Hacking Medical Mannequins

An anonymous reader writes: A team of researchers at the University of South Alabama is investigating potential breaches of medical devices used in training, taking the mannequin iStan as its prime target in its scenario-based research. Identifying the network security solution and network protocol as the vulnerable components, the team was able to carry out brute force attacks against the router PIN, and denial of service (DDoS) attacks, using open source tools such as BackTrack.

"make a new Plan, iStan.."

[turkeydance]

and get yourself free.

Re:

[93 Escort Wagon]

There must be 50 ways to root your mannequin.

Backtrack is not a tool

[bleh-of-the-huns]

It is the name of a collection of tools, and it's not even called that anymore, it's Kali.

Re:

[plover]

From the students' paper:

Experiment Configuration

The student team had freedom to choose any network traffic capture tool for their study. The tools and environment used by the students included a Lenovo attack laptop running Microsoft Windows 8.1 Pro, Sun Virtual box (version: 4.3.8) with BackTrack 5 Release 3, iStan medical mannequin, iStan laptop running OSX Lepord (version: 10.5.2), iStan Muse software (version: 2.1), and a monitor used to display the mannequin’s vitals to the medical trainees utilizing Touch Pro display software 2.0

They used a BackTrack distro. Perhaps your problem is Slashdot's editor referring to what would more properly be called a "toolbox full of tools" as simply "tools"?

My problem isn't the description at all. It's that the front end to iStan runs in Adobe Flash, and these students somehow got credit for "hacking" it. That's like asking a 300# professional football lineman to tackle a grade school quarterback during a game of flag football.

Re:

[GNious]

That's like asking a 300# professional football lineman

I have no idea what that means ....
http://news.bbc.co.uk/sport2/h... [bbc.co.uk]

HYPE

[Anonymous Coward]

‘If medical training environments are breached, the long term ripple effect on the medical profession, potentially, impacts thousands of lives due to incorrect analysis of life threatening critical data by medical personnel.’

This is such hyperbolic bullshit.

The iStan is always operated by a trainer. The trainer would know it was misbehaving.

It's like saying that since med students sometimes learn by watching training material on a TV... and look - with a simple remote control, we can CHANGE THE CHANNEL ON THE TV! MY GOD! IMPACT THOUSANDS OF LIVES!!!

Source: I have a brain.

Re:

[erikscott]

Still, you could have a lot of fun with someone... this is the sort of thing that happens when you google "dental robot vomit":

http://www.nissin-dental.net/p... [nissin-dental.net]

http://techcrunch.com/2011/06/... [techcrunch.com]

------
"The 600 series had rubber skin. We spotted them easy, but these are new. They look human... sweat, bad breath, everything. Very hard to spot." -Kyle Reese

Re:

[ldobehardcore]

Those dental robots are horrific... C3PO was right when he said they were "made to suffer"

iStan hacked!

[grub]

The terrorist hackers programmed iStan to expand it anus and rectum to the maximum size then changed its MOTD to "iGoatse."

Rest not, evildoers, you will be extinguished in puff of drone-dropped Freedom Smoke.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Nidi62]

Is the macaroni and cheese already prepared? Because that could lead to ants.

Justice for iStan

[Anonymous Coward]

A vulnerable mannequin was brutally penetrated by a team of researchers from the University of South Alabama. The attackers spent several hours pounding every port of the victim with their tools.

What could go wrong?

[Bodhammer]

http://i1.wp.com/www.bitsandpi... [wp.com]

DDoS?

[Coren22]

Was it a DDoS or a Denial of Service attack? They are different...

Re:

[Coren22]

Yep, you know, denial isn't only a river in Egypt. You have yet to prove any of the points I made. You continue to try and brute force (DDoS?) until I give up, like somehow that allows you a win? But, you still haven't responded to a single point, only tried to claim victory when you haven't won yet.

Re:

[drinkypoo]

Don't waste your time, friend. No matter how cogent you are, APK will seize upon any minor point, declare victory, and shit all over the table. If you agree with him on one thing you must agree with him on all things or be a hypocrite. He's hardly the only insane bugger on Slashdot, though, so it's not even work poking him with a stick.

I don't see the point

[Anonymous Coward]

Ok, Stan the training dummy is hackable.

So why bother?

No challenge, so no bragging rights.
Not very useful except as a prank on nursing students.

Perhaps as a way to let an inept student pass a nursing exam?
Seems far fetched.

Maybe as a demonstration that other medical stuff that matters might also be hackable.
And of course as an excuse to publish a paper.

Euphemisms

[ChrisMaple]

This has gone too far. If you're making life-size latex love dolls, say so.