Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keeping Pacemakers Safe From Hackers

Posted by samzenpus on from the blackest-of-black-hats dept.

An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.

10 of 167 comments (clear)

  1. Hearts Being Hacked by BJ_Covert_Action · · Score: 4, Insightful

    I had no idea that things have gotten so bad that hearts are being hacked.

    Well the article talks about how the threats have been demonstrated in the lab by a fella named Kevin Fu, but it doesn't mention it being a major problem right now:

    The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.

    So this defense seems primarily like foresight rather than a hindsight, "Shit fixitfixitfixtfixit!" moment...So in response to your pondering, I don't think too many hearts are being hacked right now, nor that things have gotten that bad. Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...

    --
    Motorcycles, Robots, Space Gossip and More!
    1. Re:Hearts Being Hacked by skgrey · · Score: 4, Insightful

      Spinal implants and other non-heart related implants do allow wireless communications. That's how I turn on and off my spinal implant. Granted it only seems to support a distance of within a foot of the implanted battery pack to the controller, but still. I honestly don't know if it's the controller or the receiver that requires that distance though.

      Guess which website I'll be visiting tonight?

    2. Re:Hearts Being Hacked by Ungrounded+Lightning · · Score: 4, Insightful

      To take control and use that for various purposes, like money making or DoS? Not really meaningful.

      You're still thinking in a "people playing with computer networks" category.

      Criminals could use it for extortion.

      Criminal gangs and governments could use it for murder / assassination of high-value targets.

      Terrorists ditto and they could also use killing or disrupting the health of random people or groups of them as a terror tactic.

      Remember the gadget that sent out the infrared "turn off" code for a bunch of different makes of TVs and monitors? And how much fun some people had wandering around trade shows with it? Now imagine a radio key-fob that sends "cause fibrillation" to pacemakers, in the pocket of your friendly neighborhood terrorist as he walks or drives around the city (or just sends the signal occasionally via a BIG transmitter.)

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    3. Re:Hearts Being Hacked by maxwell+demon · · Score: 2, Insightful

      It's not very often that hackers (by definition, intelligent people) do something purely and solely for the reason of being an asshole.

      I guess the fear is not about hackers trying to be assholes, but actually planned murder using the pacemaker as "weapon". Indeed, if the attacker can change the pacemaker to operate normally again afterwards, it might actually be the perfect murder.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  2. Re:No Locked Hardware! by iamacat · · Score: 4, Insightful

    If your life, health and well being depends on being able to tune the device, having DRMed firmware would suck pretty badly. If some doctor tunes the pacemaker to enable short burst higher rates so that, for example, I can climb a flight of stairs comfortably, I should have a right to install the update.

  3. Re:Hacking hearts by MrSenile · · Score: 2, Insightful

    If you attacked a pacemaker, they'd wind up pretty heartless as well.

  4. Re:No Locked Hardware! by jpmorgan · · Score: 3, Insightful

    These are implantable medical devices we're talking about. Forget DRM, to achieve the kind of world you're dreaming of would require a massive overhaul of the medical regulatory system. Personally, I question the wisdom of a world where patients can replace firmware on their medical devices with stuff they find on the internet. The medical profession frowns upon self medication for a reason.

  5. Re:No Locked Hardware! by iamacat · · Score: 3, Insightful

    Well, it's my life to risk and my informed decision to make. What if the bug which is killing me is in the original firmware?

  6. Re:No Locked Hardware! by DrugCheese · · Score: 3, Insightful

    The medical profession frowns upon self medication for a reason.

    Yeah, because they're missing out on the MONEY.

    --
    *DrugCheese rants*
  7. Re:*Sigh* by Anonymous Coward · · Score: 2, Insightful

    I'm sure they "got it". It's just not funny. Thespian. Lesbian. Yeah, they both end in "ian". And you're pretending to be "dumb guy". Hilarious. Yeah. They got it.