"It's not hard to see why this is a deadly feature," Jack said.
His research is just beginning. The FDA, he said, just looks at the medical effectiveness of devices and does not do an audit of a device's code.
"My aim is to raise awareness of these potential malicious attacks and encourage manufacturers to act to review the security of their code and not just the traditional safety mechanisms of these devices," Jack said.
He also found other problems with the devices, such as the fact they often contain personal data about patients, such as their name and their doctor. Other tell-tale signs of sloppy code were also found, such as potential access to remote servers used to develop the software.
"The new implementation is flawed in so many ways," Jack said. "It really needs to be reworked."
Jack is developing "Electric Feel," an application with a graphical user interface that would allow a user to scan for a medical device in range. A list will appear, and a user can select a device, such as a pacemaker, which can then be shut off or configured to deliver a shock.
As if this wasn't bad enough, Jack said it is possible to upload specially-crafted firmware to a company's servers that would infect multiple pacemakers and ICDs, spreading through their systems like a real virus.
"We are potentially looking at a worm with the ability to commit mass murder," Jack said. "It's kind of scary."
Ironically, both the implants and the wireless transmitters are capable of using AES (Advance Encryption Standard) encryption, but it is not enabled, Jack said. The devices also have "backdoors," or ways that programmers can get access to them without the standard authentication using a serial and model number.
There a legitimate medical need since without backdoors, you might have to "cut someone open," Jack said. "But if they're going to have a backdoor, at least have it embedded deep inside the ICD core. These are expensive devices."
Jack's presentation was beautifully illustrated in a comic-book like fashion. At one point, a slide showed a man who looked quite similar to former U.S. vice president Dick Cheney, who has long suffered from heart problems. The flaws in the device, Jack said, could mean an attacker could perform "a fairly anonymous assassination" from 50 feet away.
"To me, a laptop doesn't look like a device that is capable of killing someone," Jack said.
Or as an audience member added: "There's no muzzle flash with a laptop."