Forgot your password?
typodupeerror
Bug Crime Medicine

$75K Prosthetic Arm Is Bricked When Paired iPod Is Stolen 194

Posted by timothy
from the what-about-backups dept.
kdataman writes U.S. Army Staff Sgt. Ben Eberle, who lost an arm and both legs in Afghanistan, had his Ipod Touch stolen on Friday. This particular Ipod Touch has an app on it that controls his $75,000 prosthetic arm. The robbery bricked his prosthesis: "That is because Eberle's prosthetic hand is programmed to only work with the stolen iPod, and vice versa. Now that the iPod is gone, he said he has to get a new hand and get it reprogrammed with his prosthesis." I see three possibilities: 1) The article is wrong, possibly to guilt the thief into returning the Ipod. 2) This is an incredibly bad design by Touch Bionics. Why would you make a $70,000 piece of equipment permanently dependent on a specific Ipod Touch? Ipods do fail or go missing. 3) This is an intentionally bad design to generate revenue. Maybe GM should do this with car keys? "Oops, lost the keys to the corvette. Better buy a new one."
This discussion has been archived. No new comments can be posted.

$75K Prosthetic Arm Is Bricked When Paired iPod Is Stolen

Comments Filter:
  • by Anonymous Coward

    Who?

    The guy in the article?
    The article?
    The editor?
    The submitter?

    At least start a new paragraph..

  • by Anonymous Coward on Tuesday August 26, 2014 @08:50AM (#47755681)

    He'll be right. He is from the ARMy after all.

  • Hmmm ... (Score:5, Informative)

    by gstoddart (321705) on Tuesday August 26, 2014 @08:50AM (#47755683) Homepage

    This is an incredibly bad design by Touch Bionics. Why would you make a $70,000 piece of equipment permanently dependent on a specific Ipod Touch?

    You know, given the terrible kind of software we see in embedded software, and the terrible security implemented by most companies ... I'm perfectly willing to believe this is an incredibly bad design, because there's plenty of evidence that these kinds of things tend to have incredibly bad designs.

    Between companies using 10 year old Linux kernels, to having unpatchable systems, or just having really bad understandings of security, I've come to conclude this is the norm.

    • Re:Hmmm ... (Score:5, Insightful)

      by RobinH (124750) on Tuesday August 26, 2014 @09:03AM (#47755765) Homepage
      Except the terribly bad design we typically see in embedded design is normally to provide a back-door way to prevent just this kind of problem. "Oh, you lost your password? No problem, hold down these three buttons and cycle power and it'll reset everything to factory defaults, and then you can login with this default password."
      • Re:Hmmm ... (Score:5, Insightful)

        by Richard_at_work (517087) <richardprice.gmail@com> on Tuesday August 26, 2014 @09:11AM (#47755815)

        Why is that bad design? It allows access to the system again, but in a way that makes it pretty fecking obvious access has been gained - thats how I would like it to be handled rather than the alternatives of never gaining access or gaining unfettered access with all data in place and no one being aware access was gained.

        • Re:Hmmm ... (Score:5, Insightful)

          by sjames (1099) on Tuesday August 26, 2014 @09:21AM (#47755897) Homepage

          Exactly. Especially when the reset to factory requires physical presence. In most cases it is exactly the right thing.

          • by Andrewkov (140579)

            If he would only read the manual, you only have to pull the thumb and bend the elbow for 3 seconds to put it in pairing mode.

        • by RobinH (124750)
          Well, sorry, that's not so bad design, but the really bad design is if the default password is in the downloadable manual and is active all the time, or doesn't require you to change it on first login. Still, I think my point is the same.
      • by drolli (522659)

        Could you power down and act death for a few minutes? Then the devices would reset itself for the next owner.

      • Except the terribly bad design we typically see in embedded design is normally to provide a back-door way to prevent just this kind of problem. "Oh, you lost your password? No problem, hold down these three buttons and cycle power and it'll reset everything to factory defaults, and then you can login with this default password."

        You mean someone could steel my private prosthetic arm data?!?!?! Eegads!!!

