McAfee Claims Successful Insulin Pump Attack 196
judgecorp writes "Intel security subsidiary McAfee has claimed a successful wireless attack on insulin pumps that diabetics rely on to control blood sugar. While previous attempts to attack insulin pumps have met with mixed success, McAfee's Barnaby Jack says he has persuaded an insulin pump to deliver 45 days worth of insulin in one go, without triggering the pump's vibrating alert safety feature. All security experts still say that surgical implants are a benefit overall."
McAfee for insulin pumps next (Score:4, Funny)
There is always that conspiracy theory that many if not most viruses are written by anti-virus software vendors.
After all we didn't have many viruses until these things appeared on the market.
I'm not one to believe this sort of conspiracy theory, but McAfee isn't doing themselves any favors by publicizing this.
Re:McAfee for insulin pumps next (Score:5, Funny)
I'm not one to believe this sort of conspiracy theory
Says 'the eric conspiracy'.
Sometimes it is best to post as AC.
Re:McAfee for insulin pumps next (Score:4, Informative)
It's a funny. Laugh.
Re:McAfee for insulin pumps next (Score:2)
Re:McAfee for insulin pumps next (Score:2)
right...
everyone laughs.
until your device asks for your FB password. and if you refuse, that's the end of you. literally.
Re:McAfee for insulin pumps next (Score:2)
That could have been believable back in the DOS days, when most viruses seemed to have no real purpose besides amusement, but today the vast majority of malware is written for profit. Selling antivirus software would be counterproductive if you're making a lot more money from owning a botnet and the antivirus would eat into that.
Re:McAfee for insulin pumps next (Score:2)
Re:McAfee for insulin pumps next (Score:4, Funny)
Re:McAfee for insulin pumps next (Score:2)
You die because your Pacemarker stopped working while waiting for VirusShield to load?
Re:McAfee for insulin pumps next (Score:3)
All well and good now, but wait six months and when your free trial runs out a window bursts out of your abdomen asking you to "upgrade" to professional.
Re:McAfee for insulin pumps next (Score:3, Funny)
Murder by computer virus? (Score:2, Interesting)
I know it's naïve to even ask, but would this be used in the wild? What special sort of sicko would do this for kicks?
Re:Murder by computer virus? (Score:2)
What special sort of sicko would do this for kicks?
Seriously? You have to ask?
Re:Murder by computer virus? (Score:4, Funny)
What special sort of sicko would do this for kicks?
Seriously? You have to ask?
Not for kicks, but lulz.
Re:Murder by computer virus? (Score:2)
What special sort of sicko would do this for kicks?
Seriously? You have to ask?
one who would walk into a school or university and start shooting random people.
unfortunatly these people exsist :-(
Re:Murder by computer virus? (Score:5, Interesting)
I know it's naïve to even ask, but would this be used in the wild? What special sort of sicko would do this for kicks?
The Darzhavna Sigurnost (Bulgarian Secret Police) and the KGB killed Georgi Markov on a bridge in London by stabbing him in the back with an umbrella that fired a ricin filled pellet. The ability to assassinate someone by infecting their insulin pump would be a goldmine.
Re:Murder by computer virus? (Score:2)
The Darzhavna Sigurnost (Bulgarian Secret Police) and the KGB killed Georgi Markov on a bridge in London by stabbing him in the back with an umbrella that fired a ricin filled pellet. The ability to assassinate someone by infecting their insulin pump would be a goldmine.
...if your target happens to be a diabetic with an implanted insulin pump. Otherwise, it's just a pyrite mine. A poison will get you whether you happen to have an insulin pump or not.
Re:Murder by computer virus? (Score:3)
Yes, but poison requires access. You have to be close enough to put it in the target's food or drink, or inject the target with the poison. Shooting the target leaves evidence - the bullet etc. However, this is a wireless attack, with a good antenna it probably can be done from quite far away and would leave no evidence.
