Forgot your password?
typodupeerror
Image

Keeping Pacemakers Safe From Hackers 167

Posted by samzenpus
from the blackest-of-black-hats dept.
An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.

*

This discussion has been archived. No new comments can be posted.

Keeping Pacemakers Safe From Hackers

Comments Filter:
  • by devnullkac (223246) on Thursday November 12, 2009 @06:12PM (#30080100) Homepage

    If I could hack her heart, she'd really love me...

  • by gedrin (1423917) on Thursday November 12, 2009 @06:13PM (#30080118)
    Think anyone will complain that they won't be able to have full access to the hardware they purchased?
    • by iamacat (583406) on Thursday November 12, 2009 @06:24PM (#30080298)

      If your life, health and well being depends on being able to tune the device, having DRMed firmware would suck pretty badly. If some doctor tunes the pacemaker to enable short burst higher rates so that, for example, I can climb a flight of stairs comfortably, I should have a right to install the update.

      • by jpmorgan (517966) on Thursday November 12, 2009 @06:40PM (#30080540) Homepage
        These are implantable medical devices we're talking about. Forget DRM, to achieve the kind of world you're dreaming of would require a massive overhaul of the medical regulatory system. Personally, I question the wisdom of a world where patients can replace firmware on their medical devices with stuff they find on the internet. The medical profession frowns upon self medication for a reason.
        • by PitaBred (632671)

          The medical profession frowns upon self medication for a reason.

          The rest of us call it "Darwin in action"

        • by iamacat (583406)

          So, to repair the engine in a car you wound normally go to a repair shop. However you may not want to go to the dealer and you want the repair shop to have access to and ability to reset diagnostic codes to identify and fix the problem. In the same way, I don't expect patients to normally have pacemaker programmers at home. However you should be able to see a licensed doctor not directly associated with the equipment manufacturer and have him/her update the firmware.

          As for nutcases who buy a programmer on e

          • Re: (Score:2, Funny)

            by Mitchell314 (1576581)
            Idiots, the lot of them. Duct tape is much better than staples for sealing wounds. Much less painful too.
            • by Jared555 (874152)

              Some super glue is supposedly safe(ish) to use as well. I wouldn't trust the stuff you buy at the store though unless it was an emergency.

              I think there is a form that is actually approved for medical use.

        • by DrugCheese (266151) on Thursday November 12, 2009 @10:34PM (#30082722)

          The medical profession frowns upon self medication for a reason.

          Yeah, because they're missing out on the MONEY.

        • by dazedNconfuzed (154242) on Friday November 13, 2009 @10:13AM (#30086216)

          I have one. I get "tuneups" every six months. Pretty cool how they can change its settings with a wireless interface and a few taps of a touchscreen.

          Last time I was in for a data dump on my pacemaker, my cardiologist excitedly explained "there are a _google_ combinations of settings on this device!" Then he paused, and grudgingly conceded most of them would kill me.

          Even if allowed to replace implanted medical firmware, such hacking would be unpopular. We all know how reliable fixes, tweaks & updates to software are (i.e.: NOT). A single "oops" could leave the user unconscious in seconds and dead in minutes; even if not a terminal error, screwups can range anywhere from very uncomfortable to subtly distressing. During early diagnostic runs post-implantation, several times I found myself in a fetal position as a bug (!) caused repeated serious abdominal convulsions (didn't hurt, but did cause uncontrolled laughing in a "MTV Jackass" kinda way); nobody ever figured out why (technician: "did I do that?", me: "YEAH!!"). Later I found sleeping on my left side was undesirable, as natural abdominal compression caused diaphragm twitching with each pulse - harmless, but distressing enough to stop the practice (later resolved by reducing lead voltage and increasing pulse width, affecting battery life). When asked what the failure condition symptoms would be, my cardiac surgeon said simply "you'll pass out" (implying not waking up - ever).

