How dangerous is the pacemaker hack?

Despite the snarky headlines, you're not going to be able to create a zombie army with this hack.

Medtronic Maximo pacemaker-defibrillatorNot very.

Despite the snarky headlines, you're not going to be able to create a zombie army with this hack.

As our own Chris Soghoian notes, many newer pacemakers give off signals which can be read up to 5 meters away. That's a Bluetooth distance, and the "up to" is important.

If you've ever had a Bluetooth phone or a low-power WiFi set-up, you know that signals degrade rapidly over distance. Interior walls degrade signals further.

So you have to get close to the victim in order to initiate an attack. And the nature of the attack is a threat. You're literally holding a gun to their head. That's a major felony, first time out of the box.

The University of Massachusetts-Amherst team which came up with the hack will discuss it at the IEEE Symposium on Security and Privacy "Attacks" session in Oakland, Calif., in May, and I really doubt they'll get a lot of live coverage.

The paper is already online (PDF) and the same team has also written on improving security for these devices (PDF).

In the team's test, a shock hot enough to kill was generated in a Medtronic Maximo pacemaker (above), and data was captured from two feet away with $30,000 worth of equipment and enough grad students to hack the Pentagon.

The more generic point is that any wireless Internet connection can in theory be hacked. It's a point the same team has previously made regarding RFID chips used in transit cards.

All of which means that any wireless Internet connection needs security. It's an overhead, and it leads to a virtual arms race, but we've been dealing with that threat on the Internet for decades and will continue to.

What I've called the World of Always On, wireless applications which live in the air, sensors and motes reporting via WiFi to routers and the Internet, will require security and audit trails before it hits the mass market.

But you can't use this knowledge to hack into Dick Cheney's pacemaker and force him to undo his work as Vice President, or even make him smile.