The United States Food and Drug Administration (FDA) has issued a notice today to warn that a lot of pacemakers are vulnerable to hackers, the attackers can get full control of the devices.
The FDA specially said that they are aware of what the Merlin@home transmitters manufactured by St. Jude Medical can be hijacked by other hackers, once hacked, attackers can send various commands and can even develop shocks that can kill the patents.
These transmitters use a wireless Radio Frequency signals that connect to home monitors and doctors’ systems. They transmit data regarding the cardiac activity and upload the information to the Merlin.net Patient Care Network, where the information is can be closely inspected by physicians.
This is where hackers come in. They can intercept the signal and control the pacemakers. The FDA warns, that there’s a chance that this could put patients’ lives at stake.
“The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter,” the FDA says in the notice.
“The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
No attacks have been recorded so far, but the FDA says that St. Jude Medical has already developed a software patch, and all pacemakers need to be running it to be fully protected against the vulnerability. Available since January 9, the patch is automatically applied once the transmitter is plugged and connected to the Merlin.net network.