Dick Cheney revealed a series of security precautions he had to undertake to minimize the risk of a "digital assassination" by terrorists. The topic has has covered the security vulnerabilities associated with wireless pacemaker and defibrillator systems.
Throughout his life, Dick Cheney has suffered from heart disease. At 37, he experienced his first heart attack. Over the next 40 years, that incident was followed by four more heart attacks. At age 71, he received a heart transplant.
In 2007, Cheney was implanted with a defibrillator. This device is designed to detect irregular heartbeats and correct them through a series of electrical jolts.
Since implantable defibrillators and pacemakers are difficult to access without surgery, many manufacturers include a wireless mode to allow for programming. With this wireless mode, physicians and other healthcare professionals can download patient health data, device information, battery usage and other statistics. In addition, this wireless mode can be used to reprogram implanted defibrillators / pacemakers.
Since these are life saving devices, it's critical for physicians to have rapid access to them. For example, if a person with an implanted defibrillator / pacemaker is on vacation and has a heart attack, the physician who sees him or her must be able to access the programming for the defibrillator / pacemaker as quickly as possible. Because of this, putting a password or other security code in the device could make it difficult for patients to receive life-saving treatment.
In Homeland, an American TV show, one of the characters is assassinated by hackers who target an implanted medical device. On 60 Minutes, Dick Cheney responded to questions over this potential attack vector.
"I found it credible," states Cheney. "I know from the experience we had, and the necessity for adjusting my own device, that it was an accurate portrayal of what was possible."
For Cheney, the risk of a digital assassination outweighed the need for rapid access to his defibrillator. Based on these options, Cheney decided to turn off the wireless capabilities for his defibrillator. In an emergency, physicians would not be able to perform some life saving actions since the defibrillator wireless capabilities are turned off. However, Cheney will be safe from hackers and other adversaries that utilize advanced attack vectors.
While putting a password on these implanted devices is not feasible, there are some potential ways to lock down implanted pacemakers and defibrillators. Since most proposed attacks would take place from a distance, researchers believe that using a patient's heartbeat signature as a password could offer an adequate level of security.
Using a heartbeat signature password, pacemakers and other devices would only unlock when "fed back" an individual's heartbeat in real time. Since an adversary operating from a distance wouldn't have access to this information. it could help reduce the risk of attacks. In addition, a system that uses a patient's real time heartbeat as a password would ensure that physicians could access implanted medical devices quickly and easily.