Remote Pacemaker Attacks Possible From 30 Feet Or Less

Pacemakers and implantable cardioverter-defibrillators (ICDs) contain a "secret function" that can be activated within 30 feet of a transmitted, according to one researcher.

Security bad boy Barnaby Jack, once again a researcher at IOActive, told the BreakPoint security conference in Melbourne, Australia, today that the secret function would return model and serial numbers. This, he said, could be used to obtain usernames and passwords from the manufacturer's server. It could also be used to update the firmware.

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,” Jack told SC Magazine.

Additionally, Jack said he could deliver deadly electric shocks to pacemakers within 30 feet. “With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop," he is quoted as saying.