Keeping Pacemakers Safe From Hackers 167
An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.
Heard a 'calibration' process (Score:2, Interesting)
Coworker had a pacemaker put in. Said she held on to two connectors and they could change the rate by sending signals through one arm, through the pacemaker to the receiver in the other.
I joked with the tone generator (for phone equipment) with other employees, but not with her.
From someone with an implant.. (Score:4, Interesting)
As much as it's not life-threatening in my case, it's still pretty damn scary. I can't imagine having a pacemaker that could be disrupted remotely. Although talk about a great tool for the CIA for remote-kills.
Re:No Locked Hardware! (Score:1, Interesting)
If some doctor tunes the pacemaker to enable short burst higher rates so that, for example, I can climb a flight of stairs comfortably, I should have a right to install the update.
First of all, modern pacemakers already offer the feature you suggest. But more importantly, the development and implementation of pacemaker firmware is highly regulated and the released product is thoroughly tested. Would you really risk your life with custom software that isn't properly vetted? When is the last time you ran software that was free from defects? Do you really want a stupid bug to kill you?
Just ask my dad (Score:4, Interesting)
My dad got a defibrillator fitted a year back. It has bluetooth and 5mb of memory. I didn't want to connect to it since killing a parent at Christmas would probably sour the mood.
3 months ago he got it updated and was ill for 4 weeks until a new patch came(although I suspect he milked it a bit for attention). Apparently an overflow in the software was causing small discharges! We don't need to protect against hackers, protecting against the programmers would be a good start. At least I can go around and say that my doctor flashed my dad. :D ..AC because I don't want my family medical history on the net.
Re:I can see it now... (Score:2, Interesting)
Is it too much to ask that such a critical device have two firmwares, the 'user installed firmware', a 'backup firmware', and a monitor ROM?
If the monitor ROM detects the device going out of certain parameters, or detects an exception in the user firmware, it switches to an emergency firmware ROM with assured "safe settings", and starts emitting a radio signal to be picked up by authorities, and possibly alarm tone to warn the user..
Old term new meaning: FATAL ERROR (Score:4, Interesting)
I have one. I get "tuneups" every six months. Pretty cool how they can change its settings with a wireless interface and a few taps of a touchscreen.
Last time I was in for a data dump on my pacemaker, my cardiologist excitedly explained "there are a _google_ combinations of settings on this device!" Then he paused, and grudgingly conceded most of them would kill me.
Even if allowed to replace implanted medical firmware, such hacking would be unpopular. We all know how reliable fixes, tweaks & updates to software are (i.e.: NOT). A single "oops" could leave the user unconscious in seconds and dead in minutes; even if not a terminal error, screwups can range anywhere from very uncomfortable to subtly distressing. During early diagnostic runs post-implantation, several times I found myself in a fetal position as a bug (!) caused repeated serious abdominal convulsions (didn't hurt, but did cause uncontrolled laughing in a "MTV Jackass" kinda way); nobody ever figured out why (technician: "did I do that?", me: "YEAH!!"). Later I found sleeping on my left side was undesirable, as natural abdominal compression caused diaphragm twitching with each pulse - harmless, but distressing enough to stop the practice (later resolved by reducing lead voltage and increasing pulse width, affecting battery life). When asked what the failure condition symptoms would be, my cardiac surgeon said simply "you'll pass out" (implying not waking up - ever).
Yes, the libertarian principles exist to demand patients have self-funded access to medical gear allowing reprogramming of implanted pacemakers or other medical devices. Absolutely I stand in support of such a notion. In practice, however, methinks this will be - shall we say - a self-correcting issue: those who do, and make mistakes, will die.