Hacking a Pacemaker

jonkman sean writes "University researchers conducted research into how they can gain wireless access to pacemakers, hacking them. They will be presenting their findings at the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy. Their previous work (PDF) noted that over 250,000 implantable cardiac defibrillators are installed in patients each year. This subject was first raised along with similar issues as a credible security risk in Gadi Evron's CCC Camp 2007 lecture "hacking the bionic man"."

Bionic eye

[sm62704]

I'm sure glad the device in my eye (see my sig for details) is focused by the eye's muscles rather than electronics/motors. Some things shouldn't be networkable.

Oh yeah, the oblig: We are cyborg. You will be assimilated. resistance is not only futile but you won't resist, you'll beg to join us..

Re:Bionic eye

[Misagon]

Some things shouldn't be networkable.

Not networkable. A pacemaker communicates only with the diagnostic equipment.
Pacemakers are [i]implanted[/i] under the skin. The only way to interface with them is through induction or radio signals. The signals have ranges measured in centimeters.

Re:

[shaiay]

Even if you can transmit very strong signals to the pacemakers from afar, the answer will be very faint (these things need to run for years on a single battery, they are very low power). Most communication protocols are bidirectional, so you won't really be able to communicate with it.

As an added precaution, some manufacturers (at least Biotronic IMHO) have devices which only communicate when a magnet is placed near (again centimeters) the device, thus closing a magnetic switch and enabling communication.
Th

Re:

[pnewhook]

Not quite.. The pacemakers send data to a bedside device that then relays the information gathered to the Internet. Not really the same. No pacemaker will connect to the internet directly, it doesn't make any sense to do so.

Re:Bionic eye

[StylusEater]

I can see the headlines... "Cheney's Pacemaker Hacked by Chinese Militants" ... :-) One can only wish.

Re:

[BoomerSooner]

Or better yet, "Cheney's pacemaker hacked by time travelers from the future." Circa 1999. Now that's a wish.

Re:

[sm62704]

I can see the headlines... "Cheney's Pacemaker Hacked by Chinese Militants" ... :-) One can only wish.

This is off the topic for the summary (but on topic for your comment) but if Cheney goes duck hunting with Bush we could have the first woman President.

If Cheney shoots Bush in the face [msn.com] accidentally while duck hunting (well it happened once before, I'd never go hunting with him) and suffers a heart attack as a result, and both die, then House Speaker Nanct Pelosi [wikipedia.org] becomes President Pelosi.

One can only wish!

M

Unfortunately

[wsanders]

.. I see this more like, "Cheney hacks pacemaker to extract confessions from suspect cardiac patients".

Still, I'd like to see proof of concept. There is no such thing as "guaranteed short range" in wireless. My Bluetooth headset has a 50-foot range in the right locations.

Re:

[sm62704]

I would think the safest thing would be to have to physically interface with it to program any electronics in it. Once they've sewn one into my chest (thank God heart disease doesn't run in my family) I wouldn't want it to be programmable!

Re:Bionic eye

[Ihlosi]

Once they've sewn one into my chest (thank God heart disease doesn't run in my family) I wouldn't want it to be programmable!

Um, yes you do. Do you want them to have to cut you open because you don't like the maximum pacing rate and want to have it reduced by 5 bpm ?

Re:

[sm62704]

I want them to get the pacing rate right BEFORE they sew it in.

Re:

[Ihlosi]

I want them to get the pacing rate right BEFORE they sew it in.

Finding out which settings you like or don't like unfortunately involves putting a pacemaker into you first. Of course, you could go with a completely dumb device, but your heart would be paced too fast when you're asleep and too slow when you're physically active.

Re:Bionic eye

[bay43270]

Also, your pacing needs change as you grow and as your heart develops. Not all pacemakers go into 70-year-olds.

Re:

[Brian Gordon]

The one time you're thankful that manufacturers are so negligent with firmware/BIOS updates :)

Re:Bionic eye

[darkfire5252]

Yes, I want it to be programmable. But I want the designer to keep in mind that it's my life at stake. We know how to do these things securely.