Re:Murder by computer virus? (Score:2)
Re:Murder by computer virus? (Score:2)
It's things like this that make me wonder if maybe dick cheney's new heart, which is uncommon for a 70 year old to get, might have been in part a security issue with the device he did have (not necessarily a problem like the one described in TFA).
Re:Murder by computer virus? (Score:2)
Needn't be "kicks", and could be for profit.
Re:Murder by computer virus? (Score:2)
The top science person of a "bad" research centre.. That lone wolf blogger who "was" somebody/got a real story....
You really think all the interest in home wireless is just to watch your web cam, track your power needs and log your mail/web 2.0 use?
http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/ [wired.com]
Re:Murder by computer virus? (Score:2)
Or a lunatic could cough at you with the flu and kill you. Stop the paranoia.
Re:Murder by computer virus? (Score:2)
It wouldn't really be a virus.But instead a direct attack.
Stuxnet could cause death too, with poorly designed lockouts ( for example ). Just have a robot wait a few moments after the lock is engaged then swing wildly.. trying to catch a person in the cage with it.
Next up (Score:4, Funny)
McAfee releases an antivirus product for insulin pumps.
Re:Next up (Score:3, Funny)
Insulin pump performance degraded, people die from not getting injections.
Re:Last year (Score:3)
Easier than that. (Score:2)
Re:Easier than that. (Score:2)
Or, you know... conscience.
Re:Easier than that. (Score:2)
That's just the thing though, with this exploit, you could kill that old lady at a distance in a way that looks like an equipment malfunction and leaves no evidence that you were ever there. It's a much smaller pool of potential victims and a smaller pool of potential perpetrators, but a much lower risk crime.
All in all, I think people with an insulin pump would rather not have the vulnerability.
Re:Easier than that. (Score:2)
Eating a twinkie is too hard?
Re:Easier than that. (Score:2)
It depends on whether you have to adapt the "virus" to the specific device or not. If not (or you can write a script to do that for you automatically), then someone may just walk with a transmitter programmed to send the virus in a busy street or some concert and see how many people die. After all, there are serial killers who do it for the fun of killing, not the money or something else.
The Matrix (Score:2)
The Matrix giveth, and the Matrix taketh away.
Glaring errors in the techweek article. (Score:4, Informative)
An insulin pump is NOT implanted inside the user's body, and it is NOT a medical implant. A small, disposable cannula attached to the pump via plastic tubing is inserted by the user under the skin just a few mm, and is exchanged by the user every few days. There is no permanently inserted component to an insulin pump.
Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth! Someone who is not insulin resistant using a 200 unit model would get 6, 7 days out of it tops. People who use the bigger ones because they are very insulin resistant might use 300 units in just a couple of days.
The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."
This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains. Some people require a very large amount of insulin for very small amounts of carbs, some people require barely any insulin for a large amount. Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."
While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full. But that's all assuming we're taking someone who has clearly made several mistakes in their reasoning for their word when they say they can access these devices.
If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump. It would involve the manufacturer mailing you a replacement and you switching it out.
Re:Glaring errors in the techweek article. (Score:5, Informative)
An insulin pump is NOT implanted inside the user's body
Except when it is [diabeteshealth.com], although you might have to live in Europe to get it [diabeteshealth.com].
Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth!
In an implanted pump, it probably would be a larger supply.
The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."
This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains.
I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.
Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."
Again, a simplification, but I'm not sure it's a severe oversimplification in an article written for a general audience; it doesn't invalidate the point of the article.
While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full.
Well, for an implanted pump, it could be a lot more than 300 units; how fast it takes action is another matter, so maybe spending a while with your local store's entire supply of orange juice might be sufficient.
If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump.
Again, not for an implanted pump.
Re:Glaring errors in the techweek article. (Score:2)
The version that is out there is 20 years old and is basically being maintained, there isn't new models coming out all the time. Common approaches to security 20 years ago is not the same as we would view them now.
