'Fatal' Flaws Found in Medical Implant Software

Security researchers have warned of flaws in medical implants in what they say could have fatal consequences. The flaws were found in the radio-based communications used to update implants, including pacemakers, and read data from them. From a BBC report:By exploiting the flaws, the researchers were able to adjust settings and even switch off gadgets. The attacks were also able to steal confidential data about patients and their health history. A software patch has been created to help thwart any real-world attacks. The flaws were found by an international team of security researchers based at the University of Leuven in Belgium and the University of Birmingham.

Only fatal if it kills someone

and it hasn't done that yet. The medical profession kills a million a year who would otherwise not have died if they'd have stayed away from a hospital.

Re:Only fatal if it kills someone

[TWX]

Isn't this one of those false-equivalency things?

The point is that the software to run these medical devices is designed with model where everyone is good and no one wants to do anything nefarious. We've learned with basically every system that has ever existed that people will attempt to manipulate it if they can. That no one has done it yet just means that no one has bothered getting around to doing it yet.

Someone else in this discussion pointed out that Dick Cheney has a pacemaker and that it might have been accidentally shut off by his doctor at one point. If enemies of the United States figured out that he had this particular pacemaker then they could have looked for ways to intentionally make changes to it, either shutting it off or else attempting to change it to where it causes harm instead of helping. If it's wireless then those town halls, fundraising dinners, or any of a large number of other events where Cheney would routinely come into contact with the public would have offered an opportunity to attempt this, and it's very unlikely that medical professionals would have immediately leaped to the conclusion that the pacemaker was malfunctioning.

Carry this further. A lot of older people have pacemakers. Those who stand to inherit might want to tamper with said pacemaker in order to inherit.

The applications for this exploit already exist. I'm sure there are more than I've described. Right now this vulnerability remains unexploited (as far as we're aware) only through obscurity.

Medsec & Muddy Waters vs. St Jude pacemakers

Medsec partners with short-sellling specialists Muddy Waters LLC. Go public with claims of serious vulns in St Jude pacemakers, implanted defibrilators and remote programming tool. St-Jude takes them to court.

Interesting situation ethically with the short selling & with respect to the whole responsible disclosure vs public disclosure debate

https://www.bloomberg.com/news/articles/2016-10-24/muddy-waters-fights-st-jude-lawsuit-over-pacemaker-reports

Technic details of vulns here (with redactions):
http://medsec.com/stj_expert_witness_report.pdf

Flaws? That's one way of putting it...

[bradley13]

"The team reverse-engineered the proprietary wireless signalling systems used by the implants which revealed flaws in the way data was broadcast."

From this sentence alone, it is entirely obvious: The signals are not encrypted; there is no security to hack. These aren't flaws at all - they are design decisions. The manufacturers have some command protocol that they developed and use; while this may not be publicly documented, it is hardly secret: monitor the signals used, and you can figure it out. This doesn't take a "security researcher", all it takes is a kid with the right radio kit.

People then rush to ask: Why do these devices not secure their signals? It may be that they never thought about it. However, the answer may also be that they want an open interface. Consider: you have a pacemaker and suddenly have a heart problem, and you are taken to the nearest hospital. With a secure interface, how does that hospital get the private key required to talk to your pacemaker? Which is the lesser risk to the patient's health: leaving the interface open, or securing it?