Public-Private Key cryptography. The manufacturer has a public key, and it's embedded into the device. The manufacturer's private key is kept secret in the same way as the PKI people do it; there are multiple parties required to do anything to the key, there is armed security 24/7, and the key is treated as if people's lives depend on it because that's the situation. There's a process to go through for a hospital to get certified to update the device. When the hospital certifies a doctor to update the device, the doctor's public key is signed by the manufacturer's private key. The doctor keeps his private key on a smart card that requires a PIN with the full knowledge that people could die if he loses it. Preferably the smart cards are kept under lock and key at the hospital next to the lethal drugs and the morphine. When an update command is done, a specially formatted message is signed by the doctor's private key, and the message is send along with the doctor's certificate (the doctor's public key signed by the manufacturer's private key). If there's no valid certificate or the message format is not correct, no command interpretation takes place. If everything checks out, the command is logged in onboard flash memory and the device updates. If someone's pacemaker is updated in a manner that kills them, there is an audit trail pointing to exactly who's at fault. I don't care how much more expensive it is, particularly when the answer is 'not very.'

People's lives are at stake here, the manufacturers should be held liable and negligible if they aren't using already existing methods that essentially guarantee security.

Re:

[pnewhook]

Oh for crying out loud - don't be ridiculous. These are pacemakers not PCs. Get some perspective. It doesn't have the capability that you seem to be thinking it does.

And right now you have to be in contact to reprogram. It's not like anyone is at risk of being hacked from down the street or anything.

Re:

[darkfire5252]

It already is receiving signals and acting upon those signals. All the stuff that I mentioned requires is another chip and a small flash storage for logging. 'Right now' it takes $30,000 to do this hack. If the information becomes well known and the technique becomes easier, being in contact isn't really a big deal. The problem is that the person goes into heart failure for what is apparently no reason at the time. The fact that someone in a crowd has their hand on his chest or did for a brief moment i

Re:

[jamstar7]

Older model pacemakers were susceptible to microwaves from your kitchen 'nuke'. And they had to redesign the kitchen 'nuke' to cut this radiation down so it wouldn't interfere with a pacemaker. Pacemakers are also subject to getting whacked by an electromagnetic pulse, so this isn't 'news' per se, they've known it for decades.

Re:

[pnewhook]

Yes, its all nice and simple to the software guy that doesn't know what he is talking about.

Yes what you are asking is possible but it's prohibitively expensive, pointless, and adds ZERO benefit to the patient. In fact because of the extra power draw of this pointless device the patient will have to undergo extra surgeries to replace the battery more ofter thereby further jeopardizing the patient safety.

Re:

[Ihlosi]

Public-Private Key cryptography.

Sure. Will you ship your secure, encrypted pacemaker with an external power supply to plug it in ?

Sheesh. These things don't come with a multi-core desktop CPU. They're ultra low-power systems, optimized for battery life because changing the battery requires surgery, which already puts your life at stake (Sorry - cutting your chest open isn't trivial. And the chance of something bad happening during or after surgery (infection, complications with the anesthesia, etc), as

Re:Bionic eye

[Beardo the Bearded]

Ah, finally, someone understands something! Most programmers think that EVERYTHING that can be programmed has a multi-core architecture with a hard drive, monitor, etc. You haven't seen most of the computers that you use on a daily basis. Do you think your elevator runs a Duo-core? Your apartment buzzer controller isn't made by AMD.

I'm an EE with a lot of embedded experience in RF devices. I've had to make recalls because the standby current* was 50uA instead of 12uA. (For a GPS tracking board with VHF transmitter.)

The level of misunderstanding that's required to think that you can surreptitiously reprogram somebody's pacemaker without their knowledge is astounding. If you've got a pacemaker and someone tries to walk up to you and reprogram your chest, just walk away, man. Walk away. It's not like it's going to take 2 seconds to line everything up correctly. Even if all the technical details are magically sorted, a different brand could make your hack useless. So could temperature, humidity, clothing, chest hair, and any of the other RF voodoo things that you have to deal with.

*(Technically "quiescent" but I'm not sure everyone knows what that means.)

Re:

[Beardo the Bearded]

Both multiplication and division are "heavy" operations in the embedded world. Incorporating them into the code even once can mean that your code won't fit into the footprint. One chip I used in 2006 has 512 bytes of Flash and 24 bytes of RAM. Not for a trivial application either - there are tens of thousands of that product out in use right now, and people depend on the device to live.

Sure, a few chips have built-in single-line multipliers, but I don't think that's what they use in pacemakers.The pacemaker

Re:Bionic eye

[nahdude812]

And once the private key is cracked or exposed, do you operate on everyone with that model pacemaker?

