Home / Blog / Embedded Medical Devices: “A hacker’s playground?”

Embedded Medical Devices: “A hacker’s playground?”

If you watch the series Homeland, you’ll undoubtedly remember that, last season, the vice president of the United States was assassinated when the bad guys acquired the serial number of his pacemaker and caused it to malfunction. (I guess I should have put a spoiler alert in there, but I’m guessing that, if you’re a Homeland fan, you definitely saw the episode.)

While it all seems very futuristic, that future is now, as I was reminded when I saw an article on embedded.com entitled “Implanted medical devices: a hacker’s playground?”

The author – José Fernández Villaseñoris both a medical doctor and an electrical engineer who works for Freescale, so his perspective is an interesting one.

He relates a story of a hacker who happened to be a diabetic who relied on an insulin pump. Concerned that the device was vulnerable to a malicious hack, he wanted to let the medical and medical device community know that they need to pay more attention to device security.  If a “good” hacker can make his way into a device and start playing with it, a “bad” hacker can, too.  As Fernández Villaseñor writes:

Security is one of the major challenges the healthcare market will face as people’s lives depend on safe and reliable products and services. Little by little, people have grown to accept the idea of wearing devices designed to monitor certain vitals: sport watches, monitoring bracelets, heart rate monitors, activity monitors. These tools offer valuable information, but would not harm an individual if they were to malfunction.

As embedded medical devices become more prevalent, and more sophisticated, the stakes will just   keep getting higher and higher, and security will become more and more of a concern.

From Critical Link’s perspective, we see semiconductor manufacturers preparing for this by offering more and more security type features in their processor ICs. Of course, medical device manufacturers need these features and functions to be in place before OEMs can implement (at least hardware based or assisted) security features. So, it’s a good thing we see the infrastructure being built up so that the security of future medical devices can be improved.