Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers.
The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients.
Feasible vulnerabilities:
- Absence of memory and encryption:
In such embedded devices there is a lack to support proper cryptographic encryption.
Conventional cryptography suites are designed for computers, and involve complex mathematical operations which are beyond the power of small, cheap IoT devices.
2. Improper authentication can be used to compromise or bypass allowing a nearby attacker to issue commands to drain the battery.
3. Remote monitoring versus security
Remote monitoring is a life-saving technology for patients with these devices since its software can be smoothly updated by doctors.
Unfortunately, this remote control feature creates a whole new type of vulnerability. Any doctor can remotely update your software and the same can be exploited by hackers too.