Will smartphones become the next murder weapon?

It is not a farfetched notion – hackers with smartphones able to manipulate medical devices that people may depend on for their very lives.

This past October, an obscure presentation was given by a researcher for a Seattle-based computer security firm, IOActive, outlining how implanted devices, such as pacemakers and implantable cardioverter-defibrillators (ICDs) may one day be exploited. The presentation was given by a man named Barnaby Jack. His job is to find security weakness.

Last year, he demonstrated how he could wirelessly connect to an implantable insulin pump and direct it to release a lethal dose of insulin. A year prior, he hacked into an ATM and made it regurgitate bills as if you won the jackpot.

Now, medical devices are entering the world of apps. From prosthetic limbs, to all manner of implantable devices, companies are developing apps to help patients and their doctors monitor all sorts of medical telemetry. The benefits are obvious as it would also provide a shortened response time if something goes wrong. With the convenience of being able to manage such devices through intuitive and simple interfaces on a smartphone, there is also a grave risk.

“Has there ever been a box connected to the internet that people haven’t tried to break into?”

Like any app or smartphone, and by extension, smart-medical device, there is eventually a connection to the internet. Like every connection to the internet there is a perceived risk. When asked if he thought if anyone might really try to screw around with other people’s medical devices, Barnaby responded, “Has there ever been a box connected to the internet that people haven’t tried to break into?” That pretty much sums it up. 

While he does not want to make exact predictions, Barnaby makes it pretty clear that people will not embrace new technology if it turns out to be open season for those with dubious motives. The scope of possibility is not limited to medical devices. Automobiles have over 100 different types of computers in them.

“We live in a reactive society and something bad has to happen before we take problems seriously.”

Chief Technical Officer of McAfee, Stuart McClure, points out that medical devices are engineered for safety, not security. The reality is, “we live in a reactive society and something bad has to happen before we take problems seriously,” says McClure. What is even less comforting is that it will take more than one unfortunate soul before people start to pay attention.

Today, for all intents and purposes, it is not practical, and therefore it is somewhat remote that there is any high-threat level. However, technology always gets easier to use over time, and that means consumers, patients, doctors and developers will have to approach most products with a bit of diligence on the IT security side of the house. In 10 years, the landscape will have changed enough where just about everything will be wirelessly connected to something for some reason.