Are hackers attacking medical implants?

Medical devices such as insulin pumps, defibrillators and brain stimulators are getting more and more connectivity.
As more and more patients receive implants to treat conditions ranging from diabetes and Parkinson’s disease to deafness and heart failure, implants are becoming more complex – and thus more wirelessly controllable.

This means that smartphones could soon be able to manage devices such as pacemakers and insulin pumps very easily and conveniently.
The therapy method from the field of functional neurosurgery is called deep brain stimulation (DBS). It involves sending electrical impulses to the brain to relieve symptoms of Parkinson’s disease, chronic pain, depression, tremors or other medical disorders.
Once these devices are connected to the Internet, they can give rise to threats known as “brainjacking.” If an attacker then succeeds in cracking a device’s previously inadequate security measures, he has several options for manipulating his victim’s implant. In this way, hackers are able to control a person’s behavior.

Since neurostimulators currently cannot provide reliable security, a secure communication channel between the device programmer and the neurostimulator must be established.
This can be achieved with a shared session key and symmetric encryption.
Two major challenges need to be addressed:
Generation of the session key.
Secure transmission of the session key to the other party.

It is also helpful to have a low transmission power, which can only be received when there is direct contact.

Author(s) Source
Geißler O Security Insider 30.01.2023 (german)
This is a post of a scientific or business information. The information given here is checked thoroughly by “Implant-Register”. However we can´t be responsible for the content. The content usually is shortened to make it understandable for many. Read the linked original text if you are interested. Contact the publisher, if you have questions. You may inform us about changes of the information to improve the Register.
Comments: n/a
let us know