Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Medical Mannequins

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: A team of researchers at the University of South Alabama is investigating potential breaches of medical devices used in training, taking the mannequin iStan as its prime target in its scenario-based research. Identifying the network security solution and network protocol as the vulnerable components, the team was able to carry out brute force attacks against the router PIN, and denial of service (DDoS) attacks, using open source tools such as BackTrack.

35 comments

  1. "make a new Plan, iStan.." by turkeydance · · Score: 1

    and get yourself free.

    1. Re:"make a new Plan, iStan.." by 93+Escort+Wagon · · Score: 1

      There must be 50 ways to root your mannequin.

      --
      #DeleteChrome
  2. Backtrack is not a tool by bleh-of-the-huns · · Score: 2

    It is the name of a collection of tools, and it's not even called that anymore, it's Kali.

    --
    I came, I conquered, I coredumped
    1. Re:Backtrack is not a tool by plover · · Score: 1

      From the students' paper:

      Experiment Configuration

      The student team had freedom to choose any network traffic capture tool for their study. The tools and environment used by the students included a Lenovo attack laptop running Microsoft Windows 8.1 Pro, Sun Virtual box (version: 4.3.8) with BackTrack 5 Release 3, iStan medical mannequin, iStan laptop running OSX Lepord (version: 10.5.2), iStan Muse software (version: 2.1), and a monitor used to display the mannequin’s vitals to the medical trainees utilizing Touch Pro display software 2.0

      They used a BackTrack distro. Perhaps your problem is Slashdot's editor referring to what would more properly be called a "toolbox full of tools" as simply "tools"?

      My problem isn't the description at all. It's that the front end to iStan runs in Adobe Flash, and these students somehow got credit for "hacking" it. That's like asking a 300# professional football lineman to tackle a grade school quarterback during a game of flag football.

      --
      John
    2. Re:Backtrack is not a tool by GNious · · Score: 1

      That's like asking a 300# professional football lineman

      I have no idea what that means ....
      http://news.bbc.co.uk/sport2/h...

  3. In other-words... everything is vulnerable by Anonymous Coward · · Score: 0

    I don't think there are many systems that are immune from brute force attacks. Why is this news?

    1. Re: In other-words... everything is vulnerable by Anonymous Coward · · Score: 0

      Immune, no. Resistant, yes.

  4. nsa target? by Anonymous Coward · · Score: 0

    Did the NSA know about this and did they exploit it?

  5. HYPE by Anonymous Coward · · Score: 5, Insightful

    ‘If medical training environments are breached, the long term ripple effect on the medical profession, potentially, impacts thousands of lives due to incorrect analysis of life threatening critical data by medical personnel.’

    This is such hyperbolic bullshit.

    The iStan is always operated by a trainer. The trainer would know it was misbehaving.

    It's like saying that since med students sometimes learn by watching training material on a TV... and look - with a simple remote control, we can CHANGE THE CHANNEL ON THE TV! MY GOD! IMPACT THOUSANDS OF LIVES!!!

    Source: I have a brain.

    1. Re:HYPE by erikscott · · Score: 1

      Still, you could have a lot of fun with someone... this is the sort of thing that happens when you google "dental robot vomit":

      http://www.nissin-dental.net/p...

      http://techcrunch.com/2011/06/...

      ------
      "The 600 series had rubber skin. We spotted them easy, but these are new. They look human... sweat, bad breath, everything. Very hard to spot." -Kyle Reese

    2. Re:HYPE by ldobehardcore · · Score: 1

      Those dental robots are horrific... C3PO was right when he said they were "made to suffer"

      --
      Hectice, baby, Mercator says hello to you
  6. Reminds Me... by Anonymous Coward · · Score: 0

    years ago I worked in the IT shop of a college that has a nursing program with medical mannequins. Quite a bit of the time, we had to do our work when the students were at the hospital doing work study. On more than one occasion, a colleague and I put male genitalia on female mannequins and vice-versa. I addition, we'd leave cigarettes in their mouths, sometimes posed with hands on boobs or genitals with a lab coat. I can only imagine the looks on the adminstrator's faces when they saw this "work" of ours.

    1. Re:Reminds Me... by Anonymous Coward · · Score: 0

      Oh I'll bet the administrators were SO shocked. After all, you are the first people to think of doing that! Hopefully you and your friend grew up a little.

    2. Re:Reminds Me... by Anonymous Coward · · Score: 0

      I would have fired you and your immature colleagues and ensured you never worked in a medical environment ever again. Maybe someone will come over tonight and put male genitalia on your wife while you and she sleep.

    3. Re:Reminds Me... by Anonymous Coward · · Score: 0

      OP here. Really? Part of work is tolerable banter. Nothing was ever said, so offense was not that seriously taken, if at all. We heard not even a peep at the several times we did this frankenmannequin theatre.

      We have become so PC in the last 20 years.

  7. Yes by Anonymous Coward · · Score: 0

    Anything can be hacked.

    We get it.

