Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Causes Pacemakers To Deliver Life-Threatening Shocks (arstechnica.com)

Posted by BeauHD on from the patient-safety dept.

An anonymous reader quotes a report from Ars Technica: Life-saving pacemakers manufactured by Medtronic don't rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients' lives, security researchers said Thursday. At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they're implanted in patients. Because updates for the programmer aren't delivered over an encrypted HTTPS connection and firmware isn't digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients. Rios and Butts were also able to use a $200 HackRF software-defined radio to hack a Medtronic-made insulin pump and make it withhold a scheduled dose of insulin. Medtronic has released a page that lists all the security advisories they have issued on the pacemakers and insulin pumps.

35 of 72 comments (clear)

  1. who goes to jail by AndyKron · · Score: 1

    And the hackers go to jail now, right?

    1. Re:who goes to jail by ole_timer · · Score: 1

      or the designer who left that feature (as in authentication) out?

      --
      nothing to see here - move along
    2. Re:who goes to jail by Pieroxy · · Score: 1

      And the hackers go to jail now, right?

      or the designer who left that feature (as in authentication) out?

      You apparently haven't been following the news lately. White hats go to jail for disclosing blatant security holes but the designers are fine.

      --
      Write boring code, not shiny code!
    3. Re:who goes to jail by ole_timer · · Score: 1

      white hats don't - but grey hats do...read more closely my friend...

      --
      nothing to see here - move along
    4. Re:who goes to jail by ole_timer · · Score: 1

      except the eula typically contains language that spares the vendor in some way

      --
      nothing to see here - move along
  2. Jesus it shouldnt need firmware updates by Anonymous Coward · · Score: 3, Insightful

    It's not a gizmo no one cares about, all the products in the 80/90s had plenty of testing before shipping with just one firmware that wasn't updateable. These updates make manufacturers lazy and sometimes they push out something worse than the one that preceded it.

    No updates, much less need for security. I don't want stuff in me to use the internet in any fashion.

    1. Re:Jesus it shouldnt need firmware updates by ole_timer · · Score: 1

      ...I don't know about you but if I had a pacemaker i'd want it updated...by the way it's rf not the internet...

      --
      nothing to see here - move along
    2. Re:Jesus it shouldnt need firmware updates by ole_timer · · Score: 1

      actually I was wrong - the programmer updates (not the pacemaker itself which updated via rf) that had the bug in it

      --
      nothing to see here - move along
    3. Re:Jesus it shouldnt need firmware updates by Anonymous Coward · · Score: 2

      Yet we have lots of pacemakers who can't be updated which work just fine. Weird.

      Stop excusing incompetence.

    4. Re:Jesus it shouldnt need firmware updates by psychic_bacon · · Score: 2

      There are a lot of good reasons to have these devices connect remotely for firmware updates. For instance, the ability to recognize arrhythmia using signal detection has improved dramatically in the last 5-10 years. For defibrillators, that can be the difference between appropriate and inappropriate shocks where the machine misreads the rhythm. Same is true with pacing and other treatments for a pacemaker. I have a device like this, so I've read a lot about these hacks. I have a device from a different manufacturer, so I don't know if this applies, but the lack of security in many of these devices is scary. Most of the hacks I've read before involve hacking the device itself. It takes a few minutes with an RF wand to do a firmware update, so hacking the pacemaker/defibrillator itself is hard to do But if you can hack the device that does the updates, that is really scary. It's a lot easier to hack a device left in a closet rather than something physically embedded in a person.

    5. Re:Jesus it shouldnt need firmware updates by arglebargle_xiv · · Score: 1

      A lot of them shouldn't even need firmware. When you go to a hospital, you may get a choice between a traditional drip, dosage measured via drip rate, and the computerised equivalent, with 85 levels of menus, some with hundreds of entries, a 640 x 480 display filled with the programmers showing off how much crap they can cram into a 640 x 480 display, dozens of options and parameters to get wrong, beeps and bongs all night long, graphics and animations and a hidden flight simulator and a Tetris game as an easter egg and remote access via telnet and HTTP and inverse-logic morse code and a phone-home to a server in Uzbekistan where the RTOS was licensed from.

      Which one would you trust to function correctly?

    6. Re:Jesus it shouldnt need firmware updates by Cro+Magnon · · Score: 1

      ...I don't know about you but if I had a pacemaker i'd want it updated...by the way it's rf not the internet...

