Researcher Reverse-Engineers Pacemaker Transmitter To Deliver Deadly Shocks

Bismillah writes "Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"

Vulnerability in pacemaker firmware?

[DikSeaCup]

Shocking!

Re:Vulnerability in pacemaker firmware?

[dkleinsc]

I'm shocked, shocked!%N#)NO CARRIER

Re:Vulnerability in pacemaker firmware?

[durrr]

There's pacemakers that only do the pacing.
There's ICDs; Implantable cardioverter-defibrillators that restores proper rythm after detecting arrythmias.
And there's combinations of the two. Most likely the pacemaker in question here is a combination device or they're actually talking about ICDs and not pacemakers.

A classic heart attack involves blocking of coronary arteries however and a defibrillator won't do shit for that. Defibrillations are made to terminate an arrythmic beat and restore the normal sinus rythm.

Re:Vulnerability in pacemaker firmware?

What if a person hits REBOOT, holds their breath, and has a lot of hope? Or am I just thinkin' like an ignorant redneck again?

Re:Vulnerability in pacemaker firmware?

Remember to disable fsck on startup!

Re:Vulnerability in pacemaker firmware?

[Ginger+Unicorn]

This is the second post I've seen in three weeks where someone has implied that pacemaker-induced heart failiure would somehow cause their modem to hang up. It doesn't make sense, damnit!

Re:Vulnerability in pacemaker firmware?

[dkleinsc]

You should familiarize yourself with the Rule of Funny.

Re:Vulnerability in pacemaker firmware?

[Rich0]

Sure, but any of those pacemakers can administer shocks to your heart. Whether they normally operate one way or another probably has little impact on whether somebody who can hack them can get them to do whatever. My understanding is that many pacemakers are capable of many modes of operation, since in terms of the hardware there isn't much difference. Kind of like how the ECU hardware in a sports car and a compact car might be the same, though the software might be different. Either way if somebody tells the thing to fire the spark when the cylinder is traveling up it will ruin your engine fast.

Re:Vulnerability in pacemaker firmware?

[Wandering+Voice]

Thanks. Now I'm reading all comments to that tune in my head.

Re:Vulnerability in pacemaker firmware?

[Jeremiah+Cornelius]

Dick Cheney option!

Re:Vulnerability in pacemaker firmware?

[Gilmoure]

You can program pacemakers to shoot lawyers in the face?!!!

Re:Vulnerability in pacemaker firmware?

[shutdown+-p+now]

They trip the cord with their foot as they fall from the chair.

Re:Vulnerability in pacemaker firmware?

[Randle_Revar]

You haven't wired your heart to your modem yet? Quit living in the past, man!

Re:Vulnerability in pacemaker firmware?

[tehcyder]

You should familiarize yourself with the Rule of Funny.

Repeating an inappropriate internet meme does not mean that you are being funny.

Re:Vulnerability in pacemaker firmware?

[tehcyder]

You haven't wired your heart to your modem yet? Quit living in the past, man!

What's a modem?

Re:Vulnerability in pacemaker firmware?

[Randle_Revar]

It's retro-cool, that's what it is!

Why are these approved?

[Errol+backfiring]

... he discovered no obfuscation efforts and even found usernames and passwords ...

How come such pacemakers were ever approved by the FDA?

Re:Why are these approved?

Because the FDA doesn't care about security. It's not in their mission or charter, and they don't test for it. Hopefully with issues such as this, that issue will be rectified.

Re:Why are these approved?

[nurbles]

The left side of the bell curve strikes again?

Re:Why are these approved?

Because the FDA doesn't care about security. It's not in their mission or charter, and they don't test for it. Hopefully with issues such as this, that issue will be rectified.

Uh, not their mission or charter? Care to tell me exactly what the fuck their mission and charter is, if it's somehow not trying to keep citizens safe from products produced by companies with crystal-clear motives (greed, profit), driven by executives with less-than-average morals?

Computer security may not specifically be their primary mission, but product security sure as hell is. And if it's not, then dismantle the whole damn organization, because clearly what the public thinks they do, and what they actually exist for, are two completely different things.

Re:Why are these approved?

[cultiv8]

This has been known since at least 2008. The Economist has an interesting article about the FDA slowly moving towards open source medical devices to improve the overall security and reliability of software in medical devices.

Re:Why are these approved?

[Errol+backfiring]

I worked for a company that does medical test (for the approval of new medicines) and there were quite a few rules for writing the software needed. This is "secondary" software in the sense that it only captures data and no life depends on it directly. I would expect unencrypted communication channels to prosthetics to be severely outlawed.

Re:Why are these approved?

[gweihir]

The FDA is clueless, susceptible to coercion and no competent independent security review was ever done.

Re:Why are these approved?

[Errol+backfiring]

Even the fact that an internal organ has or needs wireless capabilities baffles me. There are so many ways to abuse them! You can be tracked, for instance. Does Google have all the details of the pacemakers among the router data? Why not create a plug just under the skin so it is easily reached when needed? Wireless pacemakers literally are an unnecessary evil.

Re:Why are these approved?

[RobinH]

Actually the benefit of wireless is absolutely obvious: you can monitor battery levels, even update firmware in the event of a serious bug, without doing surgery, and without having wires protruding through the skin (which is itself a major infection risk).

Re:Why are these approved?

[gstoddart]

Maybe because the F stands for food and the D stands for drug?

Except, medical devices of all kinds are supposed to go through some fairly rigorous hurdles before they can be approved by the FDA. Even more so for the implantable kind.

That this is actually possible means either someone didn't fully grasp the impact of being able to get into these things remotely, or went for a "security by obscurity" approach. (Yes, they do need to be remotely accessible by the doctors, but you'd think they'd need to be somewhat more secure than this.)

Re:Why are these approved?

[aXis100]

Yeah, but there's a difference between short range wireless (several cm) and long range (10's of metres) that makes a huge difference to the possible attach vectors.

