The group was able to connect to devices, obtain patient information and cause them to shut down.
"Our investigation shows that an implantable cardioverter defibrillator is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry," the researchers wrote.
"The devices may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered.
"When these systems include wireless computing devices, additional precautions are necessary to ensure that the computing devices appropriately balance safety with convenience and do not introduce unacceptable risks."
The researchers recommended that device manufacturers implement basic systems that can alert patients and require authentication for a connection without consuming too much power.
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
