Slashdot Mirror
Keeping Pacemakers Safe From Hackers
An anonymous reader writes "Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it." I had no idea that things have gotten so bad that hearts are being hacked.
If I could hack her heart, she'd really love me...
What do you mean they cut the power? How can they cut the power, man? They're animals!
Think anyone will complain that they won't be able to have full access to the hardware they purchased?
Moderation : -1 Conservative Viewpoint
I had no idea that things have gotten so bad that hearts are being hacked.
Well the article talks about how the threats have been demonstrated in the lab by a fella named Kevin Fu, but it doesn't mention it being a major problem right now:
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.
So this defense seems primarily like foresight rather than a hindsight, "Shit fixitfixitfixtfixit!" moment...So in response to your pondering, I don't think too many hearts are being hacked right now, nor that things have gotten that bad. Rather, it just seems like two security researchers are doing their job to keep the defensive actions one step ahead of offensive actions...
Motorcycles, Robots, Space Gossip and More!
Coworker had a pacemaker put in. Said she held on to two connectors and they could change the rate by sending signals through one arm, through the pacemaker to the receiver in the other.
I joked with the tone generator (for phone equipment) with other employees, but not with her.
I have a spinal implant, which is basically an implanted tens-unit, that I use to block the pain from the degenerative disease I have. Although the device has a top level setting, it still hurts if I crank it up that far. If someone was able to remotely turn on my device and turn the intensity up and shorten the waveform they could bring me to my knees. If I couldn't turn it off I'd be in some serious trouble, since I couldn't flee.
As much as it's not life-threatening in my case, it's still pretty damn scary. I can't imagine having a pacemaker that could be disrupted remotely. Although talk about a great tool for the CIA for remote-kills.
Someday, some geek will try to overclock his artificial heart...
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst,...
It must have been rough in college for him.
CS Professor: Now when you call function Foo.
Fu: What professor?
Um, nothing. Back to Foo.
Sir?
Nothing. Anyway the function, let's call it, "Bar" instead. Now when you call "Bar"
John Barr, another student: "What sir?
Professor: Is there anyone named ABC?! Good! Now when you call function ABC ...
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Like bullets? Or would only a throwing ax count as hacking?
Too late
I haven't heard any reports of people having them hacked. We had an internet-connected pacemaker, and reports that they could be hacked.
I had always assumed that there was a limited range that the interface device could be used with my pacemaker. Perhaps this will be incorporated next time I go in for a battery change.
An EMP would still be more effective as an attack though.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
And some bad metal band will actually write a song called "overclock my heart". I can see the tributes to Motley Crue now...
"All great wisdom is contained in .signature files"
One half of winning the hearts and minds of the people could be done using only a wireless PDA
... was when a colleague (in a discussion on software quality) said I was the only person he'd trust to program his pacemaker.
Looks like the "web of trust" is getting spun a bit wide these days.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Even if the wearer is the worst scumbag on earth, killing him certainly isn't the right thing.
The Tao of math: The numbers you can count are not the real numbers.
But all you really need to launch a full-out wireless attack on a pacemaker is a microwave oven. D'you think they're working on a patch for that?
I am afraid I have to disagree with you.
The article is about the fact that those advanced life supporting technological implements are possibly inherently unsafe if they both allow remote manipulation *and* are not properly authenticated. There is no discussion about any motive at this point.
The other subject (wiretaps) is highly more controversial because current governmental wire-taping policies in the U.S. are not necessarily backed by the judicial system but are basically carried out by executive orders - and some believe this is contrary to the wording of the 4th amendment of the U.S. constitution (protecting against unwarranted searches) and thus legitimizes some form of civil disobedience - hence the sympathy for those developing the means to do just that.
This leads to fears by some that our current society is leaning towards an Orwellian 'Big Brother' like world - where wire-tapping is not performed to incriminate specifically targeted individuals on the ground of a judicial inquiry, but rather as a random sampling method.
Then again...
