Security flaws found in heart device sensors

Security vulnerabilities in sensors found in heart devices like defibrillators and pacemakers mean the devices can be tampered with, U.S. researchers said. In experiments in simulated human models, an international team of researchers including scientists at the University of Michigan and the University of South Carolina demonstrated they could "forge" an erratic heartbeat with radio frequency electromagnetic waves. Theoretically, a false signal like the one created could interfere with the normal operation of defibrillators and pacemakers, they said. Implantable defibrillators monitor the heart for irregular beating and, when necessary, administer electric shocks to bring it back into normal rhythm. Pacemakers use electrical pulses to keep the heart in pace continuously. Both rely on accurate monitoring of the heart rate. The researchers emphasized their study was conducted in controlled laboratory conditions and they know of no case in which a hacker has corrupted an implanted cardiac device. Doing so in the real world would be extremely difficult, they said. "Security is often an arms race with adversaries," computer science and engineering Professor Wenyuan Xu at the University of South Carolina said. "As researchers, it's our responsibility to always challenge the common practice and find defenses for vulnerabilities that could be exploited before unfortunate incidents happen. "We hope our research findings can help to enhance the security of sensing systems that will emerge for years to come." Beyond medical devices, similar sensors are also used in microphones in Bluetooth headsets and computers for web-based phone calls, and the researchers discovered they showed vulnerabilities too. "We found that these analog devices generally trust what they receive from their sensors, and that path is weak and could be exploited," University of Michigan postdoctoral researcher Denis Foo Kune said.