Yes, it is something that should be addressed in future models (if they ever appear) but the GP points about pumps are much more relevant when there are thousands more external pumps than there are implantable ones.
Re:Glaring errors in the techweek article. (Score:2)
Of course you can just, 'um', check wikipedia http://en.wikipedia.org/wiki/Insulin_pump [wikipedia.org]. So not all insulin pumps are wireless just some, some are even bluetooth. Simplest wireless security that doesn't need any money going to macaffee, an on/off switch for the wireless controller and just to make sure a red warning led when wireless is active . As for security some units have a backup controller which checks the main controller for accurate function many times a day.
Re:Glaring errors in the techweek article. (Score:2)
As for surviving a 300-unit overdose... well, for me, that would require about 3,600 grams of carbohydrate to make up for it. Which is to say 3.6 kilograms of pure sugar. I don't think I even have that much in the house, and it might be pretty hard to consume it all in about 3 hours even if I did. So my only chance would be to get to a hospital and get enough glucagon (the antagonist hormone to insulin) to counteract it. That's assuming I even noticed in time: yes, I could feel it if the insulin were delivered all within a few minutes, but there's no reason why they couldn't just deliver it at the normal rate, which would take about an hour, and would not feel like anything unusual. By the time it finished my blood sugar would already be going low, but honestly that happens pretty regularly, and my first instinct is not to check to see if my pump has mysteriously delivered its entire reservoir at once, it's to eat 15 grams of sugar and see if it gets better after 15 minutes.
Re:Glaring errors in the techweek article. (Score:2)
I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.
A 16oz Filet Mignon has zero carbs.
...which is why I mentioned it - it's arguably a heavy meal, but no bolus would be needed.
1/8 of a chocolate cake (with icing) would be 35 carbs. Think Carb = Sugar, and you're right.
As long as "Sugar" doesn't mean only "actual sucrose or glucose or fructose or... in the dish"; a nice big plate of rice would not have much of those simple sugars, but it'd have a pile-o-carbohydrates (about 51 g/cup of cooked white rice, and 45 g/cup of cooked brown rice, if I remember correctly).
Re:Glaring errors in the techweek article. (Score:2)
Maybe if you live on the equator.
At least modern insulin is far more stable than that, I run through a solostar in about 2 weeks, it certainly doesn't get int he fridge, neither do my Humalog carts, I use one of those in 10 days.
Next you'll be telling me that I should change the needle more than once a cartridge, or my lancing device needle more than once a... ever.
Re:Glaring errors in the techweek article. (Score:2)
actually, implantable pumps exist (Score:5, Informative)
There are different kinds of pumps. The most common is the type you describe, but there are in fact implantable insulin pumps which get refilled via syringe, and this is the type described in the article:
"The pumps hold 300 units of insulin, enough for about 45 days, and are refilled by a syringe."
99% only notice when they are awake. (Score:2)
Do not discount the threat of this process overnight. With my mom's history her real danger is at night. She has slept through the pump alerts including vibration. There are advantages to having a small dog or two on the bed.
Re:Glaring errors in the techweek article. (Score:2)
I am around 1 unit to 4 gram insulin:carb ratio, so, 300 unit bolus is circa 1200 grams of carb, 1.2 kg (2.64 lbs) of (somewhat rapidly absorbed depending how quick you got onto it) carbs.
Probably unpleasant but not impossible, if your life depended on it. What does a typical bottle of coke contain? It wouldn't have to be instant if you caught it early enough, spread over an hour wouldn't be so bad.
Re:Glaring errors in the techweek article. (Score:2)
What a shit design... (Score:2)
... it seems like if beaming a RF signal is all it takes to control the device, it's a terrible, terrible design.