Re:Why are these approved?

[Rob+the+Bold]

Yeah, but there's a difference between short range wireless (several cm) and long range (10's of metres) that makes a huge difference to the possible attach vectors.

But since the attacker isn't worried about getting his hacked programming device approved, he's free to boost the amplifier and/or antenna gain on his end, or any other tweak he can come up with to increase the effective range.

Re:Why are these approved?

[drinkypoo]

medical devices of all kinds are supposed to go through some fairly rigorous hurdles before they can be approved by the FDA. Even more so for the implantable kind.

They do, but it's [been] more stuff like "resistant to body fluids and sanitizing compounds" and "rubber covers for all ports to prevent short circuits with possible sparks if items are set down on a metal surface which may be near an open oxygen tap" than "secure cryptographically protected interfaces" or "maximum protection for patient data".

Re:Why are these approved?

[cdrguru]

It takes a real paranoid person to think that someone would "just for fun" want to hack into a pacemaker. We haven't gotten over the idea that people are generally good and nobody would want to do this, even if they could.

The truth is that if you could kill someone with a mouseclick, you might - I don't care who you are, that is just the way people are in reality. We have operated under the assumption that "nobody would do this" for far too long.

Re:Why are these approved?

[DragonWriter]

Yeah, but there's a difference between short range wireless (several cm) and long range (10's of metres) that makes a huge difference to the possible attach vectors.

There actually isn't a fundamental difference between short-range and long-range wireless: its all broadcast, and range depends on both the the sensitivity of the receiver and the power of the transmitter. You can't make a system "short-range only" when you control only one endpoint.

Re:Why are these approved?

[an+unsound+mind]

The purpose of the FDA is to keep the profits of the pharmaceutical industry high. And nothing else.

FDA, for example, has entirely skipped on regulating "supplements". No matter their claims or effects, as long as they don't contain restricted substances.

Re:Why are these approved?

[bill_mcgonigle]

he's free to boost the amplifier and/or antenna gain on his end

This is why I was fairly shocked (:wince:) when Dick Cheney very publicly got a remotely programmable pacemaker while he was in office. We'd just read stories about bluetooth being beamed over something like a kilometer at the time.

Re:Why are these approved?

[Rich0]

Certainly part of their mission, but quality in the FDA realm has a peculiar definition. Quality is measured by presence/absence of paperwork for the most part. Sure, there are guides on what kinds of paperwork need to exist, but for the most part the FDA is much better at finding issues with the paperwork that is there than they are with finding issues with the paperwork that isn't there.

Most FDA types are doctors or scientists or such. You don't really get people thinking in terms of computer security.

I work with software tested to "FDA standards" all the time, though not with medical devices. I'm fairly confident that if I wanted to bypass the security in almost any of this software it would be fairly trivial to do so. Like most industrial control software, the software in health applications tends to be secure against casual intrusion. A doctor trying to guess passwords probably couldn't hack in, but there are a million other ways to get in that the people doing this kind of work don't think of. Lots of software implements the business logic on a client installed locally, which is almost impossible to secure.

There is obviously a risk balance, but any attack mountable over RF against a life support device of any kind HAS to be rigorously prevented. You don't want somebody with a directional antenna to kill 300 people in a large hospital from halfway across town.

Re:Why are these approved?

[an+unsound+mind]

And to add to that point:

People dying is very bad advertising for new medications, so FDA has an interest in preventing that. However, if someone else can be blamed for the death - or if it causes symptoms that can be treated or reversed - suddenly FDA cares much less.

Because if someone hacks a pacemaker the death can be blamed squarely on the hacker and FDA's hands are clean. Despite letting a dangerous, hackable pacemaker enter the market.

In many ways, FDA approval resembles a brand. And I suppose in that analogy supplements are "offbrand products".

Re:Why are these approved?

[Pinky's+Brain]

Well in theory you can use a ping to determine distance, generally though you won't.

Re:Why are these approved?

[fuzzyfuzzyfungus]

FDA, for example, has entirely skipped on regulating "supplements". No matter their claims or effects, as long as they don't contain restricted substances.

Talk to Congress(ask for Tom Harkin(D-IA) and Orrin Hatch(R-UT) in particular. Harkin appears to be a True Believer and gets some nice campaign cash from Herbalife, Hatch? Well, let's just say that Utah has a thing for 'supplements'.).
 
The "Dietary Supplement Health and Education Act of 1994’’ says that the FDA can't do jack about 'supplements', aside from some basic manufacturing standards stuff, unless they get enough adverse event reports to satisfy the burden of proof(on them) and do something about it.

Re:Why are these approved?

[cayenne8]

Uh, not their mission or charter? Care to tell me exactly what the fuck their mission and charter is, if it's somehow not trying to keep citizens safe from products produced by companies with crystal-clear motives (greed, profit), driven by executives with less-than-average morals?

The FDA is largely toothless....

I mean, recently, the FDA was ruled to NOT have the authority to shut down food processing plants that have multiple health/cleanliness/etc infractions.....

You'd kinda think that was a given, wouldn't you?

Nope...big business have their people (both parties) in the positions that run oversight organizations like the FDA...and they pull all the teeth from those organizations, they're just there symbolically these days....

Re:Why are these approved?

[Lehk228]

won't help, the ping has to be processed before being sent back. it would be trivial to emulate closer distance via more agile responders. instead of a general purpose PC recieving and replying from 10 inches, a fine tuned ASIC notified to expect a query by the transmittal module so it can do some of it's startup before the signal even arrives.

the only way to use reply time to measure max distance is to make use of processing which operates at the edge of physical laws, and typically such things can't do much computation so even that can be defeated by guessing the correct reply, if you can sent 100 million bad broadcasts per day, even a tiny fraction of correct guesses will be deadly

Re:Why are these approved?