The thing is that this private key needs to be sent to every hospital and doctor's office which wants to make adjustments to the pacemaker. They'll have it, whether it's embedded in a chip or written in a config file. You have to make this information public in some sense, the very best you could hope to do is use some kind of DRM to protect the key from exposure, but as we all know, such exercises are fated to failure.

And what happens when a pacemaker manufacturer discontinues a line and stops manufacturing the equipment to tune certain kinds of pacemakers (such as would be expected to happen should a key be discovered), do these patients just have to hope that the equipment used for tuning their pacemaker outlives them?

Also, will doctors and hospitals have to buy dozens of different pacemaker adjustment machines, one of every type, even those they don't install themselves so that they can treat patients who move into the area? What happens when the patient needs emergency adjustment of his pacemaker but doesn't remember the model he has (or isn't conscious)?

Finally, these devices don't exactly have little general purpose CPU's in them. One of their biggest concerns is decent battery life. If we put something in there as computationally intensive as strong private/public key cryptography, you're going to significantly hurt the battery life of these devices.

This problem is not as simple as it seems on the surface. It turns out that human life is fragile, and there are many ways in which you can kill someone, some of them even require little effort to kill many people. Hacking this device in a way that endangers other humans would not even need new laws to be punishable since we fortunately already have laws which surround murder, reckless endangerment, and other such things which actually or reasonably could result in the death or injury of other humans.

Re:Bionic eye

[darkfire5252]

Look up public private key cryptography and get back to me. Asymmetric cryptography does not require revealing the private key to hospitals....

Re:

[geekyMD]

You sir, are a moron. You suggest: 1) Requiring doctors to carry smart cards with encryption data 2) Requiring doctors to keep said cards with "the morphine" (showing you have never seen how a hospital manages secure resources) 3) Said hideously rare and necessarily hard to obtain cards would be required to save a life in dire emergent situations. This shows: 1) You have never seen how an emergency room or hospital inpatient floor works. 2) You have no idea how a pacemaker interrogator works. Furthermore

Re:

[darkfire5252]

Sure. It's impractical, because cryptography uses "magical hard math," right? Nevermind that the math involved can be done with relatively cheap chips made for the purpose. An hour best case for what? The doctor gets certified to update the device as a part of employee training, not 'on demand'. There already is a trail... how, exactly? /Done feeding trolls

Re:

[hey!]

It's not necessarily so bad. They don't have to split your sternum open, they can just make a keyhole slit to access the interface. It's not something you'd do for fun, but it beats worrying about worrying about whether you're pacemaker settings are accessible to the outside world to make "adjustments", either unintentionally via EMI or deliberately.

Based on what I know about non-specialists designing security into ad hoc network protocols, I'm not very optimistic about biomedical engineers getting it rig

Re:

[jamstar7]

They don't usually sew them in your chest these days. They snake the leads down your carotid to the heart, and bury the electronics in that hollow at the base of your neck, on top of your shoulder, for easy access. It's under a couple layers of skin and a bit of muscle instead of behind your ribs.

Re:Bionic eye

[tsa]

Believe me, you really want the thing to be programmable. They have to try a few settings to find oujt which makes you feel good, and if/when your body changes they can adjust the pacemaker accordingly. Modern pacemakers are marvellous pieces of technology that can give you your life back as long as you program them well!

pacemakers

[gEvil (beta)]

Hacking a pacemaker? What could possibly go wr... *thud*

Don't fear.... much

[NIckGorton]

From TFA:

a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker. They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal

hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts -- they include Vice President Dick Cheney -- have no need yet to fear hackers

No need to fear they tell us because:
One:

The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant's signals.

And two:

"To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,"

Um, that was until a NYTimes article described that it could be done and (more importantly) a /. article linked to that NYTimes article so tons of geeks worldwide see the information. While security through obscurity doesn't really work, there is something to be said for people just not noticing that a thing is hackable.

Similarly the argument that it took $30,000 worth of equipment and a 'team of experts' is retarded because the same might probably have been said about DVD encryption till an adolescent did it in his bedroom with his home computer and enough caffeine.

If I had an AICD, I sure as hell wouldn't want to be around Cheney, lest the signal from mine be confused with his. Of course maybe that is why he has a man sized safe in his office is a Faraday cage.

Re:

[TheRealMindChild]

Similarly the argument that it took $30,000 worth of equipment and a 'team of experts' is retarded because the same might probably have been said about DVD encryption till an adolescent did it in his bedroom with his home computer and enough caffeine.