--Ivan
Who, oh, do you mean the draft dodging guy who smokes hashish and sleeps with hippie chicks while writing crazy ass cyberpunk drivel?
I'm quite sure he's referring to William Gibson, the Tony-Award-winning playwright and novelist who died last year at the age of 94, still writing. His best-known work is "The Miracle Worker," a true American stage classic.
Why anyone on Slashdot would refer to that other William Gibson is beyond me.
This gives a whole new meaning to heart attack.
Someone had to say it.
https://www.eff.org/https-everywhere
My dad got a defibrillator fitted a year back. It has bluetooth and 5mb of memory. I didn't want to connect to it since killing a parent at Christmas would probably sour the mood.
3 months ago he got it updated and was ill for 4 weeks until a new patch came(although I suspect he milked it a bit for attention). Apparently an overflow in the software was causing small discharges! We don't need to protect against hackers, protecting against the programmers would be a good start. At least I can go around and say that my doctor flashed my dad. :D ..AC because I don't want my family medical history on the net.
Don't go hacking my heart
I could if I tried
Honey please forget my wireless
Baby I'm not that kind
Don't go hacking my heart
You take the beat out of me
Honey when you knocked on my port
My heart gave you my key
Nobody knows it
When I was down
I was your pawn
Nobody knows it
Right from the start
You stopped my heart
You stopped my heart
So don't go hacking my heart
I won't go hacking your heart
Don't go hacking my heart
On a slighly different note. I wonder if Captain Crunch could freak an ear implant?
I reserve the write to mangle english.
Way to miss the joke, moderators. Jayme was just playing along.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
The fact that he sleeps with hippie chicks places him head and shoulders over the average /.er
Scientists point out problems, engineers fix them
altslashdot.org: The future of slashdot.
Dick still has some interdiction contacts in the CIA.
Step 1) Take a large, sharp knife.
Step 2) Insert forcefully into sternum
Step 3) ?
Step 4) Profit.
Would it be too much to ask that these things not communicate wirelessly? It seems to me that this just unnecessarily multiplies the threat. (Everyone here should remember the shit storm over RFID passports). They really should use a contact based communication system in such a critical application like this. I suggest the transmitter use a small solenoid to tap (like Morse code) on a sensing plate glued to a rib.
Usually results in a shortened lifespan of the pump.
Personally I'd rather just update to Neurons 2.0
..........FULL STOP.
Oh Thufir, I see they've installed your heart plug already.... Don't be angry. Everyone gets one here.
Well, it's my life to risk and my informed decision to make.
Which part of "informed" do you not understand?
Please help metamoderate.
Improvement? Are you implying that any manufacturer of an implantable device uses Windows. None do, that I am aware (and I am aware). You can't get 5-10 years of device life from a 15-35cc package using such an inefficient OS. They also don't use Bluetooth, or WiFi.
The activation circuitry is usually passively powered. It is very unlikely somebody wouldn't notice somebody holding a programmer by their chest.
True enough. If you wander out on a hypothetical limb, though...
With all the recent R&D going into wireless power, wireless device charging, etc., and a couple of companies claiming things like 80 cm charging ranges - and this for a consumer device, which requires a lot more juice (most likely) than the passive implant activation circuitry - might it not be conceivable that at least this second point of your argument will eventually be worked around?
Scary thought, that. Modified wireless power equipment, and a dodgy employee at a medical devices company willing to sell comms protocol documentation, and you might be able to affect implants from (maybe) 2-3 metres away. That's something I could believe is possible with time.
I'm not a doctor, and I don't have a pacemaker - I'll start with that as a disclaimer. However, I do have a general idea of how pacemakers work. They don't control the blood flow like a valve, they shock the heart to maintain the heart rate. They're remotely programmable to allow a doctor to change the rhythm, or change when it activates (they have sensors as well) - without having to perform a difficult, invasive and rather dangerous surgery again. There are many reasons for doing this, for example: the patient's needs change as they age or there is a more optimal rhythm for the patient.