      Considering the mess with my last Win10 update, I don't think I would.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    7. Re:Jesus it shouldnt need firmware updates by ole_timer · · Score: 1

      i'm sure Microsoft didn't control your pc...who was the maker of it?

      --
      nothing to see here - move along
    8. Re:Jesus it shouldnt need firmware updates by Cro+Magnon · · Score: 1

      I believe it's an Azus.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    9. Re:Jesus it shouldnt need firmware updates by Cro+Magnon · · Score: 1

      Oops, ignore previous. The pc with the problem is an HP.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    10. Re:Jesus it shouldnt need firmware updates by ole_timer · · Score: 1

      exactly...

      --
      nothing to see here - move along
  3. the film Dead in a Heartbeat by Joe_Dragon · · Score: 1

    the film Dead in a Heartbeat

  4. No remote access by Anonymous Coward · · Score: 1

    In addition to using signed binaries, run a pair of wires to just beneath my skin.

    If it ever needs reprogramming, make a small incision and wire me up for the upgrade.

    Save the wireless things for less-consequencial things like reading the device's status. Even then, figure our some way to prevent an adversary from reading it unless he is rught up next to me for an extended period of time.

    1. Re:No remote access by PPH · · Score: 1

      make a small incision and wire me up for the upgrade.

      Wire you up to what? A programmer that has been compromised?

      Your TV set has better end-to-end security to ensure unauthorized Mickey Mouse movies aren't being viewed on unapproved hardware.

      --
      Have gnu, will travel.
  5. Re:lol he name BeauHD by mmaug · · Score: 2

    The vendors already default to lowest-cost solutions which is why HTTP is what is currently used; HTTPS isn't ideal but it would be a significant improvement (except of course the certs will get left out on a web server to be stolen, because security?).

    Beyond security, there are issues about proper testing (did you know that pace makers are only tested on 50+ males; what happens when you put one in a 20yo pregnant woman?) and (the lack of proper) government oversight.

    See Karen Sandler (https://twitter.com/o0karen0o; https://punkrocklaywer.com/ of the Software Freedom Conservancy and the battles she's had with pace maker manufacturers trying to get access to information on the device implanted in herself. And she can tell the first hand story about being a 20+yo pregnant woman being shocked by her pace maker while exercising...

  6. Re:As long as a pacemaker patient.... by bobbied · · Score: 1

    ....does not go to the BlackHat Conference, they should be fine!

    It's not the patient's pacemaker that's at risk but the device the doctor uses to program the pacemaker.

    So, you don't want your doctor to take his Medtronic pacemaker programming device to the BlackHat conference and turn it on to load firmware updates using whatever WiFi access point he happens to find. So, I'm not very worried... Zapp.. What was that? Zapp....

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  7. You need the update, dumbass, to your logic by Anonymous Coward · · Score: 1

    People with pacemakers die of problems every day, you're oblivious lol. "Faulty pacemakers 'killing 2,000 a year': Third of unexpected deaths among patients thought to be caused by malfunctions" :

    Scientists say there is evidence implants could be 'cause of mortality'

    Research found 30 per cent of cases of sudden death were caused by mechanical flaws in the battery-powered devices

    PUBLISHED: 19:29 EDT, 9 August 2015 | UPDATED: 13:08 EDT, 30 October 2015

    A third of unexpected deaths among heart patients with pacemakers and similar devices could be caused by malfunctions, research suggests.
    Scientists say there is evidence the implants could be a 'leading cause of mortality' and warn the findings are a 'major concern'.

    So no, there is room for improvement you dumbass. No device is perfectly designed in one go, anyone claiming that updates are never required is a FUCKING MORON, PERIOD. Get tested for the incompetence bug.
    The issue was their plaintext implementation and insecure IP protocols, not the fact that it needs to be updated from time to time like all complex digital devices in the world, you fucking moron.

    1. Re: You need the update, dumbass, to your logic by Anonymous Coward · · Score: 1

      How does a firmware update fix a mechanical flaw, IDIOT

      you ass baboon millennial

  8. Re:So turn off the wi-fi? by bobbied · · Score: 1

    It's not the pacemaker that's the issue, it's the programming device when it got updated firmware that was insecure.