Not only that, but let's say the President of the United States has a pacemaker... $30000 is pittance for someone who wants him dead.

Re:

[Ihlosi]

Not only that, but let's say the President of the United States has a pacemaker... $30000 is pittance for someone who wants him dead.

Now you only need to get that $30000 worth of lab equipment (= big and bulky) within a few inches of your intended victims chest ...

Re:

[MMC Monster]

Recent models of pacemakers and defibrillators from the major companies (Guidant, Medtronic, etc.) allow remote telemetry from home: You have a device sitting on a table next to the patient's bed which will check the device every night (or one night a week, etc.) and report back to the physician any abnormalities. Some also allow wireless programability, but not from home: The nurse waves the wand over the device, then the patient goes in another room and gets seen by the physician while the settings on t

Re:Don't fear.... much

[NIckGorton]

I'm not so sure about that (speaking as an ER physician who would generally be the one saying WTF is the password???)

In the worst case scenarios, either 1) put a donut magnet over it and it can be stopped or 2) give me a scalpel and 30 seconds and I can cut the leads, and then we can externally pace and/or defibrillate the person.

So I am not sure that the risk of being password protected would outweigh the risk of not being password protected. I'd want mine password protected, then put the password on a medic-alert bracelet that I wear.

Re:

[NIckGorton]

put a donut magnet over it and it can be stopped

And to clarify, I mean stop many potential hacks. The magnet doesn't turn a pacer off, just flips a reed switch and renders it dumb so that it just paces at a set background rate. And I suspect that if it were hacked and the person arrived to the ER still alive (or at least freshly dead) you could solve a lot of that with a magnet.

Re:

[ultranova]

You know what else can stop your heart? And, at a much larger distance? My rifle. I find this kind of subject to just be more of the terror sensationalism.

You know what else rifles do ? They make a lot of noise and splatter a lot of blood eveyrwhere, making the cause of death extremely clear to even the dumbest coroner or bystander. Not only that, but nearly everyone in the world knows what a rifle is and looks like, so if someone was shot dead and you were seen with a rifle in your hands anywhere near,

But why?

[Tsoat]

Even if you could hack it wirelessly the only benefits I see are bragging rights cool they may be just doesn't seem worth the time and effort

Re:

[kalirion]

Unless you're looking to kill someone by pressing a button, of course.

Re:

[MttJocy]

Guns however create pesky ballistic evidence, a wireless signal passed to the device may show up in it's log somewhere if an old guy with a pacemaker dying of a heart attack was even autopsied but it could still be just taken as natural causes, not only that but even if you could prove the device was tampered with it could be difficult to link such a signal with the transceiver that sent it directly, unlike trying to link a bullet to a gun. Now bear in mind people have tried some pretty mental schemes in a

Life imitates art

[theGreater]

From http://www.snpp.com/episodes/BABF01 [snpp.com]

% The Simpsons happen upon Krusty, who is having a Y2K crisis of his
% own. His pacemaker is stuck in the "hummingbird" mode. Krusty
% lifts himself in the air briefly by flapping his arms, before
% collapsing on the ground.

See also:

http://en.wikipedia.org/wiki/Treehouse_of_Horror_X#Life.27s_a_Glitch.2C_Then_You_Die [wikipedia.org]

-theGreater.

Easy fix

[InvisblePinkUnicorn]

Just make a pacemaker for the pacemaker. That way, if it ever shuts down, it'll have a tiny little heart inside it to get it going again.

Re:

[kdemetter]

feeling very tempted to make beowulf cluster joke about it

Just shut it off

[epilido]

Most pacemakers and defibrillators can be turned off with just a magnet. This is designed to allow medical staff to stop a defective device. Yep I have done it myself and seen it done many times for diagnostic reasons in the hospital. M

Re:

[Arancaytar]

Indeed - most technology exhibits that contain strong magnets have warnings about pacemakers. And a strong electromagnet could be hidden anywhere (didn't this site discuss them in door frames to avoid seizing of harddrive data, in fact?). The wireless networking may seem scary, but unless the range of the receiver is much greater than it needs to be, this doesn't sound like it would make pacemakers much more fragile than they already are.

I guess it's psychological. We humans don't like being reminded of how

Re:

[NIckGorton]

Actually what the magnet does is turn off the sensing function (by flipping a reed switch in the pacer), and demotes a highly functional piece of electronics into something much dumber. (It just paces at a set rate without having any look at what the heart is doing.)

