A new study by WhiteScope concludes that pacemakers from four manufacturers contain security weaknesses that expose them to remote tampering.
Pacemakers run on radio frequency and health care providers can adjust them to assist patients with heart abnormalities without having to undergo surgery. However, according to the study, the programmers who are adjusting the pacemakers are not required to authenticate themselves when accessing the pacemaker, so anyone can reprogram the implanted device. There basically is no security that checks that the programmer is the right person to be adjusting the pacemaker.
The conclusion of the study is that “[A]ny pacemaker programmer can reprogram any pacemaker from the same manufacturer.” Therefore, an intruder who gains access to the device can tamper with the device by reprograming it.