6967028
story
Comments: 167 +- Science: Keeping Pacemakers Safe From Hackers on Thursday November 12, @05:08PM
Posted
by
samzenpus
on Thursday November 12, @05:08PM
from the blackest-of-black-hats dept.
from the blackest-of-black-hats dept.
background: url(//a.fsdn.com/sd/firehose/006/967/030-1-thumb.png); width:130px; height:97px;
medicine
An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.
Related Stories
Submission: Keeping Pacemakers Safe from Hackers by Anonymous Coward
The reader this message encounters not failing to understand is cursed.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Hacking hearts (Score:5, Funny)
If I could hack her heart, she'd really love me...
Reply to This
Re:Hacking hearts (Score:4, Funny)
That's not love, it's angina.
Reply to This
Parent
Re:Hacking hearts (Score:4, Funny)
You keep your filthy talk to yourself, mister!
Reply to This
Parent
Re:Hacking hearts (Score:5, Funny)
You keep your filthy talk to yourself, mister!
Hey, now, that's unfair. I know Angina, she's a talented thespian with a very fine epidermis.
Reply to This
Parent
Re:Hacking hearts (Score:4, Funny)
Hey, now, that's unfair. I know Angina, she's a talented thespian with a very fine epidermis.
What does her sexual orientation have to do with anything? You homophobic or something?
Reply to This
Parent
*Sigh* (Score:2)
Way to miss the joke, moderators. Jayme was just playing along.
Re:Hacking hearts (Score:4, Funny)
I think I've seen her.. there's a vas deferens between her left and right legs, right?
Reply to This
Parent
Re: (Score:2)
But she doesn't even know you exist, so you're stuck with mastication.
Re:Hacking hearts (Score:4, Funny)
Can we mention cunning linguist in there somewhere?
I don't need to stoop that low, as I am a master debater.
Reply to This
Parent
Re: (Score:2)
Hmm... either a very nerdy joke, or a the motivation of a serial killer...
Re: (Score:3, Funny)
Re: (Score:2, Insightful)
If you attacked a pacemaker, they'd wind up pretty heartless as well.
Re: (Score:2)
But if you meant a Colt Peacemaker, can't be done, and I have total control of mine!
Oblig (Score:5, Funny)
I could if I tried
Honey please forget my wireless
Baby I'm not that kind
Don't go hacking my heart
You take the beat out of me
Honey when you knocked on my port
My heart gave you my key
Nobody knows it
When I was down
I was your pawn
Nobody knows it
Right from the start
You stopped my heart
You stopped my heart
So don't go hacking my heart
I won't go hacking your heart
Don't go hacking my heart
On a slighly different note. I wonder if Captain Crunch could freak an ear implant?
Reply to This
Parent
No Locked Hardware! (Score:4, Funny)
Reply to This
Re:No Locked Hardware! (Score:5, Insightful)
If your life, health and well being depends on being able to tune the device, having DRMed firmware would suck pretty badly. If some doctor tunes the pacemaker to enable short burst higher rates so that, for example, I can climb a flight of stairs comfortably, I should have a right to install the update.
Reply to This
Parent
Re:No Locked Hardware! (Score:4, Insightful)
Reply to This
Parent
Re: (Score:2)
The medical profession frowns upon self medication for a reason.
The rest of us call it "Darwin in action"
Re: (Score:2)
So, to repair the engine in a car you wound normally go to a repair shop. However you may not want to go to the dealer and you want the repair shop to have access to and ability to reset diagnostic codes to identify and fix the problem. In the same way, I don't expect patients to normally have pacemaker programmers at home. However you should be able to see a licensed doctor not directly associated with the equipment manufacturer and have him/her update the firmware.
As for nutcases who buy a programmer on e
Re:No Locked Hardware! (Score:4, Insightful)
The medical profession frowns upon self medication for a reason.
Yeah, because they're missing out on the MONEY.
Reply to This
Parent
Old term new meaning: FATAL ERROR (Score:4, Interesting)
I have one. I get "tuneups" every six months. Pretty cool how they can change its settings with a wireless interface and a few taps of a touchscreen.
Last time I was in for a data dump on my pacemaker, my cardiologist excitedly explained "there are a _google_ combinations of settings on this device!" Then he paused, and grudgingly conceded most of them would kill me.
