Implantable Medical Devices (IMDs) are without a doubt a Godsend for so many people out there, but a team of researchers from Leuven, Belgium, and Birmingham, UK, has just demonstrated that hacking into these devices is a piece of cake, even for cybercriminals without advanced skills.

And it goes without saying that once they break into a smart heart device, they have its full control, and can even kill the host with the press of a button.

Specifically, the researchers explain in a paper called “On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them” that all these smart heart devices rely on a proprietary wireless communication system, in most of the cases a long-range RF channel, that can be compromised by hackers without even being anywhere around them.

Once they intercept the wireless connection between the monitors and the implanted devices, hackers can launch various attacks, including reverse engineering and DDoS attacks, to compromise the security systems (if any) and take control of the device.

No security at all

And what’s worse is that most of the popular IMDs have very weak or no security at all, which makes them easy to hack even by hackers who don’t have advanced technology or skills to do it.

“We want to emphasise that reverse-engineering was possible by only using a black-box approach. Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs,” the research shows.

Researchers launched two different types of attacks, one of which was specifically supposed to show that an attacker who manages to break into the IDM has full control of its functions.

“Our first attack consisted on keeping the ICD alive while the ICD is in ‘standby’ mode by repeatedly sending a message over the long-range communication channel. The goal of this attack was to drain the ICD’s battery life, or to enlarge this time window to send the necessary malicious messages to compromise the patient’s safety,” the research shows.

In order to deal with these risks, researchers explain that jamming the signal is the only effective solution in the short term, but in the long term, a standby mode after the communication ends is the best way to remain secure.