This can be used to stop a lot of 'runaway pacer' issues (which almost never happen with modern devices), and I suspect a lot of potential hacks. However it doesn't precisely shut it off. But it does solve a lot of problems.

Wait for it

[Bombula]

"It wasn't me grabbing her ass your honor, someone hacked my arm!"

So they can crack RSA and then get the pacemaker?

[dbIII]

RSA encryption is used in these devices. There certainly is a lot of techofear journalism about lately.

Re:So they can crack RSA and then get the pacemake

[frog_strat]

Working on the communications software for one of these devices, I can say for sure there is no encryption on at least one of them. A decision was made by the company to not worry about this issue at the moment.

The government have escrow keys

[Chrisq]

All new pacemakers are to be fitted with government escrow keys to the control interface. After all, if you have nothing to hide then you have nothing to worry about, have you......

A better method

[yamamushi]

The article details how the researchers had to be within 2 inches of the pacemaker, and several thousands of dollars worth of equipment. I suspect there is an easier way to deactivate a pacemaker, find out what frequency they operate at. I've got an FM radio blocker, that is basically just a 100mhz oscillator, a potentiometer, and a battery. It works by canceling out a given frequency, thus letting me silence my neighbors stereo from 50ft away. I know the technique works for the 2.4ghz band, for blocking out wireless phone signals and whatnot. I suppose finding an oscillator in the high ghz range would suffice for 'killing' a pacemaker.

Re:

[pnewhook]

It's called electromagnetic pulse (EMP) and has been around for quite a while. I'm sure there are documented occasions of it taking out a pacemaker before.

Yes, in science fiction novels.

EMP *theory* has been around for quite a while, but the devices aren't real (unless you count atomic explosions).

To be clear for everyone here on Slashdot, there is no such thing as an EMP device. It's theoretical science fiction, just like wormholes and space elevators. Get over it.

Vivid imagery

[Wilson_6500]

But device makers have begun designing them to connect to the Internet, which allows doctors to monitor patients from remote locations.

"Excuse me, sir? The plane is about to taxi, and I'm going to need you to shut down your wireless internet device."

Some day in my lifetime, a person's heart might have "flight mode." That idea bowls me over. I'm assuming this is some kind of cellular internet connection the devices use. Fifteen seconds of google didn't really turn up much info, but then again I wasn't

Re:

[Misch]

At least for mine, it looks like a coupler-style modem with 2 leads that attach to your wrists. There's a magnet included as well (at least on mine) that cause a different signal to be sent.

My base unit doesn't have internet connectivity, though I suppose it potentially could be done that way someday.

Obligitory Bionic Man Reference..

[clonan]

So can I get the pacemaker make a heartbeat sound like the jumping sound effect....

"nah nah nah nahhhhhhhhh"

It's not that bad

[Anonymous Coward]

(Posting this as AC since I don't want to get in trouble).

I think the summary is more alarming than the actual article. The researchers had to be at two inches from the device in order to tamper with it.

It's probably not such a big deal now, but some more thought should definitely go into future products. 30000$ sound like much, but it certainly sounds like a bargain if you can kill the Vice President of the USA without even touching him.

I mean, imagine the following scenario:

1. Bad guys want to kill Cheney

Re:

[mbstone]

I mean, imagine the following scenario:

1. Bad guys want to kill Cheney. That seems quite plausible.

2. Secret Service anticipates this. NSA and the Office of the Sergeant at Arms of the U.S. Senate are tasked to establish and test a set of security controls.

3. Pursuant to applicable FISMA, OMB, NIST and DoD regulations, it is determined that Cheney's pacemaker must undergo Certification and Accreditation under DIACAP (Doing Information Assurance on Cheney's Automatic Pacemaker) throughout the VP's Life Cycl

Oh, great timing

[elrous0]

Dick Cheney is preparing to leave office and NOW you tell us?!?!

Insider

[More Trouble]

Would I need a "team of experts" and $30K of gear if I had worked as an engineer for Medtronic?

Yee-ha!

[clickety6]

I'm gonna overclock this sucker!
Better than a triple espresso!

Build your own joke:

[RandoX]

Punchline: Heartworm.

Gives a whole new meaning to Force-Feedback

[Qbertino]

Imagine hooking up your pacemaker to your favorite FPS via bluetooth or something. Every time you get hit your heart misses a beat. Literally.