More information: http://en.wikipedia.org/wiki/Artificial_pacemaker or if you don't like wikipedia: http://www.webmd.com/heart-disease/abnormal-rhythyms-pacemaker
Hang on, didn't RSA get encryption going in pacemakers some time ago when they were still using Z80 cpus to drive the things?
I have one. I get "tuneups" every six months. Pretty cool how they can change its settings with a wireless interface and a few taps of a touchscreen.
Last time I was in for a data dump on my pacemaker, my cardiologist excitedly explained "there are a _google_ combinations of settings on this device!" Then he paused, and grudgingly conceded most of them would kill me.
Even if allowed to replace implanted medical firmware, such hacking would be unpopular. We all know how reliable fixes, tweaks & updates to software are (i.e.: NOT). A single "oops" could leave the user unconscious in seconds and dead in minutes; even if not a terminal error, screwups can range anywhere from very uncomfortable to subtly distressing. During early diagnostic runs post-implantation, several times I found myself in a fetal position as a bug (!) caused repeated serious abdominal convulsions (didn't hurt, but did cause uncontrolled laughing in a "MTV Jackass" kinda way); nobody ever figured out why (technician: "did I do that?", me: "YEAH!!"). Later I found sleeping on my left side was undesirable, as natural abdominal compression caused diaphragm twitching with each pulse - harmless, but distressing enough to stop the practice (later resolved by reducing lead voltage and increasing pulse width, affecting battery life). When asked what the failure condition symptoms would be, my cardiac surgeon said simply "you'll pass out" (implying not waking up - ever).
Yes, the libertarian principles exist to demand patients have self-funded access to medical gear allowing reprogramming of implanted pacemakers or other medical devices. Absolutely I stand in support of such a notion. In practice, however, methinks this will be - shall we say - a self-correcting issue: those who do, and make mistakes, will die.
Can we get a "-1 Wrong" moderation option?
Why do you assume that a programmer password is needed to ensure some level of authentication? At least some of these devices are designed with a decent set of cryptographic protocols to prevent just the sort of random attacks that have been wildly speculated on this list. There is an arrogance in the security community that all companies are ignorant, out only for profit, and will blithely ignore the safety of the precise patients that they are in business to protect.
If a password was required on a programmer, the first thing that would happen in the programmers in an ER would be a post-it note on the unit with its password. Security Fail. There is a balance between fast access to these devices in an emergency, and the protections needed to ensure they are not tampered with when the patient is away from their physician. Security can be provided by ensuring that it is not possible to authenticate a programming session from a long distance, and that protections are in place to prevent hijacking of active sessions during programming. In an industry driven by safety risk assessment, there is considerable awareness of the potential threat, and mitigations in place to address it. The question was always "who would want to hack such a device" and that was answered last year. Academics in search of publicity (and the funding that follows).
By the way - the device in the original paper was an old device, removed from a patient because the battery had expired. It had been designed in the late 1990s. Significant changes have happened in the subsequent decade, but the authors chose to draw a line from that one data point and assume that designs were just the same today. That is just bad science...
You aren't really disagreeing...
Actually, actively fighting a government's law-enforcement effort is no mere "disobedience". But that's hair-splitting. But you missed the other — wouldn't it be comparably legitimate to try to punish a scumbag (such as a "pig") with the pain and discomfort of malfunctioning pacemaker? Certainly, inquiring minds need to know, and the researchers themselves wouldn't be doing anything illegal, so they should be applauded and allowed to continue using taxpayers' research money...
Being from where I was born and raised, I understand these fears better than many. But I can see, where this same logic can be applied — people praising DoS-ing police, if they were consistent in their beliefs, should also be praising research into hijacking the medical devices...
But if they were really consistent, these same people would never allow the Government to extend itself into controlling health care either, or the Internet ("net neutrality"), or TV and radio ("fairness doctrine"), etc. One observer — herself a life-long Democrat — for example, wrote in August:
In Soviet Washington the swamp drains you.