Slashdot Mirror
$75K Prosthetic Arm Is Bricked When Paired iPod Is Stolen
kdataman writes U.S. Army Staff Sgt. Ben Eberle, who lost an arm and both legs in Afghanistan, had his Ipod Touch stolen on Friday. This particular Ipod Touch has an app on it that controls his $75,000 prosthetic arm. The robbery bricked his prosthesis: "That is because Eberle's prosthetic hand is programmed to only work with the stolen iPod, and vice versa. Now that the iPod is gone, he said he has to get a new hand and get it reprogrammed with his prosthesis." I see three possibilities: 1) The article is wrong, possibly to guilt the thief into returning the Ipod. 2) This is an incredibly bad design by Touch Bionics. Why would you make a $70,000 piece of equipment permanently dependent on a specific Ipod Touch? Ipods do fail or go missing. 3) This is an intentionally bad design to generate revenue. Maybe GM should do this with car keys? "Oops, lost the keys to the corvette. Better buy a new one."
Who?
The guy in the article?
The article?
The editor?
The submitter?
At least start a new paragraph..
He'll be right. He is from the ARMy after all.
You know, given the terrible kind of software we see in embedded software, and the terrible security implemented by most companies ... I'm perfectly willing to believe this is an incredibly bad design, because there's plenty of evidence that these kinds of things tend to have incredibly bad designs.
Between companies using 10 year old Linux kernels, to having unpatchable systems, or just having really bad understandings of security, I've come to conclude this is the norm.
Lost at C:>. Found at C.
What if the ipod was dropped and breaks? What kind of poor planning is this where that one ipod was the linchpin of this expensive prosthetic?
MABASPLOOM!
But it's stupid to only save it on the device.
I recently sat through a Touch Bionics seminar and, at least for the newer devices, all you need to do is enter the "serial number" of the hand into the app and it can control it. We even joked about how easy it was, so friends with prosthetic hands could prank each other by entering their friend's serial number into their own app and controlling their friend's hand. This may just apply to new devices though, maybe in response to problems like this?
The problem isn't that he needs a new hand to get it reprogrammed -- he needs a new iPod and get that reprogrammed to work with his prosthesis. Honestly, though, he should have a backup already for when his current one's battery dies or falls in the toilet.
dom
It is quite possible that all three points that the submitter raises are valid. I'm very likely to believe that the design was intentional. After all, in the software world, the consumer has become the beta tester and if the consumer has software problems, he or she needs to buy expensive "support packages." In effect, the marketing departments figured out how to force the consumer to be a beta tester and make money from the consumer's problems.
Possibility 4) Hardlinking to a specific iPod makes it harder to hack the prosthetic arm from.
It's not the perfect way to prevent hacking, but I can certainly see why this could be considered a security feature that benefits the owner of the arm.
Would you rather have a prosthetic arm that does nothing or one that is controlled by some pubescent scriptkiddie?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
The guy who stole it could now be controlling his hand. "Now hand over your wallet! No, wait... I'll do it! Bwahahahahah!" Small favors and all that...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It makes me wonder why the arm/hand (which is it?) doesn't have whatever functionality the iPod provides built-in. You can't tell me there isn't enough room in even a forearm to store something iPod sized. I can understand it being linked to particular hardware to prevent any hijacking, but you would think that it would be much like car keys... I can get my $150 new key, but the dealer is the one that can program it to work with only my car.
Seriously, they charge an arm and a leg for prosthetic limbs!
=Smidge=
The article doesn't specify why they need to replace the hand rather than just do a software reset. But my first thought was of all those stories a while ago about security on diabetic pumps, and I thought "Well now we know why there shouldn't be security on these devices"
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
at least for the newer devices, all you need to do is enter the "serial number" of the hand into the app and it can control it.
Gawd .. whats worse: Bad security or No security?
I am Slashdot. Are you Slashdot as well?
According to the user manual for i-limb,
To make changes to the limb, it either requires loading the software on a pc with blue-tooth or getting an ipod touch setup by i-limb.
Not a $75,000 loss by any means, sounds like the factory has to set up the ipod touch though. It is a pain in the rump, but most robberies are.
So the arm is totally unresponsive now and won't interface with a computer until somebody desolders and replaces a corrupted EEPROM/BIOS chip or some such? Wow, that is a bad design. Or maybe the submitter doesn't know what "bricked" means.
This is security through obscurity, until the arm sends his serial number over bluetooth or something.
Sorry, it had to be said.
the person who did steal it should receive 100 lashes and 1 year hard labour. Let's end the BS punishment routines and start getting down to brass tacks.