          Yes, the libertarian principles exist to demand patients have self-funded access to medical gear allowing reprogramming of implanted pacemakers or other medical devices. Absolutely I stand in support of such a notion. In practice, however, methinks this will be - shall we say - a self-correcting issue: those who do, and make mistakes, will die.

          • by StikyPad (445176)

            The number is spelled "googol." Just saying..

            Unless he actually meant that the device allows you to control Google, which would also be cool.

      • Usually results in a shortened lifespan of the pump.
        Personally I'd rather just update to Neurons 2.0

      • by Jared555 (874152)

        I think the only significant benefit to having patient adjustable settings on a pacemaker would be if the patient is in an area that does not have the equipment necessary for making an adjustment and one is necessary. This could be done with encoded commands so the patient (or someone wanting to cause harm) can not mess with things, they would just have the equipment to make the changes.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      No only should it be open, but there should be an app store for the pace maker. Think of all the exciting heart rhythms you could purchase.

      Maybe they could integrate it to my media pc and home entertainment center!

    • I hope so. I want to see them upgrade their own firmware over a wireless connection...
      Oh, who wants Microwave Pizza?
      NOOOooooooo..... CARRIER
  • by BJ_Covert_Action (1499847) on Thursday November 12, 2009 @06:13PM (#30080122) Homepage Journal

    I had no idea that things have gotten so bad that hearts are being hacked.

    Well the article talks about how the threats have been demonstrated in the lab by a fella named Kevin Fu, but it doesn't mention it being a major problem right now:

    The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.

    So this defense seems primarily like foresight rather than a hindsight, "Shit fixitfixitfixtfixit!" moment...So in response to your pondering, I don't think too many hearts are being hacked right now, nor that things have gotten that bad. Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...

    • by skgrey (1412883) on Thursday November 12, 2009 @06:18PM (#30080216)
      Spinal implants and other non-heart related implants do allow wireless communications. That's how I turn on and off my spinal implant. Granted it only seems to support a distance of within a foot of the implanted battery pack to the controller, but still. I honestly don't know if it's the controller or the receiver that requires that distance though.

      Guess which website I'll be visiting tonight?
    • by NoYob (1630681)
      Kevin Fu just got published with a splash. That young assistant professor is well on his way for tenure.

      He made an excellent topic choice.

      On the other hand, it does look he'd be happy as a baker [umass.edu].

    • Re: (Score:3, Funny)

      by Hatta (162192)

      the threats have been demonstrated in the lab by a fella named Kevin Fu

      FFFFFFFFFFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUU...........

      • by drinkypoo (153816)

        He works in the lab ARRRRRR RRRGGG........

        (I'm trying to not use so many caps, because it's like yelling, but I'm failing.)

    • Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...

      Weird..

    • It looks like a solution looking for a problem. It wouldn't be the first time this happened. As for me, I'm not worried, I'll keep on using my birthday as my four-digit pin number for my pacemaker, thank you very much!
  • Coworker had a pacemaker put in. Said she held on to two connectors and they could change the rate by sending signals through one arm, through the pacemaker to the receiver in the other.

    I joked with the tone generator (for phone equipment) with other employees, but not with her.

  • by skgrey (1412883) on Thursday November 12, 2009 @06:16PM (#30080164)
    I have a spinal implant, which is basically an implanted tens-unit, that I use to block the pain from the degenerative disease I have. Although the device has a top level setting, it still hurts if I crank it up that far. If someone was able to remotely turn on my device and turn the intensity up and shorten the waveform they could bring me to my knees. If I couldn't turn it off I'd be in some serious trouble, since I couldn't flee.

    As much as it's not life-threatening in my case, it's still pretty damn scary. I can't imagine having a pacemaker that could be disrupted remotely. Although talk about a great tool for the CIA for remote-kills.
    • Re: (Score:3, Informative)

      by StikyPad (445176)

      I'm not a doctor, but I've been watching Glenn Beck, and here's what I think he'd have to say:

      Why bother fixing it? They're just going to implant tiny remote-controlled exploding devices in the chest cavities of all citizens once the Socialist "healthcare" program takes effect. Come on, people, WAKE UP!!! I mean.... *guffaw*...... *rolls eyes*..... Whore!! I'm not saying *you* are a whore, but certainly we can all agree that whores want free healthcare, therefore people who want free healthcare are who

      • Perhaps Glenn's brain is being controlled by a wireless device. It would explain a lot.

