Hacking Medical Mannequins

← Back to Stories (view on slashdot.org)

Posted by samzenpus on Wednesday September 2, 2015 @06:14AM from the protect-ya-neck dept.

An anonymous reader writes: A team of researchers at the University of South Alabama is investigating potential breaches of medical devices used in training, taking the mannequin iStan as its prime target in its scenario-based research. Identifying the network security solution and network protocol as the vulnerable components, the team was able to carry out brute force attacks against the router PIN, and denial of service (DDoS) attacks, using open source tools such as BackTrack.

18 of 35 comments (clear)

Min score:

Reason:

Sort:

"make a new Plan, iStan.." by turkeydance · 2015-09-02 06:18 · Score: 1

and get yourself free.
1. Re:"make a new Plan, iStan.." by 93+Escort+Wagon · 2015-09-02 06:34 · Score: 1
  
  There must be 50 ways to root your mannequin.
  
  --
  #DeleteChrome
Backtrack is not a tool by bleh-of-the-huns · 2015-09-02 06:19 · Score: 2

It is the name of a collection of tools, and it's not even called that anymore, it's Kali.

--
I came, I conquered, I coredumped
1. Re:Backtrack is not a tool by plover · 2015-09-02 07:18 · Score: 1
  
  From the students' paper:
  
  Experiment Configuration
  The student team had freedom to choose any network traffic capture tool for their study. The tools and environment used by the students included a Lenovo attack laptop running Microsoft Windows 8.1 Pro, Sun Virtual box (version: 4.3.8) with BackTrack 5 Release 3, iStan medical mannequin, iStan laptop running OSX Lepord (version: 10.5.2), iStan Muse software (version: 2.1), and a monitor used to display the mannequin’s vitals to the medical trainees utilizing Touch Pro display software 2.0
  They used a BackTrack distro. Perhaps your problem is Slashdot's editor referring to what would more properly be called a "toolbox full of tools" as simply "tools"?
  My problem isn't the description at all. It's that the front end to iStan runs in Adobe Flash, and these students somehow got credit for "hacking" it. That's like asking a 300# professional football lineman to tackle a grade school quarterback during a game of flag football.
  
  --
  John
2. Re:Backtrack is not a tool by GNious · 2015-09-02 10:37 · Score: 1
  
  That's like asking a 300# professional football lineman
  I have no idea what that means ....
  http://news.bbc.co.uk/sport2/h...
HYPE by Anonymous Coward · 2015-09-02 06:26 · Score: 5, Insightful

‘If medical training environments are breached, the long term ripple effect on the medical profession, potentially, impacts thousands of lives due to incorrect analysis of life threatening critical data by medical personnel.’
This is such hyperbolic bullshit.
The iStan is always operated by a trainer. The trainer would know it was misbehaving.
It's like saying that since med students sometimes learn by watching training material on a TV... and look - with a simple remote control, we can CHANGE THE CHANNEL ON THE TV! MY GOD! IMPACT THOUSANDS OF LIVES!!!
Source: I have a brain.
1. Re:HYPE by erikscott · 2015-09-02 08:23 · Score: 1
  
  Still, you could have a lot of fun with someone... this is the sort of thing that happens when you google "dental robot vomit":
  http://www.nissin-dental.net/p...
  http://techcrunch.com/2011/06/...
  ------
  "The 600 series had rubber skin. We spotted them easy, but these are new. They look human... sweat, bad breath, everything. Very hard to spot." -Kyle Reese
2. Re:HYPE by ldobehardcore · 2015-09-02 22:30 · Score: 1
  
  Those dental robots are horrific... C3PO was right when he said they were "made to suffer"
  
  --
  Hectice, baby, Mercator says hello to you
iStan hacked! by grub · 2015-09-02 06:48 · Score: 1, Flamebait

The terrorist hackers programmed iStan to expand it anus and rectum to the maximum size then changed its MOTD to "iGoatse."

Rest not, evildoers, you will be extinguished in puff of drone-dropped Freedom Smoke.

--
Trolling is a art,
iStan vulnerabilities. by nimbius · 2015-09-02 06:59 · Score: 4, Funny

Ive started writing vulnerabilities for iStan as of about a month ago, and i have got to say its one of the easier platforms to exploit. friends asked why id bother with such a limited platform as it doesnt have many applications outside of education but i beg to differ. Heres my application list so far:
1.stastan.img: loading this image causes stan to die on contact during any simulation scenario.
2.polterstan.img: sync stans bilateral cartoid pulse to integer width, or roughly 32,768 bpm.
3.superstanl3y.img: CPR attempts trigger unending string of bowel noises. noises.wav replaced with the USSR national anthem
4. b00g3ystan.img: stans bilateral brachial pulse synchronizes to bowel noises. Noises.wav replaced by daft punks get lucky.
5. didn35stan.img: breath sounds replaced with slot machine noises. all 5 bleeding zones (and urinary output) triggered.
6. sw33tstan.img: stans heartbeat entirely dependent upon urination. voice replaced with the 1850 Millard Fillmore presidential address. pulse is now a Fibonacci sequence leading to the GPS coordinates of a geocache filled with macaroni and cheese.

--
Good people go to bed earlier.
1. Re:iStan vulnerabilities. by Nidi62 · 2015-09-02 07:22 · Score: 1
  
  Is the macaroni and cheese already prepared? Because that could lead to ants.
  
  --
  The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Justice for iStan by Anonymous Coward · 2015-09-02 07:05 · Score: 2, Funny

A vulnerable mannequin was brutally penetrated by a team of researchers from the University of South Alabama. The attackers spent several hours pounding every port of the victim with their tools.
What could go wrong? by Bodhammer · 2015-09-02 07:38 · Score: 2

http://i1.wp.com/www.bitsandpi...

--
"I say we take off, nuke the site from orbit. It's the only way to be sure."
DDoS? by Coren22 · 2015-09-02 07:51 · Score: 1

Was it a DDoS or a Denial of Service attack? They are different...

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
1. Re:DDoS? by Coren22 · 2015-09-02 08:53 · Score: 1
  
  Yep, you know, denial isn't only a river in Egypt. You have yet to prove any of the points I made. You continue to try and brute force (DDoS?) until I give up, like somehow that allows you a win? But, you still haven't responded to a single point, only tried to claim victory when you haven't won yet.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
2. Re:DDoS? by drinkypoo · 2015-09-02 10:29 · Score: 1
  
  Don't waste your time, friend. No matter how cogent you are, APK will seize upon any minor point, declare victory, and shit all over the table. If you agree with him on one thing you must agree with him on all things or be a hypocrite. He's hardly the only insane bugger on Slashdot, though, so it's not even work poking him with a stick.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I don't see the point by Anonymous Coward · 2015-09-02 09:03 · Score: 1

Ok, Stan the training dummy is hackable.
So why bother?
No challenge, so no bragging rights.
Not very useful except as a prank on nursing students.
Perhaps as a way to let an inept student pass a nursing exam?
Seems far fetched.
Maybe as a demonstration that other medical stuff that matters might also be hackable.
And of course as an excuse to publish a paper.
Euphemisms by ChrisMaple · 2015-09-02 10:36 · Score: 1

This has gone too far. If you're making life-size latex love dolls, say so.

--
Contribute to civilization: ari.aynrand.org/donate