The problem is that people see "wireless" and think "wireless network a.k.a. WiFi". These devices are programmable using wireless communication, but they are not on WiFi. They communicate with a "programmer", a device that is placed on the patient and used to change the treatment protocols. The issue is that this communication is not encrypted and it is vulnerable to a replay attack. That means with a USRP module and a some GNU Radio know-how, you can mimic the programmer device from a long way away. This lets you send commands like "disable treatment 1". The reason this is potentially lethal is that while the pacemaker cannot be turned off by the programmer, this is part of the UI, not part of the pacemaker! So if treatment 1 was the only one currently enabled, the UI would not let the doctor send "disable treatment 1" but the pacemaker would still accept that command should it receive it. But that's a slow kind of lethal. It just means that if the patient has an issue that needs correcting, the pacemaker won't correct it. This particular model has another thing it can do. It has a built in defibrillator. That way of the patient needs zapping, the pacemaker can be told to do it, rather than needing paddles (which would potentially fry the pacemaker). This mode is also activated by a wireless command. One that can be sent using a replay attack. Normally after a shock, the pacemaker would reestablish rhythm. But not if all treatment protocols are turned off.
So although these devices are hackable, it's not a remote hack unless you happen to hack a computer that's close to the patient, and that has a radio you can control with GNU Radio.
That's not to say these devices don't touch WiFi at all. To avoid frequent doctor's appointments, the hospital can give you a device that will connect to your home network and act as a relay. This doesn't let them reprogram the pacemaker remotely, what it does is transmit telemetry remotely so the doctor can check up on you daily without needing to schedule an appointment. As I understand it, this relay runs Windows XP and is full of holes (but I repeat myself). This lets hackers potentially access lots of confidential medical data, but doesn't let them kill you.
Can I release a non-free program that's designed to load a GPL-covered plug-in?
It depends on how the program invokes its plug-ins. For instance, if the program uses only simple fork and exec to invoke and communicate with plug-ins, then the plug-ins are separate programs, so the license of the plug-in makes no requirements about the main program.
If the program dynamically links plug-ins, and they make function calls to each other and share data structures, we believe they form a single program, which must be treated as an extension of both the main program and the plug-ins. In order to use the GPL-covered plug-ins, the main program must be released under the GPL or a GPL-compatible free software license, and that the terms of the GPL must be followed when the main program is distributed for use with these plug-ins.
If the program dynamically links plug-ins, but the communication between them is limited to invoking the ‘main’ function of the plug-in with some options and waiting for it to return, that is a borderline case.
"More precisely the states must be formed of two up quarks, one down quark, one charm quark and one anti-charm quark.”
If I had only known, I would have been a locksmith. -- Albert Einstein