monitors you can buy, is how dim they are. Although brightness is steadily increasing, it looks like the next crop of OLED gaming monitors will make quite the leap when it comes to HDR performance. Ahead of CES 2025, VESA has revealed a new tier of its DisplayHDR standard that's focused squarely on the brightness of OLED monitors.

The certification is DisplayHDR True Black 1,000. Most OLED gaming monitors, such as the MSI MPG 321URX or Alienware 27 QD-OLED, are certified with DisplayHDR True Black 400. This certification level is reserved for OLED -- or extremely high-end mini-LED -- displays that achieve nearly perfect black levels. According to VESA's specifications, the display has to reach 0.0005 nits with a checkboard pattern. Now, VESA is focusing on the other end of the spectrum, adding a more demanding tier that maintains those low black levels while pushing brightness higher.

Read more