        • by mqduck (232646)

          No, that just pushes the question one level out. It may explain how Glenn Beck is so fuckall insane, but it still doesn't explain his controllers.

        • by sjames (1099)

          Only if a box of kittens are playing with the remote...

    • by IorDMUX (870522)
      Agreed.

      I have an insulin pump [animascorp.com] with has a wireless connection to a handheld BG monitor that has some extra features. The selling point is that you can test your BG levels, select some foods from the database in the handheld device, and give yourself a perfectly adjusted insulin dose without having to pull out a pump and mess with it. (They make the handheld look somewhat like a cell phone with the idea that you can conceal the fact that you are using an insulin pump.) Having found these features to be no
      • by wazza (16772)

        Ugh... I can't help it:

        If you told the thing to give me even an extra 1 ml dose

        I think you probably meant 1 IU (1 unit). 1 ml (100 IU) would wipe out most horses.

        True, some may think I'm nitpicking, but I figure I'll get slack because I've had Type 1 for 21 years myself. Not on a pump yet, though... psychological factors mean I'm really not happy about the idea of being attached to a permanent infusion pump. And I work at a hospital too, so pumps aren't exactly an alien thing!

        People are funny, eh? :>

        • by IorDMUX (870522)

          I think you probably meant 1 IU (1 unit). 1 ml (100 IU) would wipe out most horses.

          Pedantry fully excused.

          I figured the average Slashdot reader would not be familiar with "IU" as a measure of insulin, so I did intend to use 1 ml = 100 IU... though 0.1 ml = 10 IU would probably have the same effect. I *hope* that a pump would be hardwired to not ever dispense 100 IU at once, but your average pump cartridge holds 200-300 IU, so if a hacker or bug managed to flush the thing, you would get the same result. Besides, just 1 IU would cause the onset of hypoglycemia to be gradual enough th

    • I'm looking at getting a spinal neurostimulator fitted myself in about 12 months. The idea that unknown people could alter the signals in my CNS is scary. Apart from your scenario, what if it's turned off when driving? The chances I could concentrate with all the pain coming back at once have to be slim.
  • by Abstrackt (609015) on Thursday November 12, 2009 @06:17PM (#30080190)
    Someday, some geek will try to overclock his artificial heart...
    • And some bad metal band will actually write a song called "overclock my heart". I can see the tributes to Motley Crue now...

    • by Dunbal (464142) on Thursday November 12, 2009 @06:50PM (#30080684)

      Someday, some geek will try to overclock his artificial heart...

            Heck people overclock their normal hearts today anyway. It's called cocaine...

            I've actually seen someone with a cocaine induced [bmj.com] long QT syndrome [wikipedia.org]. A hairy day in the ER that was, considering he was psychotic at the time... it took quite a few of us to hold him still enough to get the IV going.

    • by e2d2 (115622)

      Someday, some geek will try to overclock his artificial heart...

      He'll be following in the footsteps of the ones that already have, like coke and meth junkies.

    • My first thought when I read this was 4chan:

      "Hay guize, I found the passwordz to grammas heart. RAEDZ!"

  • The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst,...

    It must have been rough in college for him.

    CS Professor: Now when you call function Foo.

    Fu: What professor?

    Um, nothing. Back to Foo.

    Sir?

    Nothing. Anyway the function, let's call it, "Bar" instead. Now when you call "Bar"

    John Barr, another student: "What sir?

    Professor: Is there anyone named ABC?! Good! Now when you call function ABC ...

  • Like bullets? Or would only a throwing ax count as hacking?

  • have now developed a scheme for protecting implantable medical devices against wireless attacks.

