IoT in Reality
Four years ago the TV show Homeland jolted viewers when terrorists hacked into the Vice President’s pacemaker and delivered powerful electrical shocks, resulting in a fatal heart attack. Reality caught up with television this week as a cybersecurity research firm, MedSec, detailed how St. Jude Medical’s (STJ) pacemakers and defibrillators were vulnerable to cyberattacks. This time the victim isn’t a government official, but potentially a $25 billion pending deal between STJ and Abbott Laboratories, who announced the acquisition of STJ last April.
MedSec’s report details how STJ’s devices are vulnerable to a “crash” attack that causes cardiac devices’ pace to accelerate to a dangerous rate. They are also subject to a battery drain attack that results in the complete shutdown of the device. MedSec claims that these attacks are possible from 50 feet away are incredibly inexpensive and easy to execute. In fact, the main technology hackers need to penetrate the cardiac devices is available on Ebay for less than $35.
“False and misleading”
STJ has called the report “false and misleading” and claims that the devices have only a seven foot wireless communications range once inserted into a patient.
Whether STJ is underestimating the devices’ vulnerabilities remains to be seen, but what is clear is that it is possible to hack small medical devices implanted inside the human body. That is because the device is wirelessly connected, creating a vulnerable attack surface that can be exploited by hackers. Indeed, nothing connected to the Internet of Things (IoT) is immune to cyberattack or disruption.
A Cisco report predicts that 50 billion devices will be connected by 2020 and currently 70 percent of IoT devices use unencrypted network service.
Public safety concerns
The “things” that are connected to IoT are critical to the world’s infrastructure. Nuclear power plants, hydroelectric dams, automobiles, air traffic controls, and other technologies that our economy and safety depend on are deeply connected to the Internet and thus possess a broad attack surface.
Vulnerabilities are exacerbated when device manufactures fail to create the devices with basic security controls in mind and forgo security reviews.
Hackers that derail moving cars, flood a dam, and remotely control airplanes are quickly becoming things of reality, not just TV shows.
As our economy and businesses become more web integrated, awareness of IoT grows more crucial. At N2K’s upcoming Board and Executive Seminar, you can learn about the expanding attack surface from Chris Rezendes, Founder and Managing Director at IoT IMPACT LABS. Hear from Chris and other experts to increase your cyber literacy and knowledge of cybersecurity governance issues. Enroll today.