Even if allowed to replace implanted medical firmware, such hacking would be unpopular. We all know how reliable fixes, tweaks & updates to software are (i.e.: NOT). A single "oops" could leave the user unconscious in seconds and dead in minutes; even if not a terminal error, screwups can range anywhere from very uncomfortable to subtly distressing. During early diagnostic runs post-implantation, several times I found myself in a fetal position as a bug (!) caused repeated serious abdominal convulsions (didn't hurt, but did cause uncontrolled laughing in a "MTV Jackass" kinda way); nobody ever figured out why (technician: "did I do that?", me: "YEAH!!"). Later I found sleeping on my left side was undesirable, as natural abdominal compression caused diaphragm twitching with each pulse - harmless, but distressing enough to stop the practice (later resolved by reducing lead voltage and increasing pulse width, affecting battery life). When asked what the failure condition symptoms would be, my cardiac surgeon said simply "you'll pass out" (implying not waking up - ever).
Yes, the libertarian principles exist to demand patients have self-funded access to medical gear allowing reprogramming of implanted pacemakers or other medical devices. Absolutely I stand in support of such a notion. In practice, however, methinks this will be - shall we say - a self-correcting issue: those who do, and make mistakes, will die.
Reply to This
Parent
Re:No Locked Hardware! (Score:4, Insightful)
Well, it's my life to risk and my informed decision to make. What if the bug which is killing me is in the original firmware?
Reply to This
Parent
Hearts Being Hacked (Score:5, Insightful)
I had no idea that things have gotten so bad that hearts are being hacked.
Well the article talks about how the threats have been demonstrated in the lab by a fella named Kevin Fu, but it doesn't mention it being a major problem right now:
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.
So this defense seems primarily like foresight rather than a hindsight, "Shit fixitfixitfixtfixit!" moment...So in response to your pondering, I don't think too many hearts are being hacked right now, nor that things have gotten that bad. Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...
Reply to This
Re:Hearts Being Hacked (Score:5, Insightful)
Guess which website I'll be visiting tonight?
Reply to This
Parent
Re: (Score:3, Funny)
the threats have been demonstrated in the lab by a fella named Kevin Fu
FFFFFFFFFFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUU...........
Re: (Score:2)
Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...
Weird..
Re: (Score:2)
Re:Hearts Being Hacked (Score:5, Insightful)
To take control and use that for various purposes, like money making or DoS? Not really meaningful.
You're still thinking in a "people playing with computer networks" category.
Criminals could use it for extortion.
Criminal gangs and governments could use it for murder / assassination of high-value targets.
Terrorists ditto and they could also use killing or disrupting the health of random people or groups of them as a terror tactic.
Remember the gadget that sent out the infrared "turn off" code for a bunch of different makes of TVs and monitors? And how much fun some people had wandering around trade shows with it? Now imagine a radio key-fob that sends "cause fibrillation" to pacemakers, in the pocket of your friendly neighborhood terrorist as he walks or drives around the city (or just sends the signal occasionally via a BIG transmitter.)
Reply to This
Parent
Re: (Score:2, Insightful)
I guess the fear is not about hackers trying to be assholes, but actually planned murder using the pacemaker as "weapon". Indeed, if the attacker can change the pacemaker to operate normally again afterwards, it might actually be the perfect murder.
Re: (Score:2)
"It's not very often that hackers (by definition, intelligent people) do something purely and solely for the reason of being an asshole."
If you mean "hackers" as the word is commonly used today, no, they are not particularly intelligent.
In fact, you could probably make a case that the original hackers weren't necessarily brilliant either - just highly focused on a narrow knowledge domain.
Heard a 'calibration' process (Score:2, Interesting)
Coworker had a pacemaker put in. Said she held on to two connectors and they could change the rate by sending signals through one arm, through the pacemaker to the receiver in the other.
I joked with the tone generator (for phone equipment) with other employees, but not with her.
From someone with an implant.. (Score:4, Interesting)
As much as it's not life-threatening in my case, it's still pretty damn scary. I can't imagine having a pacemaker that could be disrupted remotely. Although talk about a great tool for the CIA for remote-kills.