    The same kind of people [slashdot.org], who'd seek to learn, how to DoS a police wire-tap — and publish their "research" for all, could try to see, how to defeat this scheme too. And with the same justifications and excuses:

    • We need to know, how reliable the method is.
    • We are just providing information, even if using it is illegal (or unethical).

    Somehow, I don't think, they'll be as well accepted as those other guys are

    • An implant-wearer could, just as easily, be a real scumbag and somebody wanting to pain (or outright kill) him, could be doing the right thing...

      Even if the wearer is the worst scumbag on earth, killing him certainly isn't the right thing.

    • by ivan_w (1115485)

      I am afraid I have to disagree with you.

      The article is about the fact that those advanced life supporting technological implements are possibly inherently unsafe if they both allow remote manipulation *and* are not properly authenticated. There is no discussion about any motive at this point.

      The other subject (wiretaps) is highly more controversial because current governmental wire-taping policies in the U.S. are not necessarily backed by the judicial system but are basically carried out by executive orders

      • by mi (197448)

        You aren't really disagreeing...

        [...] thus legitimizes some form of civil disobedience - hence the sympathy for those developing the means to do just that.

        Actually, actively fighting a government's law-enforcement effort is no mere "disobedience". But that's hair-splitting. But you missed the other — wouldn't it be comparably legitimate to try to punish a scumbag (such as a "pig") with the pain and discomfort of malfunctioning pacemaker? Certainly, inquiring minds need to know, and the researchers the

  • I had no idea that things have gotten so bad that hearts are being hacked.

    I haven't heard any reports of people having them hacked. We had an internet-connected pacemaker [slashdot.org], and reports that they could be hacked [slashdot.org].

    I had always assumed that there was a limited range that the interface device could be used with my pacemaker. Perhaps this will be incorporated next time I go in for a battery change.

    An EMP would still be more effective as an attack though.

  • by slackoon (997078) on Thursday November 12, 2009 @06:39PM (#30080526)
    One half of winning the hearts and minds of the people could be done using only a wireless PDA
  • *Now* I know how to get her heart racing whenever she sees me.

    Or is that too hard hearted of me?

  • ... was when a colleague (in a discussion on software quality) said I was the only person he'd trust to program his pacemaker.

    Looks like the "web of trust" is getting spun a bit wide these days.

  • by StikyPad (445176) on Thursday November 12, 2009 @07:36PM (#30081266) Homepage

    This gives a whole new meaning to heart attack.

    Someone had to say it.

  • Just ask my dad (Score:4, Interesting)

    by Anonymous Coward on Thursday November 12, 2009 @07:38PM (#30081286)

    My dad got a defibrillator fitted a year back. It has bluetooth and 5mb of memory. I didn't want to connect to it since killing a parent at Christmas would probably sour the mood.

    3 months ago he got it updated and was ill for 4 weeks until a new patch came(although I suspect he milked it a bit for attention). Apparently an overflow in the software was causing small discharges! We don't need to protect against hackers, protecting against the programmers would be a good start. At least I can go around and say that my doctor flashed my dad. :D ..AC because I don't want my family medical history on the net.

  • Step 1) Take a large, sharp knife.
    Step 2) Insert forcefully into sternum
    Step 3) ?
    Step 4) Profit.

  • Would it be too much to ask that these things not communicate wirelessly? It seems to me that this just unnecessarily multiplies the threat. (Everyone here should remember the shit storm over RFID passports). They really should use a contact based communication system in such a critical application like this. I suggest the transmitter use a small solenoid to tap (like Morse code) on a sensing plate glued to a rib.

    • by Jared555 (874152)

      I wonder how a pacemaker (wireless or not) would react to a HERF [wikipedia.org] gun. There are a lot of other threats than just someone reprogramming it.

  • Oh Thufir, I see they've installed your heart plug already.... Don't be angry. Everyone gets one here.

  • Hang on, didn't RSA get encryption going in pacemakers some time ago when they were still using Z80 cpus to drive the things?

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (8) I'm on the committee and I *still* don't know what the hell #pragma is for.

Working...