[jwdb]

You can prevent this with a cryptographically secure ping: have the pinger send out a random number, and the pingee respond with the number signed with their private key. Assuming the pingee cannot predict the number beforehand, it can only respond after having received the ping and can therefore not pretend to be closer than it actually is.

Not sure if a pacemaker can handle crypto, however...

Re:Why are these approved?

[Lehk228]

my point is that the general purpose computer chip responding to the ping on the system deployed in 2012 will have a much slower response time than the liquid cooled overclocked ASIC killbot9000 deployed for assassination purposes in 2016, and so it can pretend to be much closer than it is, especially since even nanosecond differences in response times would be huge compared to the time for EM to travel 10 inches 10 feet or even 10 miles.

to be extra 1337 you can even cheat by starting the reply with a random guess of the first 7/8 bits if you only need a success rate of half to one percent (highly boosted signal trying to kill people in a large area undetected)

Prank your family!

... Reminds me of the TV-B-Gone.

Re:Prank your family!

[ColdWetDog]

... Reminds me of the TV-B-Gone.

Father-in-law begone.

Better.

Well I'm convinced it's true

So pacemaker manufacturers put in mechanism for making 800 volt shocks? Some sort of huge capacitors? And they put this in just waiting for a security researcher to find?

Erm. Well I'm convinced! Must be true. Not some McGyver scenario at all.

"Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations. "

Re:Well I'm convinced it's true

[Hank+the+Lion]

I built a stun gun capable of generating 900,000 volts on-demand out of a few dollars worth of parts and a 9 volt battery, and it fits in the palm of your hand

900V or 9 kV I would believe, 900 kV not so much.
You would need creeping distances of more than 300 mm just to prevent arcing and making the voltage collapse before it even reached the 900 kV.
"900 kV" and "fits into the palm of your hand" are mutually exclusive, I think.
(and yes, I've designed and built multi-kV devices myself)

Re:Well I'm convinced it's true

[Chirs]

So pacemaker manufacturers put in mechanism for making 800 volt shocks?

Read the article. It's an implantable _defibrillator_. You know, the ones where they used to rub the pads together and yell, "Clear!" before using?

Re:Well I'm convinced it's true

[Hank+the+Lion]

Explaining it to the manufacturers of 900 kV stun guns will have no effect.
They know very well that their product does not reach 900 kV.
Those tasers may very well reach 90-100 kV (spark length of 3-3,5 cm), but not tenfold that.
It's just as with the 200W PMPO computer speaker sets that are supplied from a 12W transformer: pure marketing hype.

But, I agree with your main point: it is trivial to create a sufficiently high voltage in a small volume.
Even the simplest 2 kV fly swatter tennis rackets show that.

Function creep...?

[Horus1664]

Why would a device such as a pacemaker, with what seems to be a simple and bounded function, require the facility to communicate with anything?

Re:Function creep...?

[richardcavell]

Cardiologists commonly communicate electronically with the pacemaker after its insertion to adjust numerous parameters of its function. The pacemaker can also deliver information to the cardiologist about its usage history, battery state, etc. (Doctor) Richard Cavell

Re:Function creep...?

[kenh]

There is the other side of this - if the pacemaker was protected by a password, what if a cardiologist other than the one that installed it had to access/update/configure it? Either there would have to be a commonly-known access code (negating all attempts at securing the device) OR the doctor would have to contact the Mfg. or some central password authority to get the codes to access the device, and that might be an unacceptable delay in a life-or-death scenario.

Sure, you could ask patients to carry password cards OR tattoo the password on a body part if you really felt the need to password-protect the device.

Not so sure about one pacemaker updating another pacemaker, as the description mentions - does the pacemaker really have a strong enough transmitter to download a new firmware image onto another pacemaker in another body?

Re:Function creep...?

[cultiv8]

Sure, you could ask patients to carry password cards OR tattoo the password on a body part if you really felt the need to password-protect the device.

What about implanting an RFID chip on the patient that constantly transmits the password? Oh, wait...

Re:Function creep...?

[devnullkac]

I think you're close. You need a secondary access method that requires direct skin contact near the device in order to bypass the front-line wireless security. Same concept as how most people will protect wireless access to their home network, but rely on physical security to prevent someone replacing their router: if someone can get close enough to get physical access, you'll know it and know to stop it before it's too late.

Re:Function creep...?

[Pinky's+Brain]

You can put a database with ID/key pairs inside the communication devices (pre-generated so you don't need to update the database). Can still be compromised of course by hacking the communication device, but it does add an extra layer of security.

Re:Function creep...?

[Pinky's+Brain]

Of course with a strong encryption algorithm a single secret key would be enough, but this is assuming you want to use something weak or password only.

Re:Function creep...?

[EnsilZah]

If it's a non-time-critical update/maintenance sort of thing then there's no reason one cardiologist couldn't contact another and get the access information beforehand or just have a very expensive, very hard to steal machine in the hospital that authenticates things for you.

If it's in the field, I doubt a paramedic would have the kind of training to be tweaking a pacemaker anyway.
I'm sure they could be carrying a smartphone-type device that tunnels from the pacemaker or other such medical device to a specialist back at a hospital.

Correction

[wonkey_monkey]

a series of 830 volt shocks from the pacemaker

I think I understand the lack of security

[ndogg]

I'm sure the developer was thinking, "Who would even think of trying to hack a pacemaker? Who would even want to?"

Unfortunately, it only takes one sociopath.

Re:I think I understand the lack of security

[machine321]

I'm sure the developer was thinking, "Who would even think of trying to hack a pacemaker? Who would even want to?"

Unfortunately, it only takes one sociopath.

Yeah, but there are a lot of developers are sociopaths. Fortunately one of the people who discovered this went public with the information.

Re:I think I understand the lack of security

[localman57]

Or just a common hacker who likes to mess with stuff. People have been finding ways to modify the ECM calibrations in cars for years, although until recently it hasn't been wireless capable.