    • Re:Hmmm ... (Score:5, Insightful)

      by nine-times (778537) <nine.times@gmail.com> on Tuesday August 26, 2014 @09:10AM (#47755811) Homepage
      I'm having a bit of a hard time understanding how the entire device could be permanently bricked, even in the case of a poor design. Instead of replacing the entire $70k arm, surely they could swap out a chip or circuit board somewhere...?
    • I'd be totally unsurprised by incredibly bad design; but that incredibly bad design would also tend to make it relatively trivial to access whatever memory holds the UID or key used to establish the pairing and blank or rewrite it to establish a new pairing with a new device. Probably not in the owner's manual; but likely something that an EE undergrad could do with access to a few hundreds to thousands of dollars worth of borrowed test equipment and a congratulatory couple of six-packs. Definitely for less
    • by Jeremi (14640)

      Between companies using 10 year old Linux kernels, to having unpatchable systems, or just having really bad understandings of security, I've come to conclude this is the norm.

      ... and a hacked prosthetic arm is the worst possible kind of security breach -- the hackers could literally hold your neck for ransom.

    • I'd show up at the companies headquarters, use my prosthetic fist to punch the CEO in the face repeatedly, and then say "I think it's a bug in your software. No? Show me the source and prove it... otherwise I think this bug will continue to afflict us both"

    • You know, given the terrible kind of software we see in embedded software, and the terrible security implemented by most companies ... I'm perfectly willing to believe this is an incredibly bad design, because there's plenty of evidence that these kinds of things tend to have incredibly bad designs.

      Between companies using 10 year old Linux kernels, to having unpatchable systems, or just having really bad understandings of security, I've come to conclude this is the norm.

      there's the old horror trope about the guy who gets a transplanted hand, and the hand comes alive on its own and tries to choke him. maybe it's time for the same thing but with a robot hand.

      also, having not read the article i do not get the issue here. cant they just put the app on a different ipod? did they destroy the source code? if the firmware in the hand is somehow tied to the serial number of the ipod, cant they reprogram the firm ware? this whole thing stinks of a greedy govt contractor.

    • Re: Hmmm ... (Score:4, Informative)

      by joeshmoo (1221826) on Tuesday August 26, 2014 @05:45PM (#47760675)
      I'm a prosthetist and I've worked with the iLimb Ultra (the version I assume is being referenced in this article). The iPod that was stolen is presumably a jailbroken iPod that was set up by Touch Bionics. The original version of the iLimb Ultra required a jailbroken iPod to link up to the hand. However, it's usefulness is in changing the grip patterns that the hand is capable of. Losing the iPod doesn't "brick" the hand so much as it prevents the patient from being able to change the grasp patterns of the hand on the fly. He can still open and close the hand. This iPod touch could be replaced by another jailbroken iPod from Touch Bionics, but I know that they were down to their last few refurbished units when I last got one for a patient. The current version of the iLimb Ultra (and its successor the iLimb Ultra Revolution) both can connect to any iDevice without requiring special modifications to the iDevice. The one that this patient has is presumably about 2 years old as that's when they still had not yet switched to a standard bluetooth connection.
  • Bad Planning (Score:5, Insightful)

    by neoform (551705) <djneoform@gmail.com> on Tuesday August 26, 2014 @08:50AM (#47755685) Homepage

    What if the ipod was dropped and breaks? What kind of poor planning is this where that one ipod was the linchpin of this expensive prosthetic?

    • Re:Bad Planning (Score:4, Interesting)

      by rmdingler (1955220) on Tuesday August 26, 2014 @08:54AM (#47755699)
      Is the explanation as simple as:

      The government foots the bill as these are mostly used by war veterans, so for the manufacturer, it's another unit sold?

      • Re: (Score:3, Interesting)

        Last time I checked, the government doesn't earn money. Taxpayers do.
        • Re:Bad Planning (Score:4, Informative)

          by rmdingler (1955220) on Tuesday August 26, 2014 @09:12AM (#47755823)

          Last time I checked, the government doesn't earn money. Taxpayers do.

          Well, you know what they say:

          For those who cannot print money,

          earning is the next best option.

          • by TheCarp (96830)

            Except, the system is setup to prevent the government from printing money directly for their own use.

            Lets not forget how it works, the semi-independent federal reserve prints the money and then offers it out as no recourse loans to their industry cronies (or whoever is a most convininet front...like their wives: http://www.rollingstone.com/po... [rollingstone.com] )

            Then, those people, now with money in hand that they only have to pay back if they make a profit, they loan it to everyone else, with interest.

        • So not with their own money, but still the government pays for it.

