Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

The study analyzes the security and privacy properties of an Implantable Cardioverter Defibrillator (ICD). Introduced to the U.S. market in 2003, this model of ICD includes pacemaker technology and is designed to communicate wirelessly with a nearby external programmer in the 175 kHz frequency range. After partially reverse-engineering the ICD's communications protocol with an oscilloscope and a software radio, the paper implemented several software radio-based attacks that could compromise patient safety and patient privacy. Motivated by one's desire to improve patient safety, and mindful of conventional trade-offs between security and power consumption for resource constrained devices, the paper introduces three new zero-power defenses based on RF power harvesting.