So, Bobby, you're pretty good with the computers, right? Could you make the old ticker run a bit stronger for a while? Ya see, old man Johnson's been telling all the dames down at the retirement home all about how he keeps lapping me around the mall. I just need, you know, a little boost.

Re:I think I understand the lack of security

[Intrepid+imaginaut]

No, sorry this is just completely insane. Under no circumstances should this have been possible, at all, ever. How many senior politicians and CEOs have pacemakers? Something sounds like it went very wrong in the engineering, development, or management departments, or maybe all three.

Re:I think I understand the lack of security

[Errol+backfiring]

Unfortunately, it only takes one sociopath.

Or an advertising company (for tracking). Or a supermarket. Or...

Re:I think I understand the lack of security

[fph+il+quozientatore]

I'm sure the developer was thinking, "Who would even think of trying to hack a pacemaker? Who would even want to?" Unfortunately, it only takes one sociopath.

Think about intelligence agencies and secret service. The same people that already killed with Polonium poisoning in the past, for instance.
It's a very clean and safe way to dispose of someone after all: who can tell it from a real heart attack after the fact?

Re:I think I understand the lack of security

[skids]

Unfortunately, it only takes one sociopath.

...or one particularly loathsome patient.

Re:I think I understand the lack of security

[skids]

There's a good chance the developer fuly intended to implement security. The conversation probably went like this:

PHB: Is it done yet?
Dev: All the basic functions work but now we need to do a secu....
PHB: Ship it!

Re:I think I understand the lack of security

[ColdWetDog]

No, sorry this is just completely insane. Under no circumstances should this have been possible, at all, ever. How many senior politicians and CEOs have pacemakers? Something sounds like it went very wrong in the engineering, development, or management departments, or maybe all three.

Think your statement through a couple more times. With emphasis on "CEO" and "politician".

Did something go wrong? Really?

Re:I think I understand the lack of security

[BoRegardless]

Or...an heir or business partner.

Re:I think I understand the lack of security

[Intrepid+imaginaut]

Politicians are people t- ...hmm... hm...

Re:I think I understand the lack of security

[tilante]

Logs? They were able to reprogram the firmware. You can't trust the logs - they say whatever the attackers want them to say. (Presuming the logs aren't being stored in a way that prevents them from being rewritten... but if their security is this bad, what's the chance that they did that?)

Time he died? Again, they were able to reprogram the firmware. Don't kill him right then - insert a "kill him at time X", with X being days, weeks, or months away. Note that you can also do things like "deliver the shock at time X, but don't log that you did, and after you deliver it, patch your own firmware to erase the reprogramming". I'm guessing that these devices are most likely using some form of flash memory for storage instead of magnetic memory... so if you do it properly, there's no trace at all that the code ever existed by the time someone tries to find out what happened.

Proximity? With a good amplifier and antenna, you could extend that to hundreds of meters. Let's be conservative and call it up to a hundred meters. But remember that radio waves travel through things that light doesn't -- the device doing the reprogramming could be in the trunk of a car, a nearby house, etc. You can't clear everyone away from hundreds of meters around every hotel room, house, etc. every major figure with a pacemaker is in, all the time.

So it becomes "profile everyone who's been within a hundred meters of this person since they ( had the pacemaker implanted / did whatever made them a target )". When that's a period of months or years, and the person involved is a major public figure, that's going to be minimum thousands of people, more likely tens of thousands.

Crank 3

[revelation60]

Sounds like it could be the plot of the new Crank movie!

Re:Boomers

[dcw3]

At 53, I'm still a boomer. Considering that I'm still out doing 5 mile runs, I suspect I have the potential to hang on a bit longer.

Isn't it plain and obvious...

[shiftless]

...the state of computer "engineering" is complete and utter shit if a fucking pacemaker can be hacked and compromised? What the mother fuck? Are you fucking kidding me? Shouldn't those be among the best designed, safest, most reliable and secure of devices? God help us all. Just wait until they drag us into this war with Iran here soon, and China and Russia decide to team up to end our bullshit and we end up descending into WW3.

Can you imagine the utter chaos in the U.S. when all our magic electronic boxes suddenly stop working, or worse, work silently behind our backs to sabotage and/or kill us? According to another /. article, it's 300+ days on average (sometimes years) between the finding of a typical "zero day" exploit and when it was actually found (kept hidden, and potentially exploited) by attackers. Who wants to bet money China and Russia both have teams of hackers dedicated to finding exploits for all common software and systems in the U.S., extensively documenting and writing code against them, nicely sorting and tabulating it all out and filing it away in an archive, then keeping this info close at hand at all times for when the right opportunity presents itself?

Right now we are more vulnerable than ever. Hands up: who here is looking forward to jumping into a world war with both feet, then being surprised by how much we don't know about our own security vulnerabilities, learning the hard way from powerful foreign countries that just might kick our asses, or at the very least cause massive damage (bombing, etc) to the mainland U.S.? We're learning now that pacemakers have huge gaping security holes. Holy fucking Christ. What else is out there waiting to be compromised and exploited?

Re:Isn't it plain and obvious...

[mwvdlee]

Holy fucking Christ. What else is out there waiting to be compromised and exploited?

Your sanity?

Re:Isn't it plain and obvious...

[thedonger]

Shouldn't those be among the best designed, safest, most reliable and secure of devices?

I'm surprised they would allow remote access without a direct connection. It's vulnerable enough in that it relies on electronic timing and can be affected by external electromagnetic forces; but, to make it accessible via wireless/RF/whatever just seems like a bad idea through and though.

Re:Isn't it plain and obvious...

[pauljlucas]

I'm surprised they would allow remote access without a direct connection. It's vulnerable enough in that it relies on electronic timing and can be affected by external electromagnetic forces; but, to make it accessible via wireless/RF/whatever just seems like a bad idea through and though.