        • Re:Bad Planning (Score:4, Informative)

          by fuzzyfuzzyfungus (1223518) on Tuesday August 26, 2014 @09:25AM (#47755935) Journal
          It tends to be discouraged, out of concern that states aren't very good at it, or that they might be inclined to use their other powers to make themselves more competitive; but there isn't anything architecturally precluding a state from earning money. They can have employees, own and operate R&D and production facilities, sell products, same as a company.

          There are reasons to discourage that, and have them focus on things that the private sector can't do or does poorly; but those are pragmatic considerations, not fundamental obstacles.
          • Case in point right here in my home state of Virginia: The state's Department of Alcoholic Beverage Control stores (commonly called "ABC stores"). As part of the state's alcohol laws, licensed stores can sell wine and beer, and licensed bars and restaurants can sell booze by the glass. If you want hard liquor by the bottle, you have to buy it at an ABC store, which are state-owned. They turn a profit, and that profit goes into the state's coffers.

            • New Hampshire runs a very similar operation. I've never quite understood why a state whose motto is "Live Free or Die" lets The Man control their booze supply; but I imagine that the indirect tax of a state liquor monopoly is more popular than some direct tax levied elsewhere.
        • The top 1% don't earn money either, they merely collect it. And yet that cash spends just as easily (even more easily, some might say) as someone who worked for the money.

        • Last time I checked, the government doesn't earn money.

          Not even remotely true. Governments are perfectly capable of earning money when they choose to. Governments can and do own things and can behave very much like private businesses if they want to. In China and Egypt and Russia (and many more) have huge swaths of the private economy are outright owned by the government. The fact that the US government generally refrains from trying to make a profit and behaving like a private enterprise doesn't mean they cannot or do not. For a time in the very recent pa

          • by Jhon (241832)

            "Some do and some do not. People who stay home to raise children often do not earn any money. "

            Then they aren't taxpayers, are they?

            • by sjbe (173966)

              Then they aren't taxpayers, are they?

              Sure they are. I assure you that the priest who is fully supported by his congregation is taxed on his "earnings". A housewife still has to file and is responsible for the taxes on the spouses income even if they had no role in actually earning it. All those people still pay sales, use, gasoline, excise, etc taxes. It's essentially impossible to not be a taxpayer on some level.

        • Last time I checked, the government doesn't earn money. Taxpayers do.

          The government, at all levels, does earn some money in the form of usage fees such as national/state parks or land they lease to ranchers.

          It's no different than paying money to rent out a place for your wedding.
          • Not to mention the US Postal Service which doesn't get taxpayer money and needs to earn its own money to cover operating expenses.

        • by Nimey (114278)

          Not that you're a flaming ideologue or anything. ::reads your signature::

          Oh, you are. Well, things always seem simple to people with a religion to push.

        • Except they do http://www.forbes.com/sites/je... [forbes.com] ... even if they shouldn't.

    • Perhaps an app that can be downloaded to a new device?
  • by Majestros (686956) on Tuesday August 26, 2014 @08:55AM (#47755705)
    I recently sat through a Touch Bionics seminar and, at least for the newer devices, all you need to do is enter the "serial number" of the hand into the app and it can control it. We even joked about how easy it was, so friends with prosthetic hands could prank each other by entering their friend's serial number into their own app and controlling their friend's hand. This may just apply to new devices though, maybe in response to problems like this?
    • by OzPeter (195038)

      at least for the newer devices, all you need to do is enter the "serial number" of the hand into the app and it can control it.

      Gawd .. whats worse: Bad security or No security?

      • by Kokuyo (549451)

        This is security through obscurity, until the arm sends his serial number over bluetooth or something.

        • by beelsebob (529313)

          No, no it's not security through obscurity. It's security through something you know - a perfectly valid method of securing something. Of course, it would be nice if in this case, you could change the thing you're supposed to know to be different to the device's serial number.

    • by rasmusbr (2186518)

      Apple removed the ability for iOS apps to read the iPhone's / iPad's / iPod's device id with iOS 7, which means any software that relied on that would no longer work.