What is the legality of jail breaking/rooting your own prosthetic limb? This just really seems like something that should be a 5min fix and cost at most as much as replacing the iDevice in question. Much more than that makes me question the intent behind what seems to be intentional hobbling of the hard/software. Then again I guess this could always just be an unfortunate case of Hanlon's razor.
Either way it I hope he gets a quick replacement and that the insurance companies take a good long look into why exactly the fix for this is replacing the most expensive and not stolen/broken piece of equipment when the failure is with the least expensive tool in the chain. That is also the most prone to be stolen/broken.
Shouldn't the app be an Android app?
Hmmmm?
People believe this story and comment on it ... Slashdot really ?
Apple removed the ability for iOS apps to read the iPhone's / iPad's / iPod's device id with iOS 7, which means any software that relied on that would no longer work.
Even if this is true , it seems like they won't need to build a whole brand new prosthesis, rather, just replace the bits that were hardcoded to the iPod, right?
https://www.facebook.com/pages/Prayers-and-Words-of-Hope-for-SGT-Ben-Eberle/265580916826243
have a look at his comment.
While it's easy for me to see this as a bad design, it's also not much of a stretch to believe that this was a conscious choice. After all, if it were trivially easy to pair a wireless device with the prosthetic, it would be trivially easy to take control of the guy's hand (think "Stop hitting yourself!").
Is this bad for the user experience, particularly given it's predicated on an easily lost, easily broken, and frequently stolen device? Certainly. Is the UX of the lost/stolen device better than the UX of a compromised device? Perhaps not.
This is an intentionally bad design to generate revenue. Maybe GM should do this with car keys? "Oops, lost the keys to the corvette. Better buy a new one."
Lose both keys to your 1999+ Saab, and they have to replace the TWICE or CIM module for $2,000. Not sure what the cost is now that there are no Saab dealers...
I'm not familiar with the device, but the engineer in me want's to believe that no one would design a system with such an obvious weakness. I believe that it's more likely that the stolen iPod contains data which is tailored specifically to him and/or the prosthetic and it wasn't backed up properly.
If he was using a Zune, no one would have stolen it.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
This is what happens when Apple fanboys work anywhere.
4. It's a security feature ( a bad one maybe but still) and it doesn't cost $75k to get it re-authenticated.
- http://www.milkme.co.uk
After getting a quote from the dealers to get a lost key replaced for all three cars on my keyring (which dissappeared), I wondered if it wouldn't just be cheaper to have the cars towed away and re-buy new ones. (The prices ranged from $150-$275 EACH to have them replaced)
Is it just my observation, or are there way too many stupid people in the world?
Does the prosthetic co make you buy there ipad? if so they can sell ones that are the basic model jailbreak by them for say $1000 with there apps pre loaded. Also the paper work calls the ipad an medical device
does i-limb make you use them so they can bill the VA, medicare disability, ETC say $200-$500 to pair an bluetooth device?
Does it seem odd to anyone else that he'd be fine with leaving the device in his truck's center console overnight that's required to make use of one of his arms?
"Pretty sure I won't come up with ANY need to use my other arm for the rest of the night.... Maybe I'll go fetch the controller tomorrow?"
Last time I checked, the government doesn't earn money.
Not even remotely true. Governments are perfectly capable of earning money when they choose to. Governments can and do own things and can behave very much like private businesses if they want to. In China and Egypt and Russia (and many more) have huge swaths of the private economy are outright owned by the government. The fact that the US government generally refrains from trying to make a profit and behaving like a private enterprise doesn't mean they cannot or do not. For a time in the very recent past the US government literally owned GM and Chrysler which means the US government was for a time in the automobile manufacturing business.
Not to mention that a government can literally "print" money if they want to. The Federal Reserve technically makes a profit every year though that doesn't really mean much in reality.
Taxpayers do.
Some do and some do not. People who stay home to raise children often do not earn any money. Religious leaders are often supported by tithes or donations earned by others. Elected officials and judges are typically supported by taxpayers.
There was still a limited range, like 100 feet or less, I don't remember the protocol, so it would really only be an issue if you were hanging out with lots of people with the same version of the hand.
"[Getting a new prosthetic hand and iPod configured to work together] takes a long time," Eberle told the San Antonio Express-News. "It's tedious and it's a lot of work with the hand itself."
So in fact, another ipod could work, but it has to be trained first. A good backup of the training data should allow a new ipod to be set up quickly, but it sounds like they didn't do that.
Have you read my blog lately?
Would you?
Why would you make a $70,000 piece of equipment permanently dependent on a specific Ipod Touch?
$
"If any question why we died, Tell them because our fathers lied."