AFAIK, wireless access was designed in so doctors can tweak the settings without having to cut into the patient to make a wired connection.

Re:Isn't it plain and obvious...

[MarkGriz]

utter shit if a fucking pacemaker
What the mother fuck?
Are you fucking kidding me?
end our bullshit and we end up descending into WW3.
work silently behind our backs to sabotage and/or kill us?
powerful foreign countries that just might kick our asses
Holy fucking Christ.

Ask your doctor if Xanax is right for you

Re:Isn't it plain and obvious...

[judoguy]

Direct connection is a BAD idea. How do you propose to do that? Anything that penetrates the skin, particularly with a direct cardiac connection is a huge infection vector. And yes, I used to work for a class III medical device manufacturer.

Re:Isn't it plain and obvious...

[locofungus]

"...the state of computer "engineering" is complete and utter shit if a fucking pacemaker can be hacked and compromised?"

While I don't know the details of this, I don't think you can claim that computer "engineering" is complete and utter shit because it's possible to do bad things that will kill people.

The vast majority of cars have wheel nuts that are accessible and use a standard spanner to remove. This is a real threat - cars with expensive wheels now typically use locking wheel nuts - but what you don't (often) get is people removing wheel nuts or letting down tyres "because it's fun and I'm 'leet' "

In the UK in the late 80s and early 90s we did have a spate of high performance cars being stolen and "joy ridden". This lead to deaths, both of the "joyriders" and of innocent passers by. Modern cars are much harder to steal and this is no longer a significant problem. But nobody was claiming that the state of mechanical engineering was complete and utter shit because they didn't engineer their systems from day 1 to prevent this happening. What actually happened was that insurance companies required sophisticated immobilizers on these high performance cars. The buyers then started demanding this as default from the manufacturers and then the manufacturers added these more expensive engineering details.

Tim.

Re:Isn't it plain and obvious...

[dywolf]

God help all those poor soldiers on the front lines with pacemakers.... ...

oh wait...

Re:Isn't it plain and obvious...

[cdrguru]

The clear answer is that security has been an afterthought and still is for the most part. There is also the rather idealistic notion that such things are utterly beneath humans to do. What we have found on the Internet is pretty much nothing is "beneath" humans. If someone can get away with doing some mischief, they might do it. If they can do it anonymously, it is almost a dead certainty someone is going to do it if for no other reason than for laughs or bragging rights.

We are clearly starting to see the dark underside of humanity. The Internet has allowed a huge amount of anonymous and pseudo-anonymous activity and this has pretty much turned over the rock so everyone can see the squishy, many-legged stuff that is buried in the human psyche.

No, I don't think there is any putting the genii back in the bottle. This pretty much means we are going to need a huge program to revise software with the first thought being "How can this be misused for fun and profit?" and the second being "Given infinite time, assume any security will be broken - so how do we keep this from being used in a harmful manner?" This means computers are going to get a lot harder to use and a lot of things that can't be automated in this environment will go back to manual systems or systems that require in-person, hands-on control.

Re:Isn't it plain and obvious...

[Chrisq]

Holy fucking Christ. What else is out there waiting to be compromised and exploited?

Your sanity?

Your dildo?

Re:Isn't it plain and obvious...

[Jack9]

> Then maybe you need to go work for a body piercer, who has more than enough experience installing hardware into people without so much risk of infection.

The epidermis is highly resistant to infection compared to internal organ tissue which largely has no nerves and no significant way to deal with infection. The primary cause of death for cardiac surgery patients is infection.

> Pretty sad a piercer would have more experience than someone that supposedly worked for a medical device manufacturer.

The sad part is your ignorance.

Re:Isn't it plain and obvious...

[ColdWetDog]

Last time I checked (and to be honest, I didn't look that hard given the location of the particular piercing), these afficiondos don't go for the deep structures like the heart. There are qualitative and quantitative differences between putting a piece of metal in your skin and a wire into your heart. Guess which one is easier?

That said, I've seen plenty of infected piercings. The nice thing is you can remove them and the problem goes away. Removing the heart has other consequences.

Re:Isn't it plain and obvious...

[ColdWetDog]

I think this guy is well into Thorazine territory.

Re:Isn't it plain and obvious...

[ZeroSumHappiness]

As a pile-on to what others before me have said, piercings usually go into healthy individuals. Pacemakers and similar devices usually go into people who are highly vulnerable to immune system compromise.

Re:Isn't it plain and obvious...

[gnasher719]

In the USA, there are plenty of people - millions actually - who have the means to kill anyone wearing a pacemaker quite easily. These people are called "gun owners". Now the number has increased by one - some idiot hacker who figures out how to hack into the pacemaker software. So what has changed?

Re:Isn't it plain and obvious...

[firewrought]

the state of computer "engineering" is complete and utter shit if a fucking pacemaker can be hacked

Ever seen the signs "warning: microwave ovens may be in use" on fast food joints and other places? Guess why: pacemakers used to be programmed via microwave signals. I hate to break it to you, but insecure, wirelessly manipulable pacemakers have been the norm for decades. Do they need to be secured? Yes, but don't assume that's the highest or most urgent design priority for these little boxes. After all, if you want to kill someone from 30 feet away, there are other devices that will do it for you.

Can you imagine the utter chaos in the U.S. when all our magic electronic boxes suddenly stop working, or worse, work silently behind our backs to sabotage and/or kill us?

Okay... someone's seen a few too many Hollywood movies. The next world war will feature some amount of state-sponsored hacking and some amount of deaths from such hacking, but it's not going to be a "Die Hard 4" scenario. More likely, resistance movements working against an aggressor nation will use small amounts of hacking in combination with other methods (social engineering, insider support, etc.) to carry out sabotage.

Hands up: who here is looking forward to jumping into a world war with both feet, then being surprised by how much we don't know about our own security vulnerabilities, learning the hard way from powerful foreign countries that just might kick our asses, or at the very least cause massive damage (bombing, etc) to the mainland U.S.?

