Posted by
michael
on from the buffer-overflow dept.
tuiterwyk writes: "There's an article here on Techweb about manufacturers plans to give pacemakers and defibrillation devices internet capabilities. BSOD takes on a whole new meaning...." And so does 'denial of service attack'.
Re:Article scores -1, Flamebait
by
maggard
·
· Score: 5
Pacemakers generally maintain logs & are externally programmable, heve been so for years. This is used to fine tune their responses, to check the battery state, etc. They don't run an OS, at least not in the sense of Win/Mac/'nix, they're dedicated purpose devices.
There is no wire protruding out of a person's body, all communication is done via a small radio transmitter/reciever and a dedicated piece of hardware (though doubtless this could be duplicated on a PC.)
The pacemaker would presumably report in a two-stage process. Either a dedicated-purpose device or a reciever/transmitter (possibly connected serially/USB) would use a coded signal to cue the pacemaker to broadcast it's logs. These would be recorded on the dedicated device or a home PC and then transmitted online to the central site.
There the records (I'm guessing here) could be analyzed for warnnig signs, dangerous trends, etc. Likely if they exceed some threshold a flag will be set and a specialist will review the information.
I can't imagine any scenario where the pace-maker would ever transmit directly to an online site; there simply isn't the power available for that sort of direct telemetry. Therefore no sort of direct atttack, DOS or otherwise would be possible.
On the outside chance that remote reprogramming of the pacemaker were allowed I would be concerned, and of course there should be concerns over the security of one's uploaded logs, but from what's reported the whole situation seems very safe if possibly not entirely private.
Frankly I think you would do well to invest the 5 minutes to do a search, read a pacemaker FAQ & answer the rest of your own questions on your own.
-- I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
As someone who has a pacemaker...
by
DavidTC
·
· Score: 5
...let me tell you a little about them.
Many people don't know how they transmit and receive data. They use magnets. (Which, BTW, was the whole point behind the microwave prohibition, cause early microwaves spun off magnetic fields like crazy. Nowdays, microwaves have stopped that, and pacemakers only respond to very strong magnets. Still can't go inside power planets with big generators.)
Anyway, they have a little handheld device used to program the pacemakers using magnetic fields. They can send and receive data, obviously using some sort of modulation.
Now, pacemakers have all sorts of data that can programmed, like 'threshholds', which is how small a voltage in the patient's heart triggers a real voltage, and various other stuff, and they give out all sorts of data like how much battery life they have and how often they get triggered, and even patient's average heartbeat.
Now, all this data is completely unaccessable to me. Forget reprogramming, I can't even check the batteries. It would be nice to be able to access this information, but I have a few questions...first of all...WHAT THE HELL TOOK THEM SO LONG? Seriously. They go from no access at all to remote telemetry? Sheesh.
How about just giving me a handheld device to access it? Or a dialup phone access. I mean, we'd need a handheld device to hold against it anyway. Why haven't they come out with the thing earlier, to let us read it, without a computer link? Wouldn't have to be much, simply a 'magnetic modulator' and a tiny LED screen.
-David T. C.
-- If corporations are people, aren't stockholders guilty of slavery?
Seriously, this is just ridiculously stupid. There are some applications where a dedicated device is the most ideal device. Simple tools for a simple job, and there is much less chance of system failure.
Re:look at the applications...
by
CokeBear
·
· Score: 3
I can personally see where this has huge benefits. For example, if my Grandmother was in the hospital in critical condition, I would feel alot easier knowing I can check that she's OK anytime during the day by simply going to a web site. This frees up time for families with sick relatives and allows them to do such things as go to work to pay for the bills.
But what is the corrolary to this? When grandma is dead, do you want to learn about it from a website?
My father has one of these devices, and being able to have the cardiologists monitor and check the status of his ICD after or immediately before an event would be a godsend.
These stupid jokes about "fat slobs" and "people having crash carts in their chests" and "rebooting someone's heart" and "ping grandma" are all really funny, until you realize that these devices save people's lives, and people really die without them. I'm really disgusted that people find this stuff so funny. Though I generally consider my taste in humor to be pretty wide and esoteric, this is sick shit. That's like making fun of people with Alzheimer's or cancer - imagine a remote chemo device, leading to "haha, reboot his tumor!"
I am just disgusted, and I feel the need to go wash my hands.
Just think, UCITA give companies the right to remotely disable software, I don't want Microsoft or SUN remotely disabling my grandfather's pacemaker because he forgot to pay for his daily licensing fee!!!!
