A pacemaker is a small, battery-operated electronic device which is inserted under the skin to help the heart beat regularly and at an appropriate rate. The pacemaker has leads that travel through a large vein to the heart, where the wires are anchored. The leads send the electrical impulses to the heart to tell it to beat.

Kevin Fu, an associate professor at the University of Massachusetts at Amherst and director of the Medical Device Security Center, said that his team and researchers at the University of Washington spent two years working on the challenge.

William H. Maisel, a doctor at Beth Israel Deaconess Hospital and Harvard Medical School, granted Fu access for the project. Fu received an old pacemaker as the doctor installed a new one in a patient. The team had to use complicated procedures to take apart the pacemaker and reverse engineer its processes. Halperin said that the devices have a built-in test mechanism which turns out to be a bug that can be exploited by hackers. There is no cryptographic key used to secure the wireless communication between the control device and the pacemaker.

A computer acts as a control mechanism for programming the pacemaker so that it can be set to deal with a patient’s particular defribrillation needs. Pacemakers administer small shocks to the heart to restore a regular heartbeat. The devices have the ability to induce a fatal shock to a heart.

The authors of the study presented several different zero-power approaches to improve the security of implanted medical devices:

Our contributions include three zero-power defenses and prototype implementations, one of which we evaluated for effectiveness in a substance approximating the radio properties of human tissue. Zero-power notification harvests induced RF energy to wirelessly power a piezo-element that audibly alerts the patient of security-sensitive events at no cost to the battery. Zero-power authentication similarly harvests RF energy to power a cryptographically strong protocol that authenticates requests from an external device programmer. Finally, sensible key exchange combines techniques from both zero-power notification and zero-power authentication for vibration-based key distribution that a patient can sense through audible and tactile feedback. While we implemented prototypes of our proposed defenses, we did not incorporate our prototypes into a real IMD. (We use the term zero-power only to emphasize that no expenditure of energy from the primary battery is necessary. Zero-power defenses are also a step beyond the use of a secondary battery for security-only or other auxiliary purposes.)

I'm sure someone can think of a better sfnal reference for the idea of turning a person off by remote control; I do recall the "heartplugs" installed by the evil Baron Harkonnen in the (awful) movie version of Dune.