If I were designing an implantable device that I wanted to be robust to attacks like this, I'd build in a two-stage security system. The first would be a piezoelectric element connected to an oscillator tuned to a particular frequency that acts as a switch for the radio receiver; only when exposed to a strong signal at the appropriate frequency will it even start *listening* for an RF signal. The advantage of this is that sound propagates quite strongly directly through tissue; it would be very difficult to trigger the receiver by just shouting at it, but fairly easy to just strike a tuning fork of the right frequency and place its base on top of the device, relying on the very strong mechanical coupling through the skin to amplify the transmission. If you want, make the frequency 440-A -- the goal here is not security through obscurity, but to require physical contact with the patient.
This turns on the RF receiver itself, which would then require authentication with some standard key-exchange method before agreeing to do whatever. The acoustic trigger is both there to serve as another "factor" for two-factor authentication and to guard against any sort of DoS attack by making the radio not even pay attention until some condition is met.
Re:What a shit design... (Score:2)
That's like saying "we should have a phone that we call to turn on the phone we want to call". If they're going to require solid contact with the patient, they might as well use some sort of contact-based communication, like ultrasound or small currents or whatnot. What if you have a jumper sticking out of your arm, and when you short it, the RF control mode is activated? (I'm only half joking)
300 feet of wireless stupidity (Score:3)
Who needs to update their heart from 300 feet away? One of the articles discusses encryption as a solution -- because the person is an idiot. My heart doesn't have any encryption. It has one very important security feature: it doesn't talk to devices 300 feet away.
It's very easy to screw with my organs, you come up to me and you hit them. It's really easy.
So who decided that an insulin pump needed full-range wireless connectivity? How about 3 inches. 3 inches would have been great. It's already refilled by a seringe. Ignoring, for the moment, that a seringe-like probe could have updated it without anything being wireless, a simple short-range induction or vibrational signal, or even IR -- actually, IR would have been fantastic because it would have been obscured by clothing, a security device that has resulted in every doctor everywhere asking patients to disrobe, and then leaving for another random amount of time.
but no, let's use a technology designed for long-distance communication. We talk to space telescopes and voyager probes this way, so it clearly makes sense that implanted devices be accessed this same way -- you know, in case voyager wants to screw with us.
Re:300 feet of wireless stupidity (Score:2)
The Borg, Skynet, The Matrix...sure, let's connect a bunch of machines in our bodies wirelessly and hope they don't kill us.
Re:300 feet of wireless stupidity (Score:2)
like I said, light, even visible light works. vibrations also work. and anything blocked by clothing works. or hey, here's a bright idea, uni-directional wireless ought to be as easy as a headlight. require line-of-sight, which won't be reliable when a person is moving. or a hair-antenna as a contact device. one blue hair. or go full wireless but require a vibrational authentication. make me punch myself to authenticate an update. or make me use a device with a set vibrational authentication pattern -- like any cellphone could be made to do. none of those require any additional power. certainly not a vibration sensor, and certainly not IR.
anything but nothing.
Re:300 feet of wireless stupidity (Score:2)
yeah, but we're talking here about: a) a medical device b) being updated occasionally c) as opposed to surgery d) to deal with an injury e) that can kill you
I think that's ok.
When they're not protecting your computer... (Score:2)
... they're figuring out how to kill people.
Isn't THAT wonderful news?
Why? (Score:2)
Why does this kind of security vulnerability even exist in this day and age? Considering how compact solid state data storage is these days, there's no reason I can think of whatsoever that a vulnerability like this should exist. This is the perfect use case for a one time pad. It's simple. You generate some random data and save a copy of it on three storage devices. One copy goes into the pump, another copy goes into the external wireless controller, and the last copy goes into a safe somewhere. When the wireless controller wants to send instructions to the pump, it xors them against the random data. The pump then xors what it's receiving against its copy of the data to decrypt it. If the controller ever gets lost, a new one can be programmed with the copy of the data that's in a safe somewhere. Provided the control instructions to the pump are long enough, that method makes it virtually impossible to attack the pump without getting physical access to the pump itself, the controller, or the copy of the data securely locked in a safe.