I can also just imagine installing Vista remotely onto the pacemakers of all those Windows fanboys. ... :-) Hehehe ...

Some health care insurance / hospitals may want to

[Joe The Dragon]

Some health care insurance / hospitals may want to cut you off if you can't pay or they found out that you had a pre existing condition they make you pay up and say pay or we cut you off.
Some of them have said that a kidney transplant is to experimental and they let a someone die just to get out of paying for it.

There was movie about some put bombs in Pacemakers

[Joe The Dragon]

There was a movie about someone putting bombs in Pacemakers

http://en.wikipedia.org/wiki/Dead_in_a_Heartbeat [wikipedia.org]

When my pacemaker is tested

[InterGuru]

Every six months my pacemaker is checked. Part of the test is to speed and slow down the pacemaker and my heart for a short time.

It is a truly heartfelt experience.

Bookwormhole.net [bookwormhole.net] -- a site for book lovers.

Re:

[Misch]

I know. I was in for a checkup recently and came to the realization that of all the things I have been able to toy and tinker with, my doctor was essentially programming my heart.

I almost cried as I realized I had just been outgeeked, since I would never be allowed to operate the control panel. My doctor has toys that I cannot play with.

Friday, Jan. 26, 2007?

[antdude]

Hmm, old story but interesting.

In the not too distant future...

[Number6.2]

...a blue-hair receives a text message from her grandkids...

        H4 H4 H1 GR4NNY W3 H4XX0RS U! W3 RuL3!

(Meanwhile, Granny clutches at her chest as her pace maker pulses out the drum solo from "In A Gadda Da Vida")

Dealing with the threat

[SamP2]

I agree with those that said that in order to "hack" the pacemaker you have to be at a very close range to the victim. At this range, you could just as easily stab or shoot them. As a more general rule, apart from a select few VIP figures, there is nothing we can do to prevent someone from carrying out a murder if they want to, the only thing we can do is punish them after the fact and hope it serves as deterrent for others.

What IS a problem is that unlike other means to kill a person at close range, this m

Re:

[Rick Genter]

I agree with those that said that in order to "hack" the pacemaker you have to be at a very close range to the victim. At this range, you could just as easily stab or shoot them. As a more general rule, apart from a select few VIP figures, there is nothing we can do to prevent someone from carrying out a murder if they want to, the only thing we can do is punish them after the fact and hope it serves as deterrent for others.

What IS a problem is that unlike other means to kill a person at close range, this m

Insulin pumps too!

[wizman]

My girlfriend is a type 1 diabetic. Instead of regular injections, she uses an insulin pump. This pump is an external device, about the size of a pager, that feeds insulin into her body via a short tube.

Several months ago she upgraded to a new pump. This new model (a Medtronic MiniMed) wirelessly communicates with a number of devices. It receives blood glucose data from a continuous glucose monitor. It also receives her regular readings from her standard "prick your finger" blood sugar tests via her test kit. And, it has a wireless key fob that allows her to adjust the pumps settings without having to dig through pockets and clothes to get at the unit.

My first comment to her was "With all of this wireless control, how easy is it for someone to use this wireless interface to put you into a diabetic coma, or worse, kill you?" She thinks it's a fairly ridiculous concept, citing encryption, receiver range, and "Why would anyone want to kill me?", among other reasons.

Well, I say that anything that has any type of wireless interface is hackable. There are, of course, no published documents that I can find detailing what steps have been taken to secure these devices. I'm seriously concerned as to whether or not the companies that make insulin pumps, pace makers, implants, etc, may not be taking these concerns seriously.

Re:Hmmm

[Ihlosi]

Doesn't Dick Cheney have a pace maker?

Yes, but the purpose of this device is unclear. What exactly is it pacing ?

Re:

[BakaHoushi]

I find this joke to be old and rather insulting, really. Of course Dick Cheney has a heart.

However, the notion that the heart is somehow related to empathy and love is also false. Instead, he had that section of his brain surgically removed. It helps him collect himself faster after his 3pm puppy kicking and orphanage closing.

Re:

[jamstar7]

I find this joke to be old and rather insulting, really. Of course Dick Cheney has a heart.

Yup, he has the heart of a 20 year old.

It's in a jar on his desk.

Re:

[Mr2cents]

I heard it was a present from the Wizard of Oz, but it didn't help.

Re:remote kill?

[Snowgen]

does this mean that someone can eventually kill people remotely?

