Barnaby Jack Could Hack Your Pacemaker and Make Your Heart Explode
VICE: Hi Barnaby. So, why did you decide to reverse engineer the pacemaker?
Barnaby Jack: I was intrigued by the fact that these critical life devices communicate wirelessly. I decided to look at pacemakers and ICDs (implantable cardioverter defibrillators) to see if they communicated securely and if it would be possible for an attacker to remotely control these devices.
And you found it was possible?
Yeah, the software I developed allows the shutting off of the pacemaker or ICD, reading and writing to the memory of the device, and in the case of ICDs it allows the delivering of a high voltage shock of up to 830 volts. I wanted to look at these devices with the aim of demonstrating and raising awareness of the issues I found, then hopefully spark the manufacturers into implementing a more secure design.
Is it difficult to hack into these devices?
It does take a specialized skill, but with more and more security researchers concentrating on embedded devices, the skill set required is becoming more common. It probably took me around six months, from reverse engineering and finding the flaws through to developing software to exploit the vulnerabilities.
If, say, a government official used a pacemaker, would they be vulnerable to assassination from hackers, like in that episode of Homeland? Or do they use better defended devices?
I wouldn’t feel comfortable speculating about such a scenario, but as far as I’m aware there are no differences in the implantable devices issued to officials as there are to the general public.