You win an honorary eye-roll. Not because cybersecurity isn't a concern, but because you have quite an active imagination. It seems to me that US national defense has much bigger worries from other factors: a poor economy and shrinking middle class, radicalized ideologies both at home and abroad, unmaintainable federal debt, military pork and bureaucracy, and loss of domestic manufacturing (***this is the biggie, because it's PRODUCTION that wins wars). Just to name a few.

Re:Isn't it plain and obvious...

[T.E.D.]

This is why I have always absolutely refused to interview for biomedical jobs that use C. For stupid GUI's, fine use an insecure bug-prone language, but for God's sake not when human life is on the line. I will have no part in that.

Re:Isn't it plain and obvious...

[tiffany352]

Meanwhile, the Jet Propulsion Laboratory at NASA (among many other companies which need life-critical applications) have been writing in C using the VXWorks Real Time Operating System for decades. Why? Well, definitely not because it's an "insecure bug-prone language". The bug-prone languages are the high level languages you probably are suggesting we use instead, which, instead of causing user error, have undefined behaviour, internal implementation bugs, and often many layers of godawful code. Good C is probably a heck of a lot more secure than any "Good PHP" you could hope to write, especially if you go by JPL's C coding conventions.

Re:Isn't it plain and obvious...

[TheCarp]

Yes but, there are consequences. When someone gets shot, investigations happen, people with motive are questioned. Mode of death and circumstances affect alot.

As an example, I have some friends with a farm and a good amount of land behind it. They have a camping ground for events and a number of structures etc in the woods from the many many years of farm and other uses.

They allowed someone that was going through hard times to stay in their woods, living in one of the primitive stuctures. He helped out at the farm, feeding the animals. One day, they noticed the animals hadn't been fed, later on, they went out to check on him.... he had attempted to kill himself, but was still barely alive.

The parametics and police were decidedly unhappy about having to head out into the woods....but did tell my friends that its a really good thing that they found him when they did, because if he had died, and they came to find the dead body, the investigation would have been a very different matter, whereas, since he was (even if just barely) alive when the police arrived, they could just call it an accidental OD or possible suicide and not have to investigate.

Now, if it were a gunshot?... you know they would investigate. However.... guy with a pacemaker has a heart attack? Thats natural causes man.

This could have happened already, many times over, and nobody would be any wiser.... no need to investigate such an "obvious" death.

Re:Isn't it plain and obvious...

[VisceralLogic]

In the USA, there are plenty of people - millions actually - who have the means to kill anyone wearing a pacemaker quite easily. These people are called "gun owners". Now the number has increased by one - some idiot hacker who figures out how to hack into the pacemaker software. So what has changed?

Don't forget the 10s of millions of car owners.

Re:Isn't it plain and obvious...

[reve_etrange]

The problem isn't bug-prone languages, it's bug-prone programmers.

Re:Isn't it plain and obvious...

[T.E.D.]

AKA: Human beings.

Re:Isn't it plain and obvious...

[shiftless]

While I don't know the details of this, I don't think you can claim that computer "engineering" is complete and utter shit because it's possible to do bad things that will kill people.

When was the last bug-free program you ever used?

The vast majority of cars have wheel nuts that are accessible and use a standard spanner to remove. This is a real threat - cars with expensive wheels now typically use locking wheel nuts - but what you don't (often) get is people removing wheel nuts or letting down tyres "because it's fun and I'm 'leet' "

What if cars randomly broke down on the side of the road and crashed for no apparent reason...and everyone sighed and just accepted it as normal, or inevitable? Would you then consider automotive engineering to be a flawed discipline?

Re:Isn't it plain and obvious...

[guruevi]

Besides number 5, all of those are exploitable. It just takes a strong enough light/sound/electromagnetic pulse. See Bluetooth 'sniper' rifles or modified (tin can) WiFi access points. Even though BT only works in the distance of couple of feet, with a strong enough antenna this can be extended to several hundred. Same goes for WiFi.

The thing is that it needs some sort of authentication before letting anyone 'reprogram' you which is severely lacking in these products.

Re:Isn't it plain and obvious...

[Khyber]

If I'm ignorant, tell me all about the major piercings I have that not only go through muscle tissue but also bone, NOT just the epidermis.

Again, you know nothing.

Come back when you've got some pics on BME (that'd be Body Modification Extreme Magazine.)

Re:Isn't it plain and obvious...

[Khyber]

Usually, no, they don't. If there's a chance of immune system compromise, they'll get transcutaneous external cardiac pacing, not an internal pacemaker.

*sigh* But you people keep on thinking you know anything about the medical industry. It's not like I haven't had half of my skeleton replaced with metal, my heart jumpstarted several times, and other fun shit in 30 years of life and the risks that come with it.

Re:Isn't it plain and obvious...

[Khyber]

" these afficiondos don't go for the deep structures like the heart"

Go read you a BME magazine and tell me they don't go for deep structures. I've seen it from bone piercing to full-out surgical implants.

Re:Isn't it plain and obvious...

[Thiez]

Compared to the average person in need of cardiac surgery and a pacemaker, would you say your immune system is probably better, or probably worse?

Re:Isn't it plain and obvious...

[shiftless]

Exactly. Meaning the problem is: bug-prone languages.

Re:Isn't it plain and obvious...

[shiftless]

It's basically like, take that guy, multiply times a few million = the scale of the problem we face in bringing sanity to software development.

Re:Isn't it plain and obvious...

[Khyber]

Worse. Far worse. I have a severely compromised immune system due to immunosuppressants keeping my body from rejecting medical skeletal implants.

Extra-human capabilities, too?

"potential to commit mass murder"

How about using the functionality to ENHANCE your heart? For example: increase heart rate in anticipation of race, even out heartbeat to beat a lie detector, etc. ?? I don't know enough about pacemakers / ICDs to know if they could have any extra-human capabilities ... Anyone?