-- Sticking feathers up your butt does not make you a chicken - Tyler Durden
Re:they are out of their fucking minds!
by
sigwinch
·
· Score: 4
... but it is absurd that it will use the internet, and whoever is thinking that is a good idea should be fired and removed from anything even remotely technical.
This is pure uninformed hysteria, just like the/. story itself. Unless you're using physically-secure data links every step of the way (secure as in no wireless data, ciphers on every physical link, guaranteed QoS, and Marines ready to deploy when the intrusion-detection system finds something), then you're at the mercy of the public data networks. The Internet is not much less reliable than the phone system that supplies 911 emergency telephone services, and diagnostic data from cardiac equipment is rarely time critical anyway.
Sure maybe it'd be nice if these devices had an encrypted bluetooth/802.11
This is just pure ignorance. Heart waveforms aren't secrets and don't need encryption. All that is needed is simple authentication.
--
-- Kuro5hin.org: where the good times never end.;-)
New! Enhance your gameplay with the DirectPace API! Experience blackouts and redouts in your favourite flight simulator! Make those heart-stopping moments in your favourite action or adventure come alive!
I guess that's when it'd be time to call an ambulance.
--
NO CARRIER
Article scores -1, Flamebait
by
andyh1978
·
· Score: 4
Medtronic Inc., Minneapolis, demonstrated the Chronicle, an implantable heart-monitoring device now being clinically tested by physicians in applications where it
transmits critical patient information to secure Internet sites.
So how exactly do you get a denial of service attack against a system that only transmits and does not receive or process requests?
How about reporting news without inserting redundant pokes at certain software simply for the shock/sarcasm/controversy value?
"Right now, we have patients who often must travel two hours just to find out that nothing's wrong."
One of the things I remember from a bicycling book I read in high school was that a mirror could be relied on to tell it's user that it was not safe behind, but never that the road is clear. The same would seem to be true here. I'd trust the unit to tell the doctor that there were problems, but I would probably go into the hospital if it said everything okay and I felt otherwise.
I also wonder what sort of security we're talking about. I would hope the encryption is outside the patient, for easy updating in the event of an exploit. I would also hope that the internet related system is completely isolated and unable to interfere with the more critical aspects of the device.
Help, help!! This is the big one! The script kiddies are at it again.
(switch to ER scene)
Clear! (ping!) Don't time out on me!!! ----------
"Remember, your friends will stab you in the back for the price of an Extra Value Meal."
-- "For success, it is essential you have Thunderball Fists." "I can have such a thing?" "That's right. Thunderball Fists."
This could seriously save lives.
by
metatruk
·
· Score: 3
Imagine you have a heart condition. You're at home, and all of a sudden, you have a heart attack. This system notifies your medical care provider, which then instantly relays the information to 911, who then sends paramedics to your house to save you.
Or similar devices could be implanted in patients who have other illnesses, severe epilepsy perhaps? Respitory problems?
We could see a whole new line of devices that would be able to remotely monitor patients' health. Daily data could be compiled into a databse, so doctors can review organ operation when a problem comes up. Not all patients can give reliable information to their doctors either, Espescially the elderly:
"Have you been having problems breathing?"
"I'm not sure, I don't really remember"
could become "I see you've been having problems breathing, here's something I can do to help..."
I hope to see these devices appear more and more, because frankly, I think it's a good idea.
These depend on a server actually being up to trasmit to. I guess someone could DoS attack those servers, affecting patients by doctors not having the critical information in time. Which kinda supports michaels story comment, then again maybe not.
Slashdot Mirror
There is no wire protruding out of a person's body, all communication is done via a small radio transmitter/reciever and a dedicated piece of hardware (though doubtless this could be duplicated on a PC.)
The pacemaker would presumably report in a two-stage process. Either a dedicated-purpose device or a reciever/transmitter (possibly connected serially/USB) would use a coded signal to cue the pacemaker to broadcast it's logs. These would be recorded on the dedicated device or a home PC and then transmitted online to the central site.
There the records (I'm guessing here) could be analyzed for warnnig signs, dangerous trends, etc. Likely if they exceed some threshold a flag will be set and a specialist will review the information.
I can't imagine any scenario where the pace-maker would ever transmit directly to an online site; there simply isn't the power available for that sort of direct telemetry. Therefore no sort of direct atttack, DOS or otherwise would be possible.
On the outside chance that remote reprogramming of the pacemaker were allowed I would be concerned, and of course there should be concerns over the security of one's uploaded logs, but from what's reported the whole situation seems very safe if possibly not entirely private.
