It may sound like the plot of a modern thriller movie, but security researchers say many medical implants are vulnerable to cyber attacks that could endanger their users’ lives.
An increasing number of patients are being fitted with devices such as pacemakers and insulin pumps to manage chronic conditions.
An expert has now warned hackers could gain remote control of such implants because they rely on unprotected wireless links to update them.
After gaining access to the device, a cyber criminal could then switch it off or tell it to deliver a dangerous dose of medicine to the patient, potentially killing them.
Researchers said although there hadn’t been any known attacks to date, far more work is needed to protect implants from malicious actions.
Barnaby Jack, an analyst at security firm McAfee, has revealed how he was able to hijack a well-known make of insulin pump within two weeks by hacking its radio signals using a small antenna. He was also able to disable security alerts that warn the user something is awry.
He told the BBC: ‘We can influence any pump within a 300ft range.
‘We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number.’
An ordinary insulin dose would be five to 10 units after a meal to regulate blood sugar. An entire cartridge would therefore spell deep trouble for the patient.
One problem medical firms face is that the devices can’t be updated at present without being recalled, unlike laptops or mobiles that regularly receive security updates.
‘These are computers that are just as exploitable as your PC or Mac, but they’re not looked at as often,’ Mr Jack told Bloomberg last month.
‘When you actually look at these devices, the security vulnerabilities are quite shocking.’