A Man-in-the-Middle of my Heart Attack


Gradually we are all becoming more and more dependent on connected technology. We will be able to live longer with an increased quality of life due to medical devices and sensors attached to, or integrated into our bodies. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device may cause patient harm and have fatal consequences.

Dr. Marie Moe is a security researcher, in 2015 she started a hacking project to figure out if she could trust the device that was keeping her alive, an IoT-connected pacemaker implant. This talk covered the latest findings from this research project, in particular how it is possible to perform a Man-in-the-Middle attack between the pacemaker device and the corresponding backend server with the help of a fake mobile base station, giving access to the patient’s medical data.

Dr. Marie Moe cares about public safety and securing systems that may impact human lives, this is why she joined the grassroots organisation “I Am The Cavalry". Marie is a senior security consultant at mnemonic, and has a PhD in information security. She is also an Associate Professor at the Norwegian University of Science and Technology. She has experience as a team leader at NorCERT, where she did incident handling of cyberattacks against Norway’s critical infrastructure. She is currently doing research on the security of her own personal critical infrastructure, an implanted pacemaker that is generating every single beat of her heart. Marie loves to break crypto protocols, but gets angry when the broken crypto is in her own body.

Watch the recording of this CONNECT University online session organised to celebrate the European Cybersecurity Month and discover more about this fascinating topic. Have you ever thought about the cybersecurity vulnerabilities in the body implants? Is a pacemaker hacker-proof?