Frankly I think you would do well to invest the 5 minutes to do a search, read a pacemaker FAQ & answer the rest of your own questions on your own.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Anyway, they have a little handheld device used to program the pacemakers using magnetic fields. They can send and receive data, obviously using some sort of modulation.
Now, pacemakers have all sorts of data that can programmed, like 'threshholds', which is how small a voltage in the patient's heart triggers a real voltage, and various other stuff, and they give out all sorts of data like how much battery life they have and how often they get triggered, and even patient's average heartbeat.
Now, all this data is completely unaccessable to me. Forget reprogramming, I can't even check the batteries. It would be nice to be able to access this information, but I have a few questions...first of all...WHAT THE HELL TOOK THEM SO LONG? Seriously. They go from no access at all to remote telemetry? Sheesh.
How about just giving me a handheld device to access it? Or a dialup phone access. I mean, we'd need a handheld device to hold against it anyway. Why haven't they come out with the thing earlier, to let us read it, without a computer link? Wouldn't have to be much, simply a 'magnetic modulator' and a tiny LED screen.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
Didn't we already have an April First this year?
Seriously, this is just ridiculously stupid. There are some applications where a dedicated device is the most ideal device. Simple tools for a simple job, and there is much less chance of system failure.
But what is the corrolary to this? When grandma is dead, do you want to learn about it from a website?
Reality has a liberal bias
My father has one of these devices, and being able to have the cardiologists monitor and check the status of his ICD after or immediately before an event would be a godsend.
These stupid jokes about "fat slobs" and "people having crash carts in their chests" and "rebooting someone's heart" and "ping grandma" are all really funny, until you realize that these devices save people's lives, and people really die without them. I'm really disgusted that people find this stuff so funny. Though I generally consider my taste in humor to be pretty wide and esoteric, this is sick shit. That's like making fun of people with Alzheimer's or cancer - imagine a remote chemo device, leading to "haha, reboot his tumor!"
I am just disgusted, and I feel the need to go wash my hands.
Just think, UCITA give companies the right to remotely disable software, I don't want Microsoft or SUN remotely disabling my grandfather's pacemaker because he forgot to pay for his daily licensing fee!!!!
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I forgot to pay my AOL bill.. arghh
-- ;-)
Kuro5hin.org: where the good times never end.
New! Enhance your gameplay with the DirectPace API!
Experience blackouts and redouts in your favourite flight simulator!
Make those heart-stopping moments in your favourite action or adventure come alive!
(Medical insurance not included.)
Of course! Just watch:
Of course, that's Solaris' output for ping...most OS's don't really make it so obvious whether the patient is doing well.
$ ping Kyle
Kyle is alive.
$ ping Stan
Stan is alive.
$ ping Kenny
No response from Kenny.
I guess that's when it'd be time to call an ambulance.
NO CARRIER
How about reporting news without inserting redundant pokes at certain software simply for the shock/sarcasm/controversy value?
One of the things I remember from a bicycling book I read in high school was that a mirror could be relied on to tell it's user that it was not safe behind, but never that the road is clear. The same would seem to be true here. I'd trust the unit to tell the doctor that there were problems, but I would probably go into the hospital if it said everything okay and I felt otherwise. I also wonder what sort of security we're talking about. I would hope the encryption is outside the patient, for easy updating in the event of an exploit. I would also hope that the internet related system is completely isolated and unable to interfere with the more critical aspects of the device.
Help, help!! This is the big one! The script kiddies are at it again.
(switch to ER scene)
Clear! (ping!) Don't time out on me!!!
----------
"Remember, your friends will stab you in the back for the price of an Extra Value Meal."
"For success, it is essential you have Thunderball Fists." "I can have such a thing?" "That's right. Thunderball Fists."
Imagine you have a heart condition. You're at home, and all of a sudden, you have a heart attack. This system notifies your medical care provider, which then instantly relays the information to 911, who then sends paramedics to your house to save you. Or similar devices could be implanted in patients who have other illnesses, severe epilepsy perhaps? Respitory problems? We could see a whole new line of devices that would be able to remotely monitor patients' health. Daily data could be compiled into a databse, so doctors can review organ operation when a problem comes up. Not all patients can give reliable information to their doctors either, Espescially the elderly: "Have you been having problems breathing?" "I'm not sure, I don't really remember" could become "I see you've been having problems breathing, here's something I can do to help..."
I hope to see these devices appear more and more, because frankly, I think it's a good idea.
These depend on a server actually being up to trasmit to. I guess someone could DoS attack those servers, affecting patients by doctors not having the critical information in time. Which kinda supports michaels story comment, then again maybe not.