The first pacemaker hacks emerged about a decade ago. But the latest variation on the terrifying theme depends not on manipulating radio commands, as many previous attacks have, but on malware installed directly on an implanted pacemaker.

For nearly two years, researchers Billy Rios of the security firm Whitescope and Jonathan Butts of QED Secure Solutions have gone back and forth with pacemaker manufacturer Medtronic, which makes Carelink 2090 pacemaker programmers and other relevant equipment that the researchers say contain potentially life-threatening vulnerabilities. The Department of Homeland Security and the Food and Drug Administration have gotten involved as well. And while Medtronic has remediated some of the issues the researchers discovered, Rios and Butts say that too much remains unresolved, and that the risk remains very real for pacemaker patients. The pair will walk through their findings Thursday at the Black Hat security conference.

Rios and Butts say that they've discovered a chain of vulnerabilities in Medtronic's infrastructure that an attacker could exploit to control implanted pacemakers remotely, deliver shocks patients don't need or withhold ones they do, and cause real harm.

"The time period Medtronic spent discussing this with us, if they had just put that time into making a fix they could have solved a lot of these issues," Butts says. "Now we’re two years down the road and there are patients still susceptible to this risk of altering therapy, which means we could do a shock when we wanted to or we could deny shocks from happening. It’s very frustrating."

'We were talking about bringing a live pig because we have an app where you could kill it from your iPhone remotely.' Jonathan Butts, QED Secure Solutions

Rios and Butts originally disclosed bugs they had discovered in Medtronic's software delivery network, a platform that doesn't communicate directly with pacemakers, but rather brings updates to supporting equipment like home monitors and pacemaker programmers, which health care professionals use to tune implanted pacemakers. Since the software delivery network is a proprietary cloud infrastructure, it would have been illegal for Butts and Rios to knowingly break into the system to confirm the authentication issues and lack of integrity checks they suspected. So they instead created a proof of concept that the vulnerabilities existed by mapping the platform from the outside, and creating their own replica environment to test on.

Medtronic took 10 months to vet the submission, at which point it opted not to take action to secure the network. "Medtronic has assessed the vulnerabilities per our internal process," the company wrote in February. "These findings revealed no new potential safety risks based on the existing product security risk assessment. The risks are controlled, and residual risk is acceptable." The company did acknowledge to the Minnesota Star Tribune in March that it took too long to assess Rios and Butts' findings.

That didn't allay the researchers' initial concerns. But unable to fully vet the proprietary cloud infrastructure, they moved on to investigating other aspects of the Medtronic system, buying some of the company equipment from medical supply distributors and third-party resellers to tinker with directly. At Black Hat, Rios and Butts will demonstrate a series of vulnerabilities in how pacemaker programmers connect to Medtronic's software delivery network. The attack also capitalizes on a lack of "digital code signing"—a way of cryptographically validating the legitimacy and integrity of software—to install tainted updates that let an attacker control the programmers, and then spread to implanted pacemakers.

"If you just code sign, all these issues go away, but for some reason they refuse to do that," Rios says. "We’ve proven that a competitor actually has these mitigations in place already. They make pacemakers as well, their programmer literally uses the same operating system [as Medtronic's], and they have implemented code signing. So that’s what we recommend for Medtronic and we gave that data to the FDA." The programmers run the Windows XP operating system. (Yes, Windows XP.)

"All devices carry some associated risk, and, like the regulators, we continuously strive to balance the risks against the benefits our devices provide," Medtronic spokesperson Erika Winkels told WIRED in a statement. "Medtronic deploys a robust, coordinated disclosure process and takes seriously all potential cybersecurity vulnerabilities in our products and systems. ... In the past, WhiteScope, LLC has identified potential vulnerabilities which we have assessed independently and also issued related notifications, and we are not aware of any additional vulnerabilities they have identified at this time."