The success of Internet of Things (IoT) services will be determined by how the security of the IoT devices and the networks to which they are connected can be guaranteed. Integrating biometric recognition technology into IoT systems has gained popularity as a means of accomplishing this objective. Electrocardiograms (ECGs) have become a promising biometric tool for security because their intrinsic and dynamic nature makes them difficult to steal and forge for replay attacks. However, as with other biometric-based security approaches, attacks on ECG biometric systems have been developed. This study examines the vulnerability of template-based ECG biometric systems to reconstruction attacks. These attacks involve exposing the biometric templates of registered subjects in a hacked database and attempting to reconstruct their ECGs to spoof the system. Both deep learning models and “heuristic” approaches are used to perform this task, depending on the intruder’s level of knowledge of the template construction. Several reconstruction attack strategies are proposed and evaluated for fiducial- and PCA-based systems using ECGs from the Physikalisch-Technische Bundesanstalt database of 285 subjects. The experimental results demonstrate a reconstruction similarity of at least 0.93 and an increase in the false-positive identification-error rate of more than 73%.