It's like no-one even considers security. Maybe the manufacturers of these pumps take their cues about security from the credit card companies.
Re:internet (Score:2)
Re:internet (Score:3)
It isn't connected.
But it could be (then you would patent it, I suppose.)
While this is interesting and all and potentially could be used at a high value directed target, as a general problem it's pretty limited. There aren't many insulin pumps out there, there are several manufacturers and I would imagine the exploit is device specific.
I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.
Re:internet (Score:5, Interesting)
Re:internet (Score:3)
Re:internet (Score:3)
Ahh, but this is nearly undetectable. While some people COULD come together and go all CSI and maybe find a few suspicious people, it wouldn't be 'beyond a shadow of a doubt' to see someone standing around in front of Walmart with a backpack on.
Relative safety increases the chances some psycho is going to try to fulfill their desires. If people suddenly had a 99% chance of robbing a bank and getting away with it, there'd be a lot more bank robberies.
Re:internet (Score:2)
Re:internet (Score:2)
Re:internet (Score:2)
Re:internet (Score:3)
All it takes is a vulnerable wireless router with a sufficiently flexible transmitter, and the ability to scan for a nearby victim.
Or, you know, a gun. And anyone nearby for a victim.
Re:internet (Score:2)
Re:internet (Score:2)
Wait, what? Are these medical devices connected to the internet? If you need to use typical wireless, the range and "visibility" won't be that different from a gun, though I guess people sometimes do call the police when they hear gunshots (though not in some neighborhoods I've lived in).
Re:internet (Score:2)
No, no, that's not the idea. The plan is this:
1. Find some kind of radio that (a) is online, (b) is common, (c) can be hacked into, and (d) can be tuned to interact with the medical devices. This lets you connect the medical devices to the Internet. It may very well be impossible to find such a device, or it may be as common as a cheap Chinese phone with built-in FM transmission for car dashboard integration. I dunno. Too tired to RTFA.
2. Break into a large number of these radios and scan the area around them for potential targets: anyone with the right insulin pump will do.
3. Figure out who they are, through proximity to the base station over a long period of time, and social network activity.
4. Send e-mails threatening to give them a lethal dose of insulin unless they send a bunch of money.
Like malware that demands money or destroys your computer, it's a pretty comprehensive form of blackmail. And unlike your gun proposal, it's a lot harder to trace. I agree that this offers very limited benefit to an assassin, largely because of the convenience of so many non-insulin-pump-related methods of murder, but for something like mass blackmail, where the incentive is to make money rather than kill, the potential is much more scary. Never before have people been able to threaten death on people without being physically present in some way.
Re:internet (Score:2)
The fact they can be hacked is bad news bears and should be corrected but I think your hostage situation is a bit imaginary.
Re:internet (Score:3)
To be clear here, the wireless in use has nothing to do with WiFi aside from being radio communication. You cannot control/hack/disable these things with a wireless router - they require very specialized equipment to produce the correct radio signal.
Still, not great, but nothing new by a long shot.
Re:internet (Score:2)
Re:internet (Score:3)
Re:internet (Score:2)
Joke's on you. In the right mode, Slashdot would have parsed that.
Re:internet (Score:2)
Re:internet (Score:2)
Because wireless is cool! Being wired is just so 5 years ago.
Re:internet (Score:2)
"Because wireless is cool! Being wired is just so 2000 late."
FTFY
Re:internet (Score:2)
It isn't connected.
But it could be (then you would patent it, I suppose.)
While this is interesting and all and potentially could be used at a high value directed target, as a general problem it's pretty limited. There aren't many insulin pumps out there, there are several manufacturers and I would imagine the exploit is device specific.
I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.
Apple has a patent on magnetically connected cables that they are pretty aggressive about protecting so that wouldn't work. On the other hand I have a deep fryer that has a similar cable that pre dates Apple's implementation by several years.