  • It is quite possible that all three points that the submitter raises are valid. I'm very likely to believe that the design was intentional. After all, in the software world, the consumer has become the beta tester and if the consumer has software problems, he or she needs to buy expensive "support packages." In effect, the marketing departments figured out how to force the consumer to be a beta tester and make money from the consumer's problems.
  • Possibility 4) Hardlinking to a specific iPod makes it harder to hack the prosthetic arm from.
    It's not the perfect way to prevent hacking, but I can certainly see why this could be considered a security feature that benefits the owner of the arm.
    Would you rather have a prosthetic arm that does nothing or one that is controlled by some pubescent scriptkiddie?

    • by OzPeter (195038) on Tuesday August 26, 2014 @09:14AM (#47755843)

      Possibility 4) Hardlinking to a specific iPod makes it harder to hack the prosthetic arm from.

      Bricking a device because a external independent device which is well known to be fragile and/or a target of theft has died/lost/stolen is a pretty bad design.

      And if the external device is not independent, but is in fact required part of the bricked devices operation - then that is also bad design

      • by mwvdlee (775178)

        It may be bad design in hindsight, but in the real world every design has concessions.
        Integrating the required hardware in the arm itself might have had downsides worse than relying on an external tried and tested commodity device.
        It might be as simple as optimizing space, shape and weight, preventing heating or cost savings.

    • by countach (534280)

      How would you hardwire it anyway? I highly doubt the iPod hardware is modified. So that means there is some kind of security token on the iPod. But the iTunes/iCloud backup should backup any application data. This should be secure AND allow recovery in the case of loss.

      • by mwvdlee (775178)

        Again, I'm not defending this as a good design choice, just as one I can imagine a person making for valid reasons.

        I'm assuming the iPod hardware has some sort of unique identification baked into the hardware.
        Recovery in case of loss is certainly possible; TFS states the arm can be reprogrammed for a new device.
        Recovery from inside the app would make hacking easier, even if (limited) physical interaction with the arm is needed.

        • by countach (534280)

          Perhaps, but its hard to see how linking it to a hardware ID is especially secure. A hardware ID is probably just a sequential number, whereas a proper security token would be an encryption key.

  • by Greyfox (87712) on Tuesday August 26, 2014 @09:02AM (#47755757) Homepage Journal
    The guy who stole it could now be controlling his hand. "Now hand over your wallet! No, wait... I'll do it! Bwahahahahah!" Small favors and all that...
  • Security (Score:4, Interesting)

    by jbmartin6 (1232050) on Tuesday August 26, 2014 @09:05AM (#47755781)
    The article doesn't specify why they need to replace the hand rather than just do a software reset. But my first thought was of all those stories a while ago about security on diabetic pumps, and I thought "Well now we know why there shouldn't be security on these devices"
    • Between manufacturer avarice and customer stupidity I hold out very little hope; but it would warm my cold, black, shriveled, heart if somebody would standardize a key-fill interface (like the DS-101/DS-102 devices that the DoD has for connection to U-229 ports on communications gear and other things that need crypto keys; but actually remotely suitable for end users, unlike those systems) for dealing with this class of problems...

      Right now, it seems like everything is either "Oh, totally wide open, mayb
    • The article doesn't specify why the hand doesn't contain its own control board and software.
  • i-limb software (Score:2, Informative)

    by Anonymous Coward

    According to the user manual for i-limb,

    To make changes to the limb, it either requires loading the software on a pc with blue-tooth or getting an ipod touch setup by i-limb.

    Not a $75,000 loss by any means, sounds like the factory has to set up the ipod touch though. It is a pain in the rump, but most robberies are.

  • by Anonymous Coward

    Shouldn't the app be an Android app?

    Hmmmm?

    • When you have medicare and or the VA paying then you can take a more useful / cheaper Android or you can buy a higher cost apple and get more markup out of it also makeing so that the end user can't buy there own and pair it on there own makes you use them for Replacement when it hits the end of it's battery life.

      If only we had an better healthcare system that was not loaded with insane markup.

  • While it's easy for me to see this as a bad design, it's also not much of a stretch to believe that this was a conscious choice. After all, if it were trivially easy to pair a wireless device with the prosthetic, it would be trivially easy to take control of the guy's hand (think "Stop hitting yourself!").

    Is this bad for the user experience, particularly given it's predicated on an easily lost, easily broken, and frequently stolen device? Certainly. Is the UX of the lost/stolen device better than the UX of

    • While it's easy for me to see this as a bad design, it's also not much of a stretch to believe that this was a conscious choice. After all, if it were trivially easy to pair a wireless device with the prosthetic, it would be trivially easy to take control of the guy's hand (think "Stop hitting yourself!").