    So, no HTTP access to your ticker or hacking the neighbor's pacemaker over his WiFi...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  9. A complicated way of committing murder by GuB-42 · · Score: 3, Informative

    Sure, you can hack a pacemaker and kill its wearer. You can also shoot him with a gun, poison him, bomb him, whatever. It is made even easier by the fact that people who wear pacemakers aren't usually at the peak of their shape.

    But like they say in obligatory xkcd, most people aren't murderers.

    1. Re:A complicated way of committing murder by bobbied · · Score: 1

      You are right.

      Somebody is going to hack into the programming device in some doctor's office. Wait for the device to get turned on to update it's firmware, perform a man in the middle attack to load the firmware of the hacker's choice, which is designed to change the parameters of a specific pacemaker device in ways which will kill the patient, not right away, but later, say when the target is asleep.

      I'm thinking that if death of a target is your goal, there might be easier ways..

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:A complicated way of committing murder by novakyu · · Score: 1

      You are right that this is useless if simple death of a target is your goal.

      OTOH, if you want to commit murder in a way that is hard to trace back to you, short of having a Death Note, this might be the next "best" thing.

    3. Re:A complicated way of committing murder by 93+Escort+Wagon · · Score: 1

      But like they say in obligatory xkcd, most people aren't murderers.

      Most people aren’t swatters, either - but unfortunately a few think it’s funny. And those sorts of people seemed to be wired not to blame themselves when their “prank” goes very wrong.

      --
      #DeleteChrome
    4. Re:A complicated way of committing murder by dasunt · · Score: 1

      But like they say in obligatory xkcd [xkcd.com], most people aren't murderers.

      Here's why this line of reasoning fails:

      All it takes is one individual who will threaten to kill pacemaker users unless they get ONE MILLION DOLLARS *raises pinky to mouth*

      Is the threat real? Who knows? Probably just some guy in Romania making idle threats. Can a major company risk it?

      What happens if the scammer realizes that people with pacemakers tend to die anyways, and publicizes a threat to kill one random person with the pacemaker within the next week? Note I'm not saying that the scammer has any capability to kill someone, but they are gambling on someone dying in the next week and the resulting outcry causing the company to pay up before they can fully investigate.

      Or what about this? Politicians tend to be of advanced age, which is the demographic that disproportionately use pacemakers as well as other medical devices. Sure, you may be able to fry the device various ways, but a lot of the time, a bricked device will likely still result in someone being alive, at least long enough to treat and replace the medical device. If you wish to kill someone, it's time to reprogram the device so it's active in a malicious way. We've seen complex assassination attempts, or attempted assassination attempts (Alexander Litvinenko, Viktor Yushchenko, Georgi Markov, etc). The resources needed to hack a pacemaker is within this realm of complexity.

  10. Wonder if Dick Cheney uses a MedTronic? by Dr_Marvin_Monroe · · Score: 1

    As the main cheerleader for US waterboarding, I've wondered how a motivated individual might subject him (Cheney) to a similarly terrifying and helplessness inducing experience.

    Tweaking his pacemaker up & down through it's full range of speeds...with occasional stops & restarts might just do the trick! Just imagine how exciting it would be to discover your heart racing at 180 BPM for no apparent reason...then dropping off to an almost unconsious 20 BPM...now back up to 180 for a bit... Perhaps almost as terrifying as the repeated sensation of drowning.

  11. Meditronic? Not their first vulnerability! by Anonymous Coward · · Score: 1

    Homebrew Pancreas Gets 30 Minutes of Fame

  12. Re:WTF??? by Chewbacon · · Score: 1

    RTFA

    --
    Chewbacon
    The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
  13. New ransomware by Mishotaki · · Score: 1

    pony up 50 000$ or get shocked every 2 minutes!

  14. Sometimes direct murder is politically problematic by aepervius · · Score: 1

    Say you are the US and want to kill Putin/Castro/insert boogey man of your choice. There is a risk of nuclear war if detected. Do you : 1) do make a plain sniper murder or do you 2) hack the re-programmer for the pace maker so that if it detects a specific patient it change the therapy to be deadly ,e.g. fail to deliver shock or do it at an irregular rate, but report to forensic the correct rate ? Same thing for any group XYZ wanting to murder somebody ABC but wanting to avoid the consequence IJK associated with plain murder.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  15. Dick Cheney by TheCastro1689 · · Score: 1

    The VP was right with his concerns when he got one. Damn.