Protecting Medical Implants From Hackers

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Damn shame that MIT even had to come up with something like this. What kind of sick bastard would hack someone's pace maker?

The system would use a second transmitter to jam unauthorized signals in an implant's operating frequency, permitting only authorized users to communicate with it. Because the jamming transmitter, rather than the implant, would handle encryption and authentication, the system would work even with existing implants.
 
Think of all the politicians walking around with pacemakers. Be an easy way for an assassin to simulate a heart attack / device failure.

Of course, I pity the fool who would try that on Dick Cheney's. "Nyahh, gotcha! The pacemaker was just a trap, I need no heart!" ;)
 
Think of all the politicians walking around with pacemakers. Be an easy way for an assassin to simulate a heart attack / device failure.

Of course, I pity the fool who would try that on Dick Cheney's. "Nyahh, gotcha! The pacemaker was just a trap, I need no heart!" ;)

Epic win is epic win :D Some Warlock Blood for you my dear sir!
 
It really is a damn shame that we live in a world today where we have to worry about this. :(
 
I have one of these devices and honestly - I don't worry about it much. You can't simply sit and hack into the device with your laptops wireless connection - it doesn't work that way. It takes some fairly specialized equipment to do it...

On top of that - from my experience with the wireless reader in my own home, I practically have to be in same room with it in order for it to take a reading...don't get me wrong, I'm all in favor of making the devices secure...I'm just saying it's not as easy it's made out to be....
 
What kind of sick bastard would hack someone's pace maker?

Google would, then mine the data to figure out how to market ads to you, or advise you to go to the Dr. or tell you that your about to die
 
I'm actually reading a book right now where the protagonist assassinated a man this way and that book is from 2002. Rain Fall by Barry Eisler.
 
There is a lot of misleading information in that article, and some of it was just plain wrong. I have worked for Medtronic, Cardiac Pacemakers, Guidant, and Boston Scientific specifically on implanted devices. First, most of the devices out there today still use near field communications, not RF, to talk to the implanted device. You have to put the programming head within inches of the device for this to work, so you can't change settings etc. without the owner knowing. All of the RF devices I have worked on do use encryption on those links to prevent unauthorized access. In addition, at least one manufacturer only allowed interrogation to be done via the RF link. To program it required the near field link. And even if you could somehow get around all that and reprogram the device, it would still be hard to kill someone since there are a lot of safety interlocks in the device software and hardware to prevent that.

All these companies are aware that even a single wrongful death lawsuit could put them out of business, so they put a lot of effort into safety. It's the only place I worked where there were more verification testers on a project than firmware engineers. How many of you have done extensive fault-tree analysis on your products? It's a required step for all implanted medical devices.

And no, I don't work for any of these companies now, nor do I hold any of their stock. I just wanted to set the record straight.
 
"What kind of sick bastard would hack someone's pace maker?"

CIA, FSB, Mossad...

These are the same guys that play with poisoned cigars and umbrella tips.
 
There is a lot of misleading information in that article, and some of it was just plain wrong. I have worked for Medtronic, Cardiac Pacemakers, Guidant, and Boston Scientific specifically on implanted devices. First, most of the devices out there today still use near field communications, not RF, to talk to the implanted device. You have to put the programming head within inches of the device for this to work, so you can't change settings etc. without the owner knowing. All of the RF devices I have worked on do use encryption on those links to prevent unauthorized access. In addition, at least one manufacturer only allowed interrogation to be done via the RF link. To program it required the near field link. And even if you could somehow get around all that and reprogram the device, it would still be hard to kill someone since there are a lot of safety interlocks in the device software and hardware to prevent that.

All these companies are aware that even a single wrongful death lawsuit could put them out of business, so they put a lot of effort into safety. It's the only place I worked where there were more verification testers on a project than firmware engineers. How many of you have done extensive fault-tree analysis on your products? It's a required step for all implanted medical devices.

And no, I don't work for any of these companies now, nor do I hold any of their stock. I just wanted to set the record straight.

Thanks for the good info!

"What kind of sick bastard would hack someone's pace maker?"

CIA, FSB, Mossad...

These are the same guys that play with poisoned cigars and umbrella tips.

Yeah, I wouldn't be surprised at this "use" of this type of "exploit."
 
Back
Top