The technology for that already exists; it's called a "gun". It replaced an older technology called an "arrow", which in turn was the replacement for an even older technology called the "javelin". There was also an older technology called a "sling" which was a peripheral device designed to increase the effectiveness of the original technology call the "rock".

People have been remotely killing other people for millions of years.

Re:remote kill?

[Oktober Sunset]

Killing people remotely is not hard, doing it without anyone knowing it was you, without any indication at the time that it was anything other than natural causes, requiring no opportunity other than being within wireless range and leaving no evidence behind whatsoever. That's the novel part.

Re:

[JasterBobaMereel]

Ah you mean the dropping rock on his head, rather than beating him to death with a rock ....

Re:

[Oktober Sunset]

That still requires opportunity, especially if you want to make it look like an accident. You need to be in a hidden place where you are above them with the rock, at the right time, where you can't be seen by anyone else, you need to hit them, you need it to be a place where a rock might drop naturally, you need to leave no trace behind that you were up there.

With this, you need no vantage point, no hiding place, you don't need to wait till they are in some opportune location, there's no risk of detec

Re:

[kdemetter]

good idea .

That leaves a hole in the market , namely defensive devices this , like a tin foil t-shirt , sweater , etc
Together we will make millions .

Re:

[legoman666]

Sorry friend, that niche is already filled: http://www.lessemf.com/personal.html [lessemf.com]

Re:

[powerlord]

I was expecting something more like this: http://www.thinkgeek.com/tshirts/generic/9080/ [thinkgeek.com]

Re:

[DrEasy]

But this perhaps creates an interesting opportunity for programmable euthanasia or suicide. Our society may not be ready for this yet, but having a way to decide in which conditions you want to leave this world with dignity sounds good to me.

More interestingly: get away with it

[davidwr]

I heard Uncle Joe is about to write me out of his will. He has a pacemaker. He's old, there won't be an autopsy. Hmmm......

Hacking the VP

[tobiasly]

Yes, that's a very real concern that the secret service has been terrified of for years. Most people know that Cheney has a pacemaker, but the real secret is that they forgot to turn off SSID broadcast and its password is "Linksys".

Re:

[Mister Whirly]

It has been changed for security purposes. The SSID is now "Geezer" and the password is "psychograndpa". It also displays a warning when logging in "WARNING - unauthorized users will be shot in the face with a shotgun!"

Re:

[zappepcs]

and if they hack your pace maker, you had better have a will.

Nevermind that, the burning question is will Clinton use this to scare us out of voting for McCain? He should be due for a pace maker soon if he doesn't already have one.

That kind of attitude is the problem

[Moraelin]

Well, sad to say and please don't take it as an offense, it's that kind of attitude that's the cause of half the problems today. Products are made by engineers couldn't care less about security, with their budget dictated by a boss who couldn't care less about security, and end up configured by users who couldn't care less about security. Because they all operate under that assumption that if it's even remotely related to computers or electronics, it can be hacked anyway, so why bother?

Well, no, there are w

Re:That kind of attitude is the problem

[Ihlosi]

Why _does_ a pacemaker need a WiFi interface anyway?

Because sticking a JTAG connector through someones chest is fairly painful. You're welcome to experiment on yourself to confirm this.

Also, it's not a WiFi interface. It's a short-range (it goes through your chest, and water absorbs radio waves like crazy), custom, wireless interface. You have no freaking need for those to be networked, in any form or shape.

And you're, what ? An M.D. ? A biomedical engineer ?

Tell you what: Have fun with your dumb fixed-rate 75 bpm pacemaker, but don't expect to be running up any stairs anytime soon.

Any interface to it or from it can be contact-based just as well.

It basically is, genius. Or do you want it so contact-based that they have to shoot a couple of amps through your chest in order to make the pacemaker respond ? Hint: Think of a vital organ that's very, very close to the pacemaker and reacts very badly to having current shot through it.

More importantly, we already do _both_ of those for life-and-death systems like flight control systems on airplanes or brake computers on cars. They're both built and reviewed to be as good as bulletproof, _and_ not wired to talk to the outside world, unless one physically plugs in a special connector and a special computer into it.

They're also conveniently located outside the human body, so plugging a special connector into them doesn't involve going through someones tissue first.

Re:

[radarsat1]

It basically is, genius. Or do you want it so contact-based that they have to shoot a couple of amps through your chest in order to make the pacemaker respond ? Hint: Think of a vital organ that's very, very close to the pacemaker and reacts very badly to having current shot through it.

