Researchers have successfully launched attacks against common heart pacemakers.
A group from the Medical Device Security Center was able to use a specially-crafted radio transmitter to link to and launch attacks against pacemaker and defibrillator devices used to regulate heart activity.

The group was able to connect to devices, obtain patient information and cause them to shut down.

"Our investigation shows that an implantable cardioverter defibrillator is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry," the researchers wrote.

"The devices may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered.

"When these systems include wireless computing devices, additional precautions are necessary to ensure that the computing devices appropriately balance safety with convenience and do not introduce unacceptable risks."

The researchers recommended that device manufacturers implement basic systems that can alert patients and require authentication for a connection without consuming too much power.

• Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses (PDF)