Keeping Pacemakers Safe From Hackers 167
An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.
Hearts Being Hacked (Score:5, Insightful)
I had no idea that things have gotten so bad that hearts are being hacked.
Well the article talks about how the threats have been demonstrated in the lab by a fella named Kevin Fu, but it doesn't mention it being a major problem right now:
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.
So this defense seems primarily like foresight rather than a hindsight, "Shit fixitfixitfixtfixit!" moment...So in response to your pondering, I don't think too many hearts are being hacked right now, nor that things have gotten that bad. Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...
Re:Hearts Being Hacked (Score:5, Insightful)
Guess which website I'll be visiting tonight?
Re:No Locked Hardware! (Score:5, Insightful)
If your life, health and well being depends on being able to tune the device, having DRMed firmware would suck pretty badly. If some doctor tunes the pacemaker to enable short burst higher rates so that, for example, I can climb a flight of stairs comfortably, I should have a right to install the update.
Re:Hacking hearts (Score:2, Insightful)
If you attacked a pacemaker, they'd wind up pretty heartless as well.
Re:Hearts Being Hacked (Score:5, Insightful)
To take control and use that for various purposes, like money making or DoS? Not really meaningful.
You're still thinking in a "people playing with computer networks" category.
Criminals could use it for extortion.
Criminal gangs and governments could use it for murder / assassination of high-value targets.
Terrorists ditto and they could also use killing or disrupting the health of random people or groups of them as a terror tactic.
Remember the gadget that sent out the infrared "turn off" code for a bunch of different makes of TVs and monitors? And how much fun some people had wandering around trade shows with it? Now imagine a radio key-fob that sends "cause fibrillation" to pacemakers, in the pocket of your friendly neighborhood terrorist as he walks or drives around the city (or just sends the signal occasionally via a BIG transmitter.)
Re:No Locked Hardware! (Score:4, Insightful)
Re:Hearts Being Hacked (Score:2, Insightful)
I guess the fear is not about hackers trying to be assholes, but actually planned murder using the pacemaker as "weapon". Indeed, if the attacker can change the pacemaker to operate normally again afterwards, it might actually be the perfect murder.
Re:No Locked Hardware! (Score:4, Insightful)
Well, it's my life to risk and my informed decision to make. What if the bug which is killing me is in the original firmware?
Re:No Locked Hardware! (Score:4, Insightful)
The medical profession frowns upon self medication for a reason.
Yeah, because they're missing out on the MONEY.
Re:*Sigh* (Score:2, Insightful)