While I agree with your post, don't forget that electricity and radio are not the only ways to communicate..

This seems like a situation where ultrasonic (or even just sonic) communication might be very useful! You could at

Re:

[Ihlosi]

This seems like a situation where ultrasonic (or even just sonic) communication might be very useful!

If you had unlimited power, maybe. Just maybe.

You could attach a voice coil to the inside shell of the pace maker.

The acoustic impedance mismatch between the case of the pacemaker and the surrounding tissue will make this virtually impossible. You might get away with having the US transmitter on the outside, but this opens up the device for all kinds of nasty biocompatibility / degradation issues an

Re:

[MMC Monster]

Pacemakers have a limited battery life. Changing the battery requires surgery. (They are working on recharging, but the technology isn't there yet.) Wireless communication requires orders of magnitude less energy for the device than wireless.

Ah, the smart-arse non-sequiturs

[Moraelin]

Ah, the smart-arse non-sequiturs. How I missed those. So let's demolish them one by one, then. And maybe then we'll see some actual thought process instead.

Tell you what: Have fun with your dumb fixed-rate 75 bpm pacemaker, but don't expect to be running up any stairs anytime soon.

So basically you're telling me that you have to have an external thing strapped to your chest, full time, for it deal with that? I thought they were programmed by a cardiologist once, and left on their own afterwards.

Because stick

Re:

[pnewhook]

At the end of the day, I still don't see why those things shouldn't be more secure.

Simply because there is no point in making them more secure - there's no need. If there is no need then it should n't be done.

These devices are not practically hackable. To reprogram one you need direct skin contact - it cannot be reprogrammed from across the room. I doubt anyone will not notice this being done to them.

The device doesn't have the capacity to do encryption like you are implying. If you made one that did i

Re:Ah, the smart-arse non-sequiturs

[I_Love_Pocky!]

I appreciate your enthusiasm, but thank god you aren't designing these devices. I work for one of the competitors to Medtronic (the company whose devices were studied). We have encryption in our RF communication. We DO take security into consideration, but there are trade offs that have to be considered. Battery life is generally the most important consideration. Every time surgery needs to be performed to physically access the device (usually because of a depleted battery) there is a risk of complications. These aren't insignificant risks either. Keep in mind the people getting these devices have health problems of some sort or they wouldn't be getting them. With that in mind, security solutions in this domain have to be very well thought out so as to avoid draining the battery significantly. So please, don't for a second presume that we are a bunch of monkeys sitting around on our asses ignoring real concerns. The real issue is that there are far more concerns than you are aware of. We do evaluate these concerns and try to build the best devices possible with the fewest compromises.

Re:

[I_Love_Pocky!]

I can't speak to how Medtronic implements their RF communication, but as I said ours is encrypted and boosting the signal to "hack" someone does not get around the encryption.

With the encryption that you say your company uses, wouldn't it simply be a matter of acquiring a single sending device, and reverse engineering it?
No. The individual communication session is protected by a unique key. Still, if you physically had a programmer (the sending device you mentioned), you could use it without any hack

Re:

[Asic Eng]

Why _does_ a pacemaker need a WiFi interface anyway?

Well it's not a pacemaker, it's a combination pacemaker/defibrilator. The second part is the reason why it can "deliver potentially fatal jolts" - that's just the range a defibrilator operates in. A connection via the internet allows a doctor to be notified of problems while the patient is at home, and the doctor could even take corrective actions right away. That's presumably why one of the doctors involved in this investigation said "If I needed a defi

Re:

[DataBroker]

So what I'm saying is: let's all stop and think twice before shrugging and dismissing security as impossible anyway. Sometimes it's very feasible to make it bulletproof, and, really, it has no excuse to not be so.

The excuse is that people are not willing to spend the difference it would cost to make it bulletproof. There are diminishing returns (even on life-saving devices) which people won't recognize or spend on.

Imagine walking into a doctor's office being presented with two (apparently) identical d

Re:Easy solution

[CrashPoint]

Why don't they build firewalls into the pacemakers?

Because then you'd get heartburn. Geez.

Re:

[sexybomber]

It'd have to be a Faraday Suit to be effective. The electronics to be protected have to be completely surrounded by the cage/mesh/suit/etc., else the electrical signals/current will just enter through the open side. Having a Faraday vest wouldn't do squat unless the mesh extended *through your abdomen*.