Re:internet (Score:2)
I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.
Because they're implanted devices. Presently absolutely no-one has any good idea on how to reliably expose a control interface (say, through the skin) without creating a massive risk of infection, or just injury (from mechanical trauma if it snags on something or whatnot).
You also can't just go threading wires through a person willy-nilly like you'd need to do to create useful induction interface (not to mention the danger that you could probably talk to such a thing wirelessly anyway, with the body acting as a pretty good antenna).
Re:internet (Score:4, Informative)
Re:internet (Score:2)
I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.
Mostly because some people wear the pump under their clothes (means you don't have a clunky, pager-sized device sitting on your belt or in your pocket with a tube running under your shirt) and use a small wireless remote control to talk to it. The pump also uses wireless communication to talk to blood glucose meters and sensors, but that doesn't control the delivery of insulin.
Re:internet (Score:2, Informative)
Indeed. Lots of technology benefits from wireless access but does not have adequate security, if any.
http://www.ted.com/talks/lang/en/avi_rubin_all_your_devices_can_be_hacked.html
Re:internet (Score:2)
Re:wow, McAfee has fallen to new lows! (Score:4, Insightful)
You've really never heard of security companies coming up with exploits first so they know how to solve them in case somebody else has the same idea?
Re:wow, McAfee has fallen to new lows! (Score:2)
Finding a security vulnerability is not "making viruses". Would you prefer that this be first discovered by someone who's not so nice as to disclose their findings, so that insulin pumps just start mysteriously "malfunctioning" and killing patients?
Regardless of what you may think of the quality of McAfee's software, they're not being anything besides white-hat here.
Re:wow, McAfee has fallen to new lows! (Score:2)
It's called proof of concept.
Re:Wow (Score:5, Insightful)
So what?
If someone throws a rock into your windshield, you die. We still drive cars.
Hell, if someone sticks a knife into you, you die. Everyone uses knives.
If someone wants you dead, there are a miriad ways to do it. The problem is not with those attack vectors, but with the fact, that someone is after your life.
This is not a 'security breach', is is murder. And it takes a murderer to do it.
This is just another case of 'same old, but now on the intertubes/with a computer!!'.
Re:Wow (Score:3)
True, but most people don't come with "instant wireless death button" enabled.
And it takes a murderer to do it.
No, in this case it takes a script kiddie.
Re:Wow (Score:2)
True, but most people don't come with "instant wireless death button" enabled.
Pretty sure a bullet counts as wireless, unless someone's mugging you with a TOW missile. Not to say this shouldn't be secure on general principles, but the limiting factor on killing someone will always be the will to do so.
Re:Wow (Score:3)
I think the fear of this comes not from the fact that it's possible, but the fact that it seems much more difficult to investigate, and thus more appealing to a would-be killer, than other forms of murder. Harder to investigate translates to less likelihood of getting caught, which in turn translates into less apprehension about committing the crime.
Re:Wow (Score:5, Interesting)
Try essentially impossible to investigate. How many people do you walk within twenty feet of in any given week? Any given year? Now imagine that any one of those people might have been the person who injected code that waits a predetermined period of time, does something bad, and then erases the location where the time delay is stored so that the original value cannot be recovered after the fact.... Or worse, overwrites the time delay with a value that implicates someone else.
Re:Wow (Score:5, Insightful)
Re:Wow (Score:2)
If someone sticks a knife into me, I die, but he leaves evidence, maybe someone sees him. Throwing a rock into my windshield (when I'm driving) is quite difficult. Also, the murderer needs to be stronger than me, or I could fight him off or run away.
Shooting me with a pistol is loud and someone will most likely hear the gunshot, maybe see the killer running away with the gun or throwing the gun away. Also, a gun is quite difficult to get (in my country), I assume the murderer won't want a legal gun that can be traced back to him, but even to buy a gun legally you need to pass various checks.
