Slashdot Mirror
Keeping Pacemakers Safe From Hackers
An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.
...William Gibson is smiling quietly to himself.
If I could hack her heart, she'd really love me...
What do you mean they cut the power? How can they cut the power, man? They're animals!
Think anyone will complain that they won't be able to have full access to the hardware they purchased?
Moderation : -1 Conservative Viewpoint
I had no idea that things have gotten so bad that hearts are being hacked.
Well the article talks about how the threats have been demonstrated in the lab by a fella named Kevin Fu, but it doesn't mention it being a major problem right now:
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.
So this defense seems primarily like foresight rather than a hindsight, "Shit fixitfixitfixtfixit!" moment...So in response to your pondering, I don't think too many hearts are being hacked right now, nor that things have gotten that bad. Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...
Motorcycles, Robots, Space Gossip and More!
Coworker had a pacemaker put in. Said she held on to two connectors and they could change the rate by sending signals through one arm, through the pacemaker to the receiver in the other.
I joked with the tone generator (for phone equipment) with other employees, but not with her.
Wireless?
I have a spinal implant, which is basically an implanted tens-unit, that I use to block the pain from the degenerative disease I have. Although the device has a top level setting, it still hurts if I crank it up that far. If someone was able to remotely turn on my device and turn the intensity up and shorten the waveform they could bring me to my knees. If I couldn't turn it off I'd be in some serious trouble, since I couldn't flee.
As much as it's not life-threatening in my case, it's still pretty damn scary. I can't imagine having a pacemaker that could be disrupted remotely. Although talk about a great tool for the CIA for remote-kills.
Someday, some geek will try to overclock his artificial heart...
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst,...
It must have been rough in college for him.
CS Professor: Now when you call function Foo.
Fu: What professor?
Um, nothing. Back to Foo.
Sir?
Nothing. Anyway the function, let's call it, "Bar" instead. Now when you call "Bar"
John Barr, another student: "What sir?
Professor: Is there anyone named ABC?! Good! Now when you call function ABC ...
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Someone hacked Michael Jackson's pacemaker.
Apparently after that, his heart just couldn't beat it.
Thummmmmmp thump-thump
th-thumpity thump-thump
thumpity thump-thump
thumpity thump-thummmmmmmp
thumpity-thump!
Use a LARGE magnet !!!
Yours In Vladivostok,
Kilgore T.
Reminds me of the anime Ghost in the Shell Stand Alone Complex where the 'Laughing Man' (alleged terrorist) hacks people's cybernetic eyes to escape sticky situations.
Like bullets? Or would only a throwing ax count as hacking?
The same kind of people, who'd seek to learn, how to DoS a police wire-tap — and publish their "research" for all, could try to see, how to defeat this scheme too. And with the same justifications and excuses:
Somehow, I don't think, they'll be as well accepted as those other guys are... Which is really silly, because both are, essentially, sociopaths... Even if we all instinctively sympathize with the subject of a government wiretap, and the government could on occasion, be in the wrong, it is far more likely, that they are onto something real. (And if they aren't, then nothing particularly bad will happen to their suspect.)
An implant-wearer could, just as easily, be a real scumbag and somebody wanting to pain (or outright kill) him, could be doing the right thing...
In Soviet Washington the swamp drains you.
I haven't heard any reports of people having them hacked. We had an internet-connected pacemaker, and reports that they could be hacked.
I had always assumed that there was a limited range that the interface device could be used with my pacemaker. Perhaps this will be incorporated next time I go in for a battery change.
An EMP would still be more effective as an attack though.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
And some bad metal band will actually write a song called "overclock my heart". I can see the tributes to Motley Crue now...
"All great wisdom is contained in .signature files"
One half of winning the hearts and minds of the people could be done using only a wireless PDA
*Now* I know how to get her heart racing whenever she sees me.
Or is that too hard hearted of me?
Please do not read this sig. Thank you.
Most pacemakers use a reed switch that is only activated by a very close proximity specific magnet.
This allows the pacemaker to send information.
I am not sure how you would get this activated to be able to send/receive anything......
