October 19th, 2013
Was Dick Cheney’s ICD Vulnerable to Hacking?
Larry Husten, PHD
It happened in Homeland. Could it happen in real life?
In a 60 Minutes segment, Dick Cheney says that his doctors turned off the wireless function of his implanted cardioverter-defibrillator (ICD) “in case a terrorist tried to send his heart a fatal shock,” according to the Associated Press.
Years later, Cheney watched an episode of the Showtime series Homeland, in which such a scenario was part of the plot.
“I found it credible,” Cheney tells 60 Minutes in a segment to be aired Sunday. “I know from the experience we had, and the necessity for adjusting my own device, that it was an accurate portrayal of what was possible.”
I asked three experienced electrophysiologists — the cardiologists who implant ICDs — whether this was a realistic concern. The short answer is that this has never happened in the real world but that it’s impossible to rule out the possibility. So perhaps Cheney and his doctors weren’t paranoid, just excessively careful.
John Mandrola is a cardiac electrophysiologist practicing in Louisville, Kentucky:
The Homeland conclusion last year was fictional because right now at least, you cannot change programming of an ICD ‘remotely.’ In that episode, terrorists deactivated the ICD, then induced VT/VF. They did an EP study but didn’t bring the patient back. [Editor’s note: During an EP study a patient’s heart is intentionally stopped and then restarted. This is a typical example of electrophysiology humor.]
‘Remotely’ is different than ‘wirelessly.’ In the office, you can make wireless contact with an ICD once a wand is waved over it, and you stay in close contact — a few feet, I think.
It’s probably not long before remote programming is possible. Then, such security may be an issue.
Edward J Schloss is the Medical Director of Cardiac Electrophysiology at The Christ Hospital in Cincinnati, Ohio:
In order to reprogram a modern ICD, we need to place a telemetry wand directly over the device to establish communication. After that we can continue to to communicate with the device (including reprogramming) as long as we are in close proximity (~30 feet, I think). We can’t reprogram an ICD from a longer distance than that….
I am not intimately familiar with the mechanisms of ICD telemetry when it comes to hackery. I would not exclude the possibility that someone with a lot of resources and technical knowhow could develop a technique for remote reprogramming. I just know that with currently available hardware, I could not do it unless I was able to get in close proximity to the device.
If I were the vice president, I would probably want to work with industry to minimize my risk.
Westby Fisher practices at NorthShore University HealthSystem in Evanston, IL and is a Clinical Associate Professor of Medicine at the University of Chicago’s Pritzker School of Medicine:
Daniel Halperin with William Maisel, MD, and colleagues set out to hack a Medtronic ICD and did in a paper published in 2008 in IEEE.
They were within 4 inches of the device and reverse-engineered the telemetry protocol. Their point: data are not encoded. This since has been changed, but devices that once used electromagnetic coupling have been “upgraded” to radio waves in the medical frequency (400-405 MHz). Though no device has ever been hacked with the new technology to my knowledge, the new technology offers potential opportunities IF an electromagnetic handshake first weren’t required, like it is now.
Cheney’s paranoia was a bit excessive, but then again, who knows in the world of espionage…
Here’s a highly detailed blog post about the Homeland episode from the perspective of computer security experts.
Read “Ripples in Opperman’s Pond” (Amazon) in which the bad guys reprogram an ICD to deliver repeated shocks that kill one of the good guys, exactly as Cheney was concerned about.