Reply to This
Re: (Score:3, Informative)
I'm not a doctor, but I've been watching Glenn Beck, and here's what I think he'd have to say:
Why bother fixing it? They're just going to implant tiny remote-controlled exploding devices in the chest cavities of all citizens once the Socialist "healthcare" program takes effect. Come on, people, WAKE UP!!! I mean.... *guffaw*...... *rolls eyes*..... Whore!! I'm not saying *you* are a whore, but certainly we can all agree that whores want free healthcare, therefore people who want free healthcare are who
I can see it now... (Score:5, Funny)
Reply to This
Oh I can see it too... (Score:2)
And some bad metal band will actually write a song called "overclock my heart". I can see the tributes to Motley Crue now...
Re:I can see it now... (Score:5, Informative)
Someday, some geek will try to overclock his artificial heart...
Heck people overclock their normal hearts today anyway. It's called cocaine...
I've actually seen someone with a cocaine induced [bmj.com] long QT syndrome [wikipedia.org]. A hairy day in the ER that was, considering he was psychotic at the time... it took quite a few of us to hold him still enough to get the IV going.
Reply to This
Parent
Re: (Score:2)
Someday, some geek will try to overclock his artificial heart...
He'll be following in the footsteps of the ones that already have, like coke and meth junkies.
Re: (Score:2, Funny)
Most mammals have an inverse relationship between rate and lifetime. (And barring the use of medicine, probably humans too.) Almost as if there were a limited number of beats allocated...
And then you die from a null pointer exception?
Re: (Score:2, Interesting)
Is it too much to ask that such a critical device have two firmwares, the 'user installed firmware', a 'backup firmware', and a monitor ROM?
If the monitor ROM detects the device going out of certain parameters, or detects an exception in the user firmware, it switches to an emergency firmware ROM with assured "safe settings", and starts emitting a radio signal to be picked up by authorities, and possibly alarm tone to warn the user..
Does someone have him for a class. (Score:2, Funny)
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst,...
It must have been rough in college for him.
CS Professor: Now when you call function Foo.
Fu: What professor?
Um, nothing. Back to Foo.
Sir?
Nothing. Anyway the function, let's call it, "Bar" instead. Now when you call "Bar"
John Barr, another student: "What sir?
Professor: Is there anyone named ABC?! Good! Now when you call function ABC ...
Wireless Attacks? (Score:2)
Like bullets? Or would only a throwing ax count as hacking?
No reports? (Score:2)
I haven't heard any reports of people having them hacked. We had an internet-connected pacemaker [slashdot.org], and reports that they could be hacked [slashdot.org].
I had always assumed that there was a limited range that the interface device could be used with my pacemaker. Perhaps this will be incorporated next time I go in for a battery change.
An EMP would still be more effective as an attack though.
Winning the hearts and minds (Score:3, Funny)
Reply to This
One of the nicest complements I ever got ... (Score:2)
... was when a colleague (in a discussion on software quality) said I was the only person he'd trust to program his pacemaker.
Looks like the "web of trust" is getting spun a bit wide these days.
63 comments and still.. (Score:5, Funny)
This gives a whole new meaning to heart attack.
Someone had to say it.
Reply to This
Just ask my dad (Score:4, Interesting)
My dad got a defibrillator fitted a year back. It has bluetooth and 5mb of memory. I didn't want to connect to it since killing a parent at Christmas would probably sour the mood.
3 months ago he got it updated and was ill for 4 weeks until a new patch came(although I suspect he milked it a bit for attention). Apparently an overflow in the software was causing small discharges! We don't need to protect against hackers, protecting against the programmers would be a good start. At least I can go around and say that my doctor flashed my dad. :D ..AC because I don't want my family medical history on the net.
Reply to This
Re: (Score:2)
Too late
Re: (Score:2)
I am afraid I have to disagree with you.
The article is about the fact that those advanced life supporting technological implements are possibly inherently unsafe if they both allow remote manipulation *and* are not properly authenticated. There is no discussion about any motive at this point.
The other subject (wiretaps) is highly more controversial because current governmental wire-taping policies in the U.S. are not necessarily backed by the judicial system but are basically carried out by executive orders
Re:And somewhere... (Score:5, Informative)
Who, oh, do you mean the draft dodging guy who smokes hashish and sleeps with hippie chicks while writing crazy ass cyberpunk drivel?
I'm quite sure he's referring to William Gibson [wikipedia.org], the Tony-Award-winning playwright and novelist who died last year at the age of 94, still writing. His best-known work is "The Miracle Worker," a true American stage classic.
Why anyone on Slashdot would refer to that other William Gibson is beyond me.
Reply to This
Parent
Re: (Score:2)