Oh bullshit. This is the medical industry. It has nothing to do with consumer electronics, and it's amazing that the FDA tolerates consumer electronics at all. Dollars to donuts this is either a) a liability thing, so that the company can't be liable for you attempting to reload/relearn parameters that mate the arm to you, or b) a flawed implementation of a flawed rule written by people who stopped practicing medicine before star trek had tablets.
3D print new set of prosthetics while you wait for 300$.
It's the future, right?
As soon as it comes on the network, they should be able to find it.
I bet if Apple is interested, they could get the files from it as well.
No, no it's not security through obscurity. It's security through something you know - a perfectly valid method of securing something. Of course, it would be nice if in this case, you could change the thing you're supposed to know to be different to the device's serial number.
The software detects weak signals from damaged nerves to usefully move fingers of the prostetic arm. This is no floppy bird. There was probably an incredible amount of difficulty to get the thing working in the first place and the issue of backup was left for later. One day these things would be both modular and not cost $70k.
The iPod touch has a limited battery life... Though you'd hope it shares power source with the arm.
It was intentionally coupled to a specific device for legal/liability reasons related to medical devices.
Having to replace the entire arm is stupid though. Ideally, the arm should be able to be "re-paired" in a doctor's office or at the patient's home by a factory-authorized person such as his doctor or a technician. For legal/liability reasons, this might require replacing a chip but that should be no big deal.
In any case, the only reason I can think of for the arm to have to be replaced is if the company has gone through bankruptcy or is no longer in business, or if the arm has already exceeded its useful life as a medical device and as a result the company no longer supports it. This should not be the case for any adult prosthetic arm new enough to be controlled by an iPod.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I dunno; if the serial number is emitted over bluetooth, or guessable/brute-forceable, a range of 100 feet may mean dozens of people in which one troll may lurk, waiting to make your prosthetic go all Dr. Strangelove on you.
I'm not seeing the security here, other than the comparatively small attack space.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Why would you believe that you couldn't replace the iPod? Why would you trash the reputation of what sounds like a great startup company?
I had my dog chipped but the vet said that if I ever let my iPhone run out of battery the implant will explode. I think the implant was made by the same company.
I'm not familiar with the device, but the engineer in me want's to believe that no one would design a system with such an obvious weakness.
I run a company that makes wiring harnesses and I am an engineer (as well as an accountant) myself. I assure you that there are a LOT of idiots who would would design such a stupid system. I get to deal with some of them on a semi-regular basis.
We like to pretend here on slashdot that engineers are universally good at their job and always do quality work but I have several file cabinets full of evidence 10 feet from where I sit that proves that too many engineers are monumentally incompetent idiots. On a daily basis I see drawings that are incomplete, incorrect, badly designed, occasionally dangerous, specify incompatible or needlessly expensive parts, difficult or impossible to read, sloppy, cannot be manufactured and even just plain incoherent. I have seen precisely 7 product drawings (out of hundreds) in the last 5 years where I could build the product detailed on the print without asking even a single question or correcting some error. This is quite simply bad engineering by people who aren't very good at their jobs.
The fun part of engineering is figuring out a clever solution to a problem. The harder and less fun part of engineering (but probably the more important part) is documenting the solution in such a way that others can understand and replicate your solution and adjust/debug it if necessary. People who can write good quality work instructions are a shocking rarity even among very smart people. A lot of engineers will take easy shortcuts even when it results in a worse and more expensive product in the long run.
Apple doesn't allow access to UDIDs (universal device identifiers) anymore, so unless the software is quite old, or requires a jailbroken device, the prosthesis cannot be paired to the device. (That's one of the reason why you can't access the UDID anymore, because pairing information with a device is stupid; the bigger reason is privacy).
The prosthesis can easily be paired to an AppleID plus an application specific ID. However, all information about this would be stored on the device, backed up to iTunes, and could be restored by just buying a new phone, entering the AppleID and password, and downloading the last backup.
If that doesn't work, then these guys must have some really strange and stupid software design + implementation.
75K is almost half of what a real arm costs (in compensation) in Colorado.
Then they aren't taxpayers, are they?
Sure they are. I assure you that the priest who is fully supported by his congregation is taxed on his "earnings". A housewife still has to file and is responsible for the taxes on the spouses income even if they had no role in actually earning it. All those people still pay sales, use, gasoline, excise, etc taxes. It's essentially impossible to not be a taxpayer on some level.
Buy an iPod today!!!
Runner up: The thief now has the Prefix Code, 16309.
"Oops, lost the keys to the corvette. Better buy a new one."
Jeez shut up man... dont give them any more ideas.