Shooting me with a sniper rifle is difficult because it is difficult to actually obtain a sniper rifle and it requires skills to shoot accurately over long distances.
On the other hand, pointing a high gain antenna and running a pre-made script is easy and does not leave any evidence. Or just walking past me with a transmitter in pocket programmed to transmit the required codes.
Re:Wow (Score:2)
Re:Wow (Score:2)
A special "sniper rifle" would most likely be designed to be accurate over longer distances than a regular bolt action rifle. While it may be a bit easier to get a permit for a bolt action rifle, but then it would still be difficult to conceal it to get to the rooftop or wherever and to hit anything with it over a long distance, so it means that the killer would need to really want me dead to buy the rile, practice with it etc, compared to just downloading a couple of scripts to run on a Linux live CD.
Re:Wow (Score:2)
It's also worth noting that people throwing rocks off overpasses at cars has in fact killed a number of people, was done by 13 year olds (in at least one instance I recall) and has more or less led to all of them being enclosed in steel mesh to prevent anything much larger then a pebble being dropped/thrown off them.
Re:Wow (Score:2)
I'm sure it has, but I meant that it was difficult to hit the particular car with the target in it as opposed to just throwing rocks or bricks and hitting somebody.
In my country overpasses are not enclosed in a mesh, kids probably have better things to do than throw rocks at cars.
Re:Wow (Score:2)
I sort-of agree with you. One problem is the reduced evidence though. At this time, a murder would possibly not even be recognized as such. However, after a transitional period, forensics will get better and these devices will get secured with cryptography. The statement in the BBC article about not enough energy is nonsense. For example, you could interact while providing energy via a coil placed close to the device. And crypto done right does not require that much energy anyways. It is just a competence problem. I expect makers of these devices do not have actual experts on the use of cryptography on staff.
Re:All security experts.. (Score:2)
Well, they could ask four out of five doctors.
Re:All security experts.. (Score:2)
I always wondered why that fifth dentist didn't like sugarless gum...
Re:All security experts.. (Score:2)
Re:All security experts.. (Score:2)
Re:Ethics of publicizing this? (Score:2)
Re:Espionage/Assassination (Score:2)
With an aging population it seems terribly interesting that it could be possible to go after people wirelessly.
This is the important part, not now, but in the future. This is just a demonstration of what is possible, and how the mistakes that are being made now may effect all of us in the future.
From a recent talk by Cory Doctorow, http://boingboing.net/2012/01/10/lockdown.html [boingboing.net]
As a member of the Walkman generation, I have made peace with the fact that I will require a hearing aid long before I die. It won't be a hearing aid, though; it will really be a computer. So when I get into a car—a computer that I put my body into—with my hearing aid—a computer I put inside my body—I want to know that these technologies are not designed to keep secrets from me, or to prevent me from terminating processes on them that work against my interests.
We need to change the way that the industry and the regulators think about these kind of devices. Security by obscurity is just not good enough.
As patients (now and in the future) we should require/demand that all of the software in these devices is open source or they won't get certified for use as implants.
Many people on this site have said something along the lines of "If I were designing these devices then I would use [xyz] to make them secure".
The important point is that geeks like us aren't designing these devices, and for the companies that are designing these devices security isn't a priority.
Good security is expensive, both in terms of employing extra staff with the relevant expertise, and in terms of developer time to implement and test it. Unless peer reviewed security is required by their customers or government regulations, then it is just not enough of a priority to justify the additional cost.
The worst result from this kind of research would be that our politicos jump at a sound bite solution and make it illegal to own or design a device that could intefere with implanted medical devices. Preventing the good guys from testing their own devices, while making it easier for the bad guys by allowing manufacturers to get away with poor security.
The best result from this kind of research would be that we make peer reviewed security and open source code part of the requirements for certification of implanted devices. But that won't happen unless we keep pushing to make it happen.