Software Testing Blog

Before I get into the story of this fascinating bug, I wanted to take a moment to introduce you to T.W.I.T. We liked the “bug-iversary” concept so much here at uTest that we decided to make it a recurring column, called T.W.I.T. or This Week In Testing (also noting the happy coincidence that the word “twit” is synonymous with “fool” and “dope,” words that characterize many of these bug follies ).

But I digress! So, this week in testing brings us an interesting heart device bug discovered March 12, 2008.

A team of computer security researchers were able to gain wireless access to a combination heart defibrillator and pacemaker. According to the New York Times,

[The researchers] were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal. The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio embedded in the implant as a way to let doctors monitor and adjust it without surgery.

Full report and more after the bump!

The researchers also made it clear that there’s no imminent need to be afraid of heart hackers for the following reasons: the experiment was worth $30,000 of lab equipment; it included specialists from the University of Washington & the University of Mass; the heart device was placed two inches from the test gear; and no security breach (in millions of implants worldwide) has ever been reported.

While risks are currently low, is too little attention being paid to security in the growing number of medical implants with wireless capabilities? Have you heard about any updates regarding this debate?

Read the full report here.