... was when a colleague (in a discussion on software quality) said I was the only person he'd trust to program his pacemaker.
Looks like the "web of trust" is getting spun a bit wide these days.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
by the man's heart beating in time to Beyonce's Single Ladies.
But all you really need to launch a full-out wireless attack on a pacemaker is a microwave oven. D'you think they're working on a patch for that?
This gives a whole new meaning to heart attack.
Someone had to say it.
https://www.eff.org/https-everywhere
My dad got a defibrillator fitted a year back. It has bluetooth and 5mb of memory. I didn't want to connect to it since killing a parent at Christmas would probably sour the mood.
3 months ago he got it updated and was ill for 4 weeks until a new patch came(although I suspect he milked it a bit for attention). Apparently an overflow in the software was causing small discharges! We don't need to protect against hackers, protecting against the programmers would be a good start. At least I can go around and say that my doctor flashed my dad. :D ..AC because I don't want my family medical history on the net.
Don't go hacking my heart
I could if I tried
Honey please forget my wireless
Baby I'm not that kind
Don't go hacking my heart
You take the beat out of me
Honey when you knocked on my port
My heart gave you my key
Nobody knows it
When I was down
I was your pawn
Nobody knows it
Right from the start
You stopped my heart
You stopped my heart
So don't go hacking my heart
I won't go hacking your heart
Don't go hacking my heart
On a slighly different note. I wonder if Captain Crunch could freak an ear implant?
I reserve the write to mangle english.
Way to miss the joke, moderators. Jayme was just playing along.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Dick still has some interdiction contacts in the CIA.
Why the hell would you need anything other than read only access to a few simple statistics for the thing?? It's not like you need to adjust the blood flow on the fly.
Surely the fucking thing either works, and they are alive, or it doesn't and they aren't. There isn't much in-between when you're talking about a 3 minute gap between blood flow stopping and brain damage.
I used to help create medical implants. Yes, they're susceptible to hacking, but in reality you don't have much to worry about.
First, most hackers do not have access to medical implants. Cost wise, a new one is about the same cost as car. Sure you might somehow be able to get one used, but most devices run on batteries you'd have to cut open their titanium cases to repower them since the communication sessions are very power intensive. To properly reverse engineer the protocol, you also need the programmer which usually only doctors have and are even more expensive and rarer than the devices. So the barrier of entry into hacking a medical implant is very high.
Second, for most devices you have to be literally a few inches away from the device to activate a communication session. The activation circuitry is usually passively powered. It is very unlikely somebody wouldn't notice somebody holding a programmer by their chest. If they're really sneaky they might be able to hijack a communication session in process, but at that point they victim is already in or very near the doctor's office.
Third, medical implants do not have a standard communication protocol. Every manufacturer has a different protocol and AFAIK they are all proprietary, so you need to reverse engineer them all unless you know what kind of device you plan on communicating with ahead of time.
So yes, it is security through obscurity, but the devices are tiny micro controllers and the programmers are doing their damnest to insure they have as few bugs as possible and use as little power as possible. The electrical engineers will laugh at adding additional circuitry onto a board for this security threat since inside of the human body is some of the most expensive real estate on the planet. The researches are creating solutions to a problem that is practically non existent.
Step 1) Take a large, sharp knife.
Step 2) Insert forcefully into sternum
Step 3) ?
Step 4) Profit.
Would it be too much to ask that these things not communicate wirelessly? It seems to me that this just unnecessarily multiplies the threat. (Everyone here should remember the shit storm over RFID passports). They really should use a contact based communication system in such a critical application like this. I suggest the transmitter use a small solenoid to tap (like Morse code) on a sensing plate glued to a rib.
Don't use windows embedded, it will be a major improvement.
If I can't have her heart I'll DoS hers so no one can.
Usually results in a shortened lifespan of the pump.
Personally I'd rather just update to Neurons 2.0
..........FULL STOP.
