PACEMAKER HACKERS.

• by Stepford_Wife
• 2008-03-27 08:03:35
• General Posting
• 1491 views
• 1 comments

Hello all.

I was looking for some information in response to pacemakers and wireless laptops, when I came across this article.
I debated as to whether I should post it, as in the past, some articles have caused some to panic.
I decided that in this day and age, you can't be too careful, and knowledge is power.
So, please just read it carefully, as well as the comments made by people who have already read what you are about to read.
May be you already know about it. In any case, here goes.......
Take care everyone.

~ Dominique ~


Medical equipment, including pacemakers, vulnerable to hackers
Wed Mar 12, 2008 1:00PM EDT

Here's a scary rarity: A computer security risk that could cost you your life. Researchers at the University of Massachusetts have found that medical equipment, including pacemakers and implanted cardiac defibrillators, can be hacked through wireless technology. In specific terms, the researchers were able to send commands to the devices without authorization, reprogram them, and even cause them to deliver a high-voltage shock on command.

Wireless technology is used by doctors to monitor a pacemaker or defibrillator, allowing it to be adjusted as needed. Hacks can interfere with this operation in two ways: By turning them off altogether, or by causing them to go into overdrive, possibly sending a powerful shock that could kill you. The wireless signal is not encrypted.

While the researchers are careful to note that no one has ever been the victim of a malicious attack like this (at least none that has been reported) and that the real danger here is minimal, the implications are profound for thousands of people who already have implanted devices like these, especially once the details of the exploit become common knowledge. These devices represent a rising trend, too, as doctors turn to similar equipment to treat even more conditions.

What to do about it? If you've got a wireless pacemaker, there's really nothing you can do. If it's a procedure you're considering, you'd obviously be foolish to bypass essential medical equipment because you're afraid a hacker might sneak up on you and turn it off while you're not looking, but it's certainly prudent to check with your doctor about what might be done to prevent malicious (and possibly accidental) attacks like this in the future, and whether your equipment could be updated to take advantage of any new security features.

March 14th, 2008
How dangerous is the pacemaker hack?
Posted by Dana Blankenhorn @ 5:54 am


Not very.

Despite the snarky headlines, you’re not going to be able to create a zombie army with this hack.

As our own Chris Soghoian notes, many newer pacemakers give off signals which can be read up to 5 meters away. That’s a Bluetooth distance, and the “up to” is important.

If you’ve ever had a Bluetooth phone or a low-power WiFi set-up, you know that signals degrade rapidly over distance. Interior walls degrade signals further.

So you have to get close to the victim in order to initiate an attack. And the nature of the attack is a threat. You’re literally holding a gun to their head. That’s a major felony, first time out of the box.

The University of Massachusetts-Amherst team which came up with the hack will discuss it at the IEEE Symposium on Security and Privacy “Attacks” session in Oakland, Calif., in May, and I really doubt they’ll get a lot of live coverage.

The paper is already online (PDF) and the same team has also written on improving security for these devices (PDF).

In the team’s test, a shock hot enough to kill was generated in a Medtronic Maximo pacemaker (above), and data was captured from two feet away with $30,000 worth of equipment and enough grad students to hack the Pentagon.

The more generic point is that any wireless Internet connection can in theory be hacked. It’s a point the same team has previously made regarding RFID chips used in transit cards.

All of which means that any wireless Internet connection needs security. It’s an overhead, and it leads to a virtual arms race, but we’ve been dealing with that threat on the Internet for decades and will continue to.

What I’ve called the World of Always On, wireless applications which live in the air, sensors and motes reporting via WiFi to routers and the Internet, will require security and audit trails before it hits the mass market.

But you can’t use this knowledge to hack into Dick Cheney’s pacemaker and force him to undo his work as Vice President, or even make him smile.

Dana Blankenhorn has been a business journalist since 1978, and has covered technology since 1982. He launched the Interactive Age Daily, the first daily coverage of the Internet to launch with a magazine, in September 1994.

Comments

Posted by afridi_6669 on Wed Mar 12, 2008 1:55PM EDT
I think making this disclosure on the net may serve as a new thrill to those who love to hack. Therefore, this report should not have been public because lives of thousands of patients who depend on pacemakers would be at risk or atleast their life-saving machine would be vulnerable. Now, it is your responsibility to float some idea to the makers of pacemakers to reprogramme their gadgets to reduce the risk of hacking.

2 Posted by mikeybbadd3 on Wed Mar 12, 2008 5:00PM EDT
Yes, I agree with afridi_, to warn the medical profession would have been nice and the right thing to do but now theres a new way to get a divorce.... :)

3 Posted by cnull on Wed Mar 12, 2008 5:38PM EDT
Afridi - If the disclosure had NOT been made and someone had actually been killed by a pacemaker hacker, people (probably you) would be screaming at the top of their lungs that the public should have been notified. Knowledge is power. Not just for evil but for good solutions, too.

6 Posted by soltal_tw on Wed Mar 12, 2008 8:12PM EDT
I agree more with Afridi. "...once the details of the exploit become common knowledge." Well...now that the article is published and up for anybody to see... What should have been done in this case was to warn the medical profession, like Mikey said, and then have doctors warn their patients with wireless pacemakers and defibrillators what possible dangers there are. If the information leaks from the patient after that...well...all well. Cnull, I agree with you too. But either way, people will complain. People will complain that it should have been kept secret so that it would be harder for people wishing to use this to harm others to find out about it. People will complain that nobody was told once it does happen. The only solution I see to this is brainwashing, or something similar. And I wouldn't agree to anything like.

.
8 Posted by t2kburl on Wed Mar 12, 2008 10:00PM EDT
I am somewhat familiar with the programming of these devices and I can tell you in no uncertain terms that to hack in to one of these devices would require in depth knowledge of their code and functionality. No hacker off the street is going to be able to do this unless they are incredibly lucky or gain access to the source code somehow - its access is HIGHLY restricted. I agree that this post is irresponsible.

9 Posted by rogueist on Thu Mar 13, 2008 12:22AM EDT
This is not exactly new news. There is a new wireless protocol that has been developed and has begun trials this year. If all goes well, the older technology currently in use will be phased out. The newer technology has at least a minimal level of security on it, making it harder to hack - but quite frankly, there is no such thing as an un-hackable item, so if someone ABSOLUTELY wants in, there is no way to prevent it.