Implanted Medical Devices: Saving Our Lives, Tempting Computer Hackers

Global Security Advisor and Futurist

Medical devices like pacemakers and insulin pumps will save many lives, but they also represent an opportunity to computer hackers who would use the Internet to cause havoc. Former futurist-in-residence at the FBI, Marc Goodman says it is easy to take for granted how connected we've already become to the Internet. Most American adults keep their phones within arm's reach all day, and keep their devices on their nightstand while they sleep — and forget about actually remembering people's phone numbers. That is a job we have outsourced to machines.

In this sense, says Goodman, we are already cyborgs. But digital devices connected to the Internet will continue to move inside our bodies, just as pacemakers and insulin pumps have. In his interview, Goodman discusses cases of computer hackers taking advantage of these devices' connectivity to show how vulnerable we could soon become to their potentially destructive wishes. In one case, a hacker demonstrated he could release several weeks of insulin into a diabetic's body, certain to cause a diabetic coma and death. In another, hackers induced epileptic seizures by hacking the Epilepsy Foundation's webpage.

At bottom is the Internet of Things, a increasingly connected web of devices that will make our lives simpler and more efficient, but this network will also make us vulnerable in ways that are difficult to detect, let alone prevent. Goodman's message is not that we need to constantly fear a new world of better health and convenience, but that we need to be aware of technology's pitfalls in life.

  • Transcript


Marc Goodman:  A subset of the Internet of things is a whole category of medical devices. We have wearables, things like the Fitbit. We have embeddables. We have implantables. Things like diabetic pumps for example. Internet enabled defibrillators implanted in our chests. So implantable defibrillators, pacemakers and the like. We have brain-computer interface. And now we’re even creating pills that are Internet enabled so that you can swallow a pill and it goes into your stomach. The pill’s computer is powered by your stomach acid, and it can control the release of medicine: how much medicine is released over a time. So we are slowly but surely becoming cyborgs. I know it sounds like science fiction but if you think about it, most people are walking around with their cell phone in their pocket or in their hand 24/7. When people go to sleep they put it on their nightstand. So slowly but surely computers are replacing our own cognitive abilities to an extent. When I was younger I used to know by memory the phone numbers of all of my friends because there were no cell phones with all these little address books.

Today we just automatically dump that data into our cell phone and just call it up on demand. The same with our address book and the like. So the cell phone, though currently outside of our body, means that’s kind of the first step towards us theoretically becoming cyborgs. The next step of course will be implanting these devices into us. There are people, several researchers including one out of Cambridge in the UK that have implanted RFID chips underneath their skin for years. These people are called body modders and they will go out there and use those RFID chips to open up the security door in their office place, to pay for goods and services. So you can actually do that now. So there’s a whole movement of people who are quite interested.

It’s sort of underground these days. If you – it’s sort of the next generation of piercing. There’s a whole community around piercing and tattooing. And the next generation of that is to implant these computer devices in our skin, under our skin that give us new forms of senses. For example magnets. A whole movement of people put magnets under their skin and they have now created a sixth sense that the rest of us don’t have which is that they can actually explore magnetism in our environment. So for the more computers that we put in there’s no special exemption for medical devices that makes them unhackable. In fact medical devices are entirely hackable.

Going back four or five years the Medtronic pacemaker, the automatic defibrillator was proven by the University of Massachusetts at Amherst to be hackable, where remotely you could go ahead and deliver a shock to somebody's heart — to somebody’s perfectly functioning heart. A shock that would cause a well-functioning heart to go into cardiac arrest. The Defcon and Black Cat conferences are hacker conferences in Las Vegas. We’ve had hackers on stage exploit these devices. One famously done with a Bluetooth, basically a Bluetooth extender that could allow somebody from a distance of a few hundred feet find people who had diabetic pumps, right. These are pumps inside their bodies that feed insulin on a very controlled basis into the human body. And with this Bluetooth you could take a few weeks of insulin and release it in an hour causing somebody to go into a diabetic coma and therefore death.

So these tools are clearly going to save hundreds of thousands of lives. There are hundreds of thousands of implantable medical devices in human beings in the United States and around the world today. That number is going to grow exponentially as they become more powerful. Brain computer, interface computers such as cochlear implants are growing.

In the old days if you were hearing impaired they would kind of create a hearing aid that you’d wear inside your ear. Now they can actually attach a device directly to your skull and wire into your auditory nerve directly into your brain. So there is an interface between a computer on your body and your brain via the auditory nerve. And it’s controlled again via Bluetooth. So think about this. Bluetooth hacks are incredibly easy to carry out. There are many, many known exploits. You can download apps that will do Bluetooth exploits. And so if somebody is wearing this type of hearing aid I could subvert that. I could make sounds and noise into their auditory nerve via hack that nobody else would hear. I could make them think that they’re going crazy, right. You can do all different types of terrible things.

And you may be thinking why would somebody do this? Only a truly sick person would do this. And I’m sad to say there are some people like that in this world that would do that. Go back five or six years to a case that I cite in the book from the National Epilepsy Foundation. For people who may not be aware, epileptics have to guard themselves against sudden bright flashing lights that can cause them to go into grand mal seizures. And somebody five or six years ago hacked the National Epilepsy Foundation website and so when epileptics went to their website for information rather than seeing the Epilepsy Foundation’s web page what they saw was a bunch of flash code blinking, blinking, blinking really fast in their eyes. And several cases of grand mal seizures were recorded as a result of that hack. So unfortunately there are some people in this world who do things like that and harm others for no other reason than for the kicks of it all.