Re:Extra-human capabilities, too?

[Robert+Zenz]

I don't know enough about pacemakers / ICDs to know if they could have any extra-human capabilities ... Anyone?

"It's the sound of progress, my friend!"

Re:Boomers

[jasper160]

You are minority unfortunately. Most people today, of all age brackets, are part of the XL generation.

Dick Cheney

[inode_buddha]

Dick Cheney has a pacemaker...

Re:Dick Cheney

[I_am_Jack]

Dick Cheney has a pacemaker...

Had. He has a transplanted heart now.

Re:Dick Cheney

[greylion3]

Dang. I was going to start a bet about how long till Cheney bites it from a "malfunctioning" pacemaker.

On a side note; I've heard about organ recipients developing traits of their donors, so this might be a good thing.

Then again, bad news for whoever has their soul linked to Cheney until the ticker stops.

Re:Dick Cheney

[Lehk228]

he has a heart now?

Re:Boomers

[vlm]

Considering that I'm still out doing 5 mile runs

Sadly, in the USA, that makes you a far right corner of the bell curve elite athlete.

I shit you not, I'm considered an "athlete" or "jock" at work because I take a 1+ mile walk every day as a portion of my lunch hour while everyone else in the 500 person building sits around and gets fatter at lunch time.

Re:Boomers

[aicrules]

Distance running can be one of the places where what appears to be a healthy person ends with a heart attack. Keep up the exercise, but definitely be sure to have regular check ups with your Doc.

Hmmm... sounds familiar

[StefanSavage]

Seems like this was demonstrated four years ago, no?

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel.
IEEE Symposium on Security and Privacy, May 18-21, 2008.

See: http://www.secure-medicine.org/icd-study/icd-study.pdf

Solution....

[coinreturn]

Tin foil vest.

Assassins Creed 2020?

[Fookin]

Sounds like a fun mission or mini-game for a future Assassins Creed title. Maybe you invade a Templar nursing facility and need to kill them without being detected.

*Lock-on target*

*BZZZZ-BZZZZ*

"Requiescat in pace."

Herp Derp article author

[Smerta]

(1) It was most likely an ICD (or pacemaker/ICD combination), not a pacemaker.

Pacemakers are used to establish a regular heartbeat (pacing) at a specific interval. Implantable Cardiac Defibrillators (ICDs) are used to deliver high-voltage shocks at a precise moment in time to stop an arrhythmia. Delivered at exactly the wrong time, this can induce an arrhythmia.

(2) "he issued a series of 830 volt shocks to the pacemaker using a laptop". Sorry pal, thanks for playing, hit the bricks, you're done. The ICD (not pacemaker) is the one issuing the shocks. At least the voltage level sounds about right. All of this starting from a ~3V battery too.

The wireless interfaces (telemetry) into pacemakers and ICDs are notoriously insecure, from all major device manufacturers. They are playing catch up now. Believe me, there is a lot of heartburn (no pun intended) in the ranks of corporate/executive management in the device companies when it comes to this topic.

A couple points worth remembering:

(1) These devices have very long lifetimes. The typical implant is expected to last 6-10 years (usually the battery is the limiting factor). So there are people walking around with devices in them with security problems from 10 years ago in some cases.

(2) It takes a tremendous amount of money to develop a new device in this class. All the testing, certification, trials, etc. The electronics and firmware are incredibly optimized for their specific function, the test suites are massive, the verification & validation processes are lengthy.

(3) Regarding (1) above about 10 year old firmware - essentially all devices support near-range telemetry, which allows a physician / tech within physical proximity (a few inches) to download logs about what events the device has seen / experienced. It also allows the device to be updated with firmware patches. Having been around this enough in different places, I'm pretty confident saying that it's always in the form of patches, as opposed to wholesale forklift updates.

Patches aren't just pushed out like Firefox releases, even the smallest one is a massive amount of effort -- even if the change is a one-line change in code. And more importantly, any patch requires the patient to visit the physician, the physician to be up to date on patches & warnings, etc.. I've seen data first-hand from 2 device manufacturers showing the distribution of devices & updates in the field, and believe me, not everyone is anywhere near up to date. Actually, it probably looks a lot like the Firefox version distribution...

Re:Herp Derp article author

[LeadSongDog]

Any such device is developed in a company run by medical doctors, not security engineers. While they want to produce an excellent, robust product, they lack the requisite sense of paranoia to value secure implementations.

Besides, when your heart goes on the fritz, do you really want the doc to have to waste time researching login credentials?

Re:Herp Derp article author

[Errol+backfiring]

Not exactly. The FDA at least should have rules for these devices like they have rules for almost anything else that has remotely to do with health or human bodies.

Re:Herp Derp article author

[dubdays]

Delivered at exactly the wrong time, this can induce an arrhythmia.

No kidding. That asystole arrhythmia is a real bitch.

The Power of Three?

[GJSchaller]

Wasn't this the plot of a recent Doctor Who episode?

Re:Death Panels

[azalin]

Why not built a circuit into the letter? Like those cards that play music once you open them.

Re:Boomers

[neyla]

Not "most", but more than a third of americans are obese, yes. If the trend holds, it'll be "most" in another decade.

Love the fact that...

[AmIAnAi]

Love the fact that my targetted advertising at the top of the page was for defibshop.co.uk - "Need a defibrillator..."

Gee Brain, what do you want to do tonight?

[s_p_oneil]

This sounds like a plot for an episode of Pinky and the Brain.

Re:Boomers

[Urban+Garlic]

If after 53 years you still haven't finished your 5-mile run, you may not be in especially good condition...

See Karen Sandler's work on this issue.