Its bad enough they put microchips in the keys... who the hell asked for that "feature"???!?
Their bikes come with one red key, and when it breaks, you cannot program new keys. The ID of the keys are programmed into the ECU. When those keys quit, Ducati's policy is that bike is never is never allowed to be started again unless you replace both ECUs and the instrument panel which in my case cost 1.5x what the bike was worth. I had to part-out my 2005 Monster after my box with my keys was stolen while I was moving. Of course most of the electroncis, including the instruments, had to be thrown away rather than being able to sell them on ebay like the mechanical parts because of Ducati's policy. My $6k bike turned into about $2k worth of parts.
I probably came-out even because when I took the bike apart to sell for parts I noticed the timing belt was shredded and about to fail. In order to decrease the service interval and get more people to return to the dealer more often for horrifically expensive service, Ducati designed the engine to self-destruct if the timing belt even slipped a few teeth. If Ducati's red key policy hadn't ruined my bike, Ducati would have soon destroyed the engine anyway so the bike would have been worth nearly nothing. Also, Ducatis are very dangerous when this policy goes into effect because it locks-up the back tire. The saleman I bought it from had been down twice due to this policy, once on a track and again the dealership parking lot. Also, the insurance on my Kawasaki was about $450 per year and on my Ducati it was only $134. Ducati's trashing of bikes is a very effective anti-theft measure so insurance is cheaper than with other bikes. Thieves hate stealing things that turn themselves into scrap. Of course with Ducati, the bikes more often turn themselves into scrap without being stolen.
Nobody would have touched it if he had clasped that iPod in his bionic hand.
This is not the sig you're looking for.
Each one is a custom job. Not that many are produced per year. It's "high tech".
I must admit that it's expensive, but not rediculously so.
I think we've pushed this "anyone can grow up to be president" thing too far.
....it's no shock that we're seeing a whole new form of vendor lock-in.
BeauHD. Worst editor since kdawson.
hmm, still can't believe people steal smartphones. Are the thieves too lazy to get a job? I bring home at least $4,000 each month. After paying bills and apartment fees, I still have 1,500. I put $1,000 into my savings account. I have saved enough money so that I can buy a new Mac Mini and a Samsung Galaxy S5 right now if I wanted to. So uh.. I don't need to steal.
3) This is an intentionally bad design to generate revenue. Maybe GM should do this with car keys? "Oops, lost the keys to the corvette. Better buy a new one."
Ever hear of an iCloud backup? Also... note what the article states about how the prosthetic will be replaced:
If such tragedy happened to you or me, govenrment would not pay, and insurance would probably find a way to not pay.
I support the troops strongly and all, however, I have to question if gov't paying for $75,000 iPhone-dependant prosthetics is appropriate at all. They should use their economic clout to force more reasonable pricing and not accept bullshit reasons to require a replacement.
Bionic limbs should use standard USB chargers.
Do you think the voltage or amperage would warrant it? If it doesn't run on 5v servo motors, you'd have to include an extra transformer. Not to mention the slow charging time with USB on such a high amperage device.
That was a "lame" joke.
=Smidge=
For various reasons, mostly I don't want to talk to anyone or have anyone call me*, I have never owned a cell phone. More and more I'm seeing things that require a cell phone to work. Here are two examples /.
1. an electric bicycle, found here a few months ago on
2. a sleep quality monitor, advertised on late night TV, evidence if I ever saw evidence that it's the real deal, that (claims to) monitor your breathing and other biological phenomena while just sitting there, a little pod thing, on the nightstand next to your bed. I wonder how much spying they are doing, sending info back to someplace about your bicycling or sleep habits.
Anyway, this to me is a good example of a reason not to hook everything up to Skynet: things break.
Although, if the whole phone system would fail, then I wouldn't have to talk to anyone! Ever. There's hope.
* My average time talking to friends or family on the phone is less than an hour a week.
http://touchbionics.com/produc... Nothing on their about a 1:1 relationship with the device. Most likely lost training data and presets which could represent a significant time investment. Though one has to wonder why the device was not backed up so that a new one could be restored from the backup. Most likely this is just poor journalism... Ie running with a sensationalist story and not following up. There isn't even a mention in the article of trying to confirm the idea the hand would have to be replaced with the actual manufacturer of the hand. That said, if this one is true then I hope the full wrath of the internet viral mob is brought to bear on touch bionics for such an asinine design.
I don't ask you to be me. I only ask you not expect me to be you.
I'm a tech reporter at Slate, and after looking into this I found that the prosthetic was not actually bricked when the iPod was stolen. See: http://slashdot.org/submission...