On August 23rd the Food and Drug Administration (FDA) in the US approved the deployment of a software update for pacemakers made by St. Jude Medical. This was to fix vulnerabilities discovered in 2016, which were patched by St. Jude Medical in January 2017. Actually, vulnerabilities in pacemakers have been around for quite a while, as this article in the New York Times from March 2008 shows. So it seems that pacemaker updates are going to be another aspect of our future.
Don’t be overly worried about this subject. At this time, hackers won’t be able to issue some commands from their bedrooms that will stop every pacemaker in use. In this particular case, they would need a very unlikely set of circumstances to happen in order to degrade the battery of the pacemaker or set it to an inappropriate rhythm. The reason for the long delay between the patch being released and the FDA approving it, was they needed to be sure there would be no ill effects on the patients when they applied the pacemaker updates.
Virtually every technology runs on a mixture of hardware and software. The software controls and monitors the hardware. In devices like a pacemaker, the software is usually referred to as Firmware. This is because it is built into the of electronics of the device as opposed to being on a hard disk, for example. Updating firmware is usually a bit more difficult to carry out than say updating windows. Different devices have different mechanisms to do so. In some cases the firmware may only be updated by replacing a physical electronic chip.
As was detailed in our First Commandment, developers of software sometimes make mistakes. If evil doers discover these mistakes, they will endeavour to see if the mistake created a vulnerability. If there is a vulnerability, the bad guys will seek to exploit it and make the software do something it was not meant to do. This will never be something for your benefit.
Therefore we should all keep anything with software (which includes firmware) as up-to-date as possible in order to remove the vulnerabilities.
So have a look around you and think about the different devices that you may have in your office or home. We covered mobile, networking equipment, printers and internet of things in the First Commandment. But it would now seem that pacemaker updates (in fact any medical electronic device) will need to be added to that list.