[kfogel]

Hackable medical devices are a known problem -- there's a great paper on it from Karen Sandler, at that time at the Software Freedom Law Center (she's given OSCON talks about it too):

Killed by Code: Software Transparency in Implantable Medical Devices

And the SFLC's announcement / summary of the paper:

Software Defects in Cardiac Medical Devices are a Life-or-Death Issue

Re:This means a whole new line of clothing

[Chrisq]

Why just have one wire in your bra? Introducing the Faraday collection!

Will it match my tinfoil hat?

Wonderful discovery!

[fustakrakich]

12 years too late...

Fireman Bill fallacy?

[Okian+Warrior]

if a fucking pacemaker can be hacked and compromised [...] God help us all. Just wait until they drag us into this war with Iran here soon, and China and Russia decide to team up to end our bullshit and we end up descending into WW3.

Can you imagine the utter chaos in the U.S. when all our magic electronic boxes suddenly stop working, or worse, work silently behind our backs to sabotage and/or kill us?

I'd like to propose a new logical fallacy, the "Fireman Bill" fallacy.

That's where you start with a problem and predict a series of possible - but highly unlikely - events which lead to total catastrophe.

I don't see it on the Lofical Fallacy Bingo card. (Some are close or have similar characteristics, but none address the complete goofiness of the argument.)

Where does one go to register these things?

Re:Fireman Bill fallacy?

[shiftless]

It's only highly unlikely if you're a moron, or totally ignorant. Every fucking thing in the U.S. today is made in China. How many backdoors do you want to bet are installed in every aspect of our country? It's your blind ignorance that will end up getting us all killed.

Re:Fireman Bill fallacy?

[tehcyder]

I'd like to propose a new logical fallacy, the "Fireman Bill [google.com]" fallacy. That's where you start with a problem and predict a series of possible - but highly unlikely - events which lead to total catastrophe.

Sounds like a version of the slippery slope fallacy to me.

DNS

[ThatsNotPudding]

Anybody got Dick Cheney's IP address? Just curious; totally unrelated to this story. Honest.

Re:Boomers

[Bob+the+Super+Hamste]

Power lifting is also similar but there it is because so many power lifters don't do any cardio. Besides I would bet that someone who is taking care of themselves like working out daily also is getting their annual check ups.

I think you're onto something!

[zooblethorpe]

You can program pacemakers to shoot lawyers in the face?!!!

Ooo, now there's an idea!

Beaker, get in here, I have something I want to show you...

For the Slashdot crowd: Clomipramine

[zooblethorpe]

No, seriously, it sounds like he isn't getting any, in which case he might want to try clomipramine / Anafranil.

Apparently around 5% of users report spontaneous orgasm when yawning.

I wish more things in life had side effects like that. Of course, that would necessitate certain changes to one's wardrobe, but I think the minor additional hassle would be well worth it...

:-P

Re:For the Slashdot crowd: Clomipramine

[shiftless]

LMAO at a thread full of armchair psychologists trying to figure out what medicine to prescribe to fix "OMG SOMEHOW NOT NORMAL!!1" What a bunch of morons. Look in the mirror: you're what's wrong with America.

Umm...

[zooblethorpe]

We are clearly starting to see the dark underside of humanity. The Internet has allowed a huge amount of anonymous and pseudo-anonymous activity and this has pretty much turned over the rock so everyone can see the squishy, many-legged stuff that is buried in the human psyche.

"Starting to see"? No offense, cdrguru, but you sound like someone who has never read any history. All of that squishy, many-legged stuff has been happily striding across the breadth and scope of human experience for some time now. Arguably, since we've been human. (And by some accounts, much longer than that even -- pretty much all of humanity's ugly behaviours have clear predecessors / analogs in other primate species.)

Cheers,

Re:Boomers

[MiG82au]

I don't suppose you've ever worn a heart rate monitor during a weight lifting session. Recovering from anaerobic effort is an aerobic process (for some reason this escapes most people), and believe me, when you're lifting heavy you pant and beat hard afterwards. The times I've worn my HRM, my average HR was around 135 140 (about the same as fast walking?), peaking at 183 after deadlifts. And don't think that my rates are high because I'm unfit; when I do 10 mile time trials on my bike my average HR is ~170 over 26 minutes (37 km/h average speed). I'm not saying it's equivalent to any other cardio, but to say that lifting does not exercise the CV system is a load of BS. Admittedly, the effect would be reduced if you trained with 1 or 2 rep sets and very long breaks in between.

Summary

[g0bshiTe]

I for once found the summary very informative. As my father had a pacemaker, I wasn't aware that they created an AD-HOK when more than one was around. Who would have thought pacemakers communicated with each other?

Re: and if you like that...

[almechist]

No, seriously, it sounds like he isn't getting any, in which case he might want to try clomipramine / Anafranil.

Apparently around 5% of users report spontaneous orgasm when yawning.

I wish more things in life had side effects like that. Of course, that would necessitate certain changes to one's wardrobe, but I think the minor additional hassle would be well worth it...

:-P

Spontaneous orgasm is also one of the symptoms of heroin/opiate withdrawal - really, look it up! - but I'm in no hurry to experience that, either. Some things just aren't as good as they might seem to be at first (see also for example Priapism, another potential side effect of certain pharmaceuticals). I know, we're posting on Slashdot, we're likely desperate for thrills of this kind, but still...

Re:Boomers

[Bob+the+Super+Hamste]

I don't think it provides as much of a cardio work out. I don't wear a HRM but after a session I have the elevated heart rate and am panting as well. Granted that is for short spans while a good cardio work out would give you a lower heart rate but over a much longer span which is what is needed.

I would seriously consider this to be a,...

[hesaigo999ca]

I would seriously consider this to be a sign of the times, how old is the programming on these pacemakers...old or new model....my money is on new!

its kinda hard to read TFA when

[KingBenny]

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

Re:its kinda hard to read TFA when

[KingBenny]

http://www.kurzweilai.net/hacked-terminals-capable-of-causing-pacemaker-deaths works better, very death note