A pretty decent book:
http://www.amazon.com/dp/045120915X/ref=nosim?tag=sealarksgoodbook&link_code=as3&creative=373489&camp=211189
In the first chapter the main guy assassinates someone with a wireless pacemaker-hacking device :)
Oh Thufir, I see they've installed your heart plug already.... Don't be angry. Everyone gets one here.
Well, it's my life to risk and my informed decision to make.
Which part of "informed" do you not understand?
Please help metamoderate.
it doesn't work that way. A stronger transmitter won't help, because the communications is two ways. Physical proximity is required and many devices require a magnet to trip a reed relay in the device before communications can occur. Further, if you look at the research, it requires recording of commands/protocol from a programmer before you can communicate with a device. While some control units (remotes) can do some limited set of functions, the more dangerous interactions require a physician and programmer. Since these are prescription devices, changing the settings would be illegal (practicing medicine without a license.) Wouldn't it be easier to just hit the person with a baseball bat? You need about the same physical distance...
The latest models go far beyond that. They can actually be used in an MRI machine. Now if we can just keep people trying to reheat coffee in their MRIs, we'll be set.
This would probably apply to prosthetics as well. Many of the higher end microprocessor controlled knees have many sensors that can be monitored, and parameters that can be tuned via a wireless link.
Like this one.
Hang on, didn't RSA get encryption going in pacemakers some time ago when they were still using Z80 cpus to drive the things?
I have one. I get "tuneups" every six months. Pretty cool how they can change its settings with a wireless interface and a few taps of a touchscreen.
Last time I was in for a data dump on my pacemaker, my cardiologist excitedly explained "there are a _google_ combinations of settings on this device!" Then he paused, and grudgingly conceded most of them would kill me.
Even if allowed to replace implanted medical firmware, such hacking would be unpopular. We all know how reliable fixes, tweaks & updates to software are (i.e.: NOT). A single "oops" could leave the user unconscious in seconds and dead in minutes; even if not a terminal error, screwups can range anywhere from very uncomfortable to subtly distressing. During early diagnostic runs post-implantation, several times I found myself in a fetal position as a bug (!) caused repeated serious abdominal convulsions (didn't hurt, but did cause uncontrolled laughing in a "MTV Jackass" kinda way); nobody ever figured out why (technician: "did I do that?", me: "YEAH!!"). Later I found sleeping on my left side was undesirable, as natural abdominal compression caused diaphragm twitching with each pulse - harmless, but distressing enough to stop the practice (later resolved by reducing lead voltage and increasing pulse width, affecting battery life). When asked what the failure condition symptoms would be, my cardiac surgeon said simply "you'll pass out" (implying not waking up - ever).
Yes, the libertarian principles exist to demand patients have self-funded access to medical gear allowing reprogramming of implanted pacemakers or other medical devices. Absolutely I stand in support of such a notion. In practice, however, methinks this will be - shall we say - a self-correcting issue: those who do, and make mistakes, will die.
Can we get a "-1 Wrong" moderation option?
Why do you assume that a programmer password is needed to ensure some level of authentication? At least some of these devices are designed with a decent set of cryptographic protocols to prevent just the sort of random attacks that have been wildly speculated on this list. There is an arrogance in the security community that all companies are ignorant, out only for profit, and will blithely ignore the safety of the precise patients that they are in business to protect.
If a password was required on a programmer, the first thing that would happen in the programmers in an ER would be a post-it note on the unit with its password. Security Fail. There is a balance between fast access to these devices in an emergency, and the protections needed to ensure they are not tampered with when the patient is away from their physician. Security can be provided by ensuring that it is not possible to authenticate a programming session from a long distance, and that protections are in place to prevent hijacking of active sessions during programming. In an industry driven by safety risk assessment, there is considerable awareness of the potential threat, and mitigations in place to address it. The question was always "who would want to hack such a device" and that was answered last year. Academics in search of publicity (and the funding that follows).
By the way - the device in the original paper was an old device, removed from a patient because the battery had expired. It had been designed in the late 1990s. Significant changes have happened in the subsequent decade, but the authors chose to draw a line from that one data point and assume that designs were just the same today. That is just bad science...