      All you need to do is to not pair the arm with the specific iPhone, but to pair it with the AppleID of the user of the iPhone. Which is from a software development point of view ten times easier and absolutely safe. It is much easier to steal an iPhone than an AppleID.

  • If he was using a Zune, no one would have stolen it.
  • 4. It's a security feature ( a bad one maybe but still) and it doesn't cost $75k to get it re-authenticated.

  • After getting a quote from the dealers to get a lost key replaced for all three cars on my keyring (which dissappeared), I wondered if it wouldn't just be cheaper to have the cars towed away and re-buy new ones. (The prices ranged from $150-$275 EACH to have them replaced)

    • by Anonymous Coward on Tuesday August 26, 2014 @10:05AM (#47756307)

      Hi, I'm a volunteer for The Math Foundation, the non-profit devoted to helping everyday people do math, because Math Is Hard(tm). After careful calculations, I have concluded that replacing all of your keys via the dealerships costs more than two orders of magnitude less than purchasing a new set of cars, which means you could purchase over 100 cars for the cost of a set of keys, on average. You can now safely take the "new keys" option with the assurance that it is the wiser financial path between the two, and you no longer have to lie awake at night wondering whether or not the "new cars" option would be cheaper.

      • Hi, I'm a volunteer for the Poetic License bureau, and we'd like to inform you that you've violated rule #8; taking something too literally when an obvious point is being made.

        You're welcome.

  • by King_TJ (85913) on Tuesday August 26, 2014 @09:42AM (#47756075) Journal

    Does it seem odd to anyone else that he'd be fine with leaving the device in his truck's center console overnight that's required to make use of one of his arms?

    "Pretty sure I won't come up with ANY need to use my other arm for the rest of the night.... Maybe I'll go fetch the controller tomorrow?"

    • by omnichad (1198475)

      The iPod touch has a limited battery life... Though you'd hope it shares power source with the arm.

  • From an alternative story [cultofmac.com]:

    "[Getting a new prosthetic hand and iPod configured to work together] takes a long time," Eberle told the San Antonio Express-News. "It's tedious and it's a lot of work with the hand itself."

    So in fact, another ipod could work, but it has to be trained first. A good backup of the training data should allow a new ipod to be set up quickly, but it sounds like they didn't do that.

  • by iamacat (583406) on Tuesday August 26, 2014 @10:49AM (#47756747)

    The software detects weak signals from damaged nerves to usefully move fingers of the prostetic arm. This is no floppy bird. There was probably an incredible amount of difficulty to get the thing working in the first place and the issue of backup was left for later. One day these things would be both modular and not cost $70k.

  • by EmperorOfCanada (1332175) on Tuesday August 26, 2014 @11:49AM (#47757281)
    I had my dog chipped but the vet said that if I ever let my iPhone run out of battery the implant will explode. I think the implant was made by the same company.
  • by gnasher719 (869701) on Tuesday August 26, 2014 @11:59AM (#47757357)
    Apple doesn't allow access to UDIDs (universal device identifiers) anymore, so unless the software is quite old, or requires a jailbroken device, the prosthesis cannot be paired to the device. (That's one of the reason why you can't access the UDID anymore, because pairing information with a device is stupid; the bigger reason is privacy).

    The prosthesis can easily be paired to an AppleID plus an application specific ID. However, all information about this would be stored on the device, backed up to iTunes, and could be restored by just buying a new phone, entering the AppleID and password, and downloading the last backup.

    If that doesn't work, then these guys must have some really strange and stupid software design + implementation.
    • Apple doesn't allow access to UDIDs (universal device identifiers) anymore, so unless the software is quite old, or requires a jailbroken device, the prosthesis cannot be paired to the device. (That's one of the reason why you can't access the UDID anymore, because pairing information with a device is stupid; the bigger reason is privacy).

      The prosthesis can easily be paired to an AppleID plus an application specific ID. However, all information about this would be stored on the device, backed up to iTunes, and could be restored by just buying a new phone, entering the AppleID and password, and downloading the last backup.

      If that doesn't work, then these guys must have some really strange and stupid software design + implementation.

      Any app writer can include their own magic number in the instance on the device and use that for pairing.

"We are on the verge: Today our program proved Fermat's next-to-last theorem." -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Working...