Never mind the web gossip: pacemakers connected to the internet can really improve quality of life for their users.
Recently, the cardiac pacemaker became the latest device to get an internet connection. Modern pacemakers are remarkable, performing with a reliability that should make most PC software vendors blush. Like other implantable medical devices (IMDs), they are programmable by wireless (but not WiFi) link, with a nominal range of a few metres. Communication is bidirectional and the devices log erratic behaviour to assist in diagnosis and fine-tuning.
So, the addition of a remote link via the internet is hardly surprising, and it has benefits. The patient's data is sent automatically on a daily basis to their cardiologist. This greatly simplifies patient care and can improve quality of life significantly.
Despite over-zealous press reports, the device doesn't have a direct connection. A monitoring station in the home communicates with the pacemaker and uploads data to medical staff via the internet. The suppliers of the system were cagey about implementation details, but they certainly seem to follow reasonable industry practice, going by the information they would release to me.
This would be innocuous if it weren't for research in 2008 that showed how pacemaker communication could be intercepted and spoofed by a malicious attacker. In a good paper (http://www.secure-medicine.org/icd-study/icd-study.pdf), a group of researchers reverse-engineered the communications protocol for a pacemaker and showed how it could be hijacked to perform potentially fatal actions. They also showed how cryptographic protection could be applied to mitigate such attacks.
This is where you're expecting me to launch into an attack on the pacemaker vendors – about how dumb they are and why such devices should never be on the web. Well, sorry to disappoint…
People with pacemakers often need them to survive, and it's safe to say that a malfunctioning device could be fatal. Indeed, there was a noticeable increase in failure rate in the 1990s, when pacemakers became more sophisticated. Current US failure rates are impressive: 0.4 per cent failures and 61 deaths (0.003 per cent) caused by faulty devices between 1992 and 2002. Better remote monitoring could improve things; many malfunctioning devices were only picked up during routine follow-ups, so daily remote monitoring could improve the detection rate. Any increase in complexity needs to be balanced against increased risk of errors.
But what about attacks? It would be technically possible to attack a pacemaker remotely. The practicalities are complex: you'd need to know your target had a pacemaker, then you'd need to reverse-engineer the comms and then get close enough to mount the attack. There are simpler and more reliable methods of killing. I suspect this plotline will turn up in an episode of CSI soon, but I doubt if it's a major risk for pacemaker users.
What has been ignored by most criticism of these systems on the internet is the availability risk that strong authentication and encryption would introduce. How would you guarantee that emergency personnel had access to your pacemaker when necessary? Which is more likely, some criminal deciding to hack your pacemaker, or device malfunction and hospital staff unable to do anything because the keys are inaccessible?
What I find offensive about much of the discussion on the internet is the disdain shown to the medical community. We know best, of course, as computer security people. It was the same after 9/11: if only those counterterrorism types had done as we had said, it would all have been OK.
Well, risk assessment for medics tends to focus on quality of life and survival of the patient. As the grateful recipient of a significant amount of NHS medical care, I have a great deal of respect for their risk management abilities (and more than a passing admiration for many of Southampton's nurses).
I'll tell you one thing: if they had a failure rate approaching that of the typical computer security systems I use every day, you wouldn't get me anywhere near a hospital.