  8. iStan hacked! by grub · · Score: 1, Flamebait


    The terrorist hackers programmed iStan to expand it anus and rectum to the maximum size then changed its MOTD to "iGoatse."

    Rest not, evildoers, you will be extinguished in puff of drone-dropped Freedom Smoke.

    --
    Trolling is a art,
  9. Stop talking plasticman by Anonymous Coward · · Score: 0

    The only person who could complain about hackable mannequins is a mannequin. You sir, are therefore full of it and made of plastic.

  10. Re:Alabama?? by Anonymous Coward · · Score: 0

    Better than the schools than where you live, obviously.

  11. iStan vulnerabilities. by nimbius · · Score: 4, Funny

    Ive started writing vulnerabilities for iStan as of about a month ago, and i have got to say its one of the easier platforms to exploit. friends asked why id bother with such a limited platform as it doesnt have many applications outside of education but i beg to differ. Heres my application list so far:
    1.stastan.img: loading this image causes stan to die on contact during any simulation scenario.
    2.polterstan.img: sync stans bilateral cartoid pulse to integer width, or roughly 32,768 bpm.
    3.superstanl3y.img: CPR attempts trigger unending string of bowel noises. noises.wav replaced with the USSR national anthem
    4. b00g3ystan.img: stans bilateral brachial pulse synchronizes to bowel noises. Noises.wav replaced by daft punks get lucky.
    5. didn35stan.img: breath sounds replaced with slot machine noises. all 5 bleeding zones (and urinary output) triggered.
    6. sw33tstan.img: stans heartbeat entirely dependent upon urination. voice replaced with the 1850 Millard Fillmore presidential address. pulse is now a Fibonacci sequence leading to the GPS coordinates of a geocache filled with macaroni and cheese.

    --
    Good people go to bed earlier.
    1. Re:iStan vulnerabilities. by Anonymous Coward · · Score: 0

      Ok, I understand now... and I rarely laugh so much behind my screen.

    2. Re:iStan vulnerabilities. by Nidi62 · · Score: 1

      Is the macaroni and cheese already prepared? Because that could lead to ants.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  12. Justice for iStan by Anonymous Coward · · Score: 2, Funny

    A vulnerable mannequin was brutally penetrated by a team of researchers from the University of South Alabama. The attackers spent several hours pounding every port of the victim with their tools.

  13. What could go wrong? by Bodhammer · · Score: 2

    http://i1.wp.com/www.bitsandpi...

    --
    "I say we take off, nuke the site from orbit. It's the only way to be sure."
  14. DDoS? by Coren22 · · Score: 1

    Was it a DDoS or a Denial of Service attack? They are different...

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    1. Re:DDoS? by Anonymous Coward · · Score: 0

      Couldn't be worse than what apk did to you today Coren22 http://slashdot.org/comments.p...

    2. Re:DDoS? by Coren22 · · Score: 1

      Yep, you know, denial isn't only a river in Egypt. You have yet to prove any of the points I made. You continue to try and brute force (DDoS?) until I give up, like somehow that allows you a win? But, you still haven't responded to a single point, only tried to claim victory when you haven't won yet.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    3. Re:DDoS? by Anonymous Coward · · Score: 0

      You're drowning in YOUR denial Coren22. Apk totally smoked your ass http://slashdot.org/comments.p... and you brought it on yourself. Don't mess with your betters like apk is, Coren22, or you'll have to eat your words again.

    4. Re:DDoS? by drinkypoo · · Score: 1

      Don't waste your time, friend. No matter how cogent you are, APK will seize upon any minor point, declare victory, and shit all over the table. If you agree with him on one thing you must agree with him on all things or be a hypocrite. He's hardly the only insane bugger on Slashdot, though, so it's not even work poking him with a stick.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:DDoS? by Anonymous Coward · · Score: 0

      Is Coren22 logically cogent above? No. Coren22 got his ass beaten by apk quite cogently with facts here http://slashdot.org/comments.p...

    6. Re:DDoS? by Anonymous Coward · · Score: 0

      Drinkypoo you said apk's right about hosts files in this link http://science.slashdot.org/co... and that isn't helping Coren22 drinkypoo, it's helping apk.

  15. I don't see the point by Anonymous Coward · · Score: 1

    Ok, Stan the training dummy is hackable.

    So why bother?

    No challenge, so no bragging rights.
    Not very useful except as a prank on nursing students.

    Perhaps as a way to let an inept student pass a nursing exam?
    Seems far fetched.

    Maybe as a demonstration that other medical stuff that matters might also be hackable.
    And of course as an excuse to publish a paper.

  16. Alternative use for mannequins by Anonymous Coward · · Score: 0

    I should start a business selling attractive mannequins to prisons. Just deactivate the pacemaker and add a sump pump.

  17. Euphemisms by ChrisMaple · · Score: 1

    This has gone too far. If you're making life-size latex love dolls, say so.

    --
    Contribute to civilization: ari.aynrand.org/donate