Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacking a Pacemaker

CmdrTaco posted more than 6 years ago | from the probably-not-the-best-idea dept.

Biotech 228

jonkman sean writes "University researchers conducted research into how they can gain wireless access to pacemakers, hacking them. They will be presenting their findings at the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy. Their previous work (PDF) noted that over 250,000 implantable cardiac defibrillators are installed in patients each year. This subject was first raised along with similar issues as a credible security risk in Gadi Evron's CCC Camp 2007 lecture "hacking the bionic man"."

cancel ×

228 comments

Sorry! There are no comments related to the filter you selected.

Bionic eye (5, Interesting)

sm62704 (957197) | more than 6 years ago | (#22727368)

I'm sure glad the device in my eye (see my sig for details) is focused by the eye's muscles rather than electronics/motors. Some things shouldn't be networkable.

Oh yeah, the oblig: We are cyborg. You will be assimilated. resistance is not only futile but you won't resist, you'll beg to join us..

Re:Bionic eye (3, Interesting)

Anonymous Coward | more than 6 years ago | (#22727400)

pacemakers aren't "networked" but are programmable, usually through a short range (touching the skin) transmitter. Need to be able to change the strength and trip thresholds without doing new surgery. Apparently, they need to add encryption/passkeys to the devices if they haven't already.

Re:Bionic eye (2, Interesting)

sm62704 (957197) | more than 6 years ago | (#22727610)

I would think the safest thing would be to have to physically interface with it to program any electronics in it. Once they've sewn one into my chest (thank God heart disease doesn't run in my family) I wouldn't want it to be programmable!

Re:Bionic eye (5, Insightful)

Ihlosi (895663) | more than 6 years ago | (#22727642)

Once they've sewn one into my chest (thank God heart disease doesn't run in my family) I wouldn't want it to be programmable!

Um, yes you do. Do you want them to have to cut you open because you don't like the maximum pacing rate and want to have it reduced by 5 bpm ?

Re:Bionic eye (2, Funny)

sm62704 (957197) | more than 6 years ago | (#22727930)

I want them to get the pacing rate right BEFORE they sew it in.

Re:Bionic eye (1, Informative)

Anonymous Coward | more than 6 years ago | (#22727952)

Changes in your health/body can warrant these adjustments.

Re:Bionic eye (2, Interesting)

Ihlosi (895663) | more than 6 years ago | (#22727980)

I want them to get the pacing rate right BEFORE they sew it in.

Finding out which settings you like or don't like unfortunately involves putting a pacemaker into you first. Of course, you could go with a completely dumb device, but your heart would be paced too fast when you're asleep and too slow when you're physically active.

Re:Bionic eye (1)

Brian Gordon (987471) | more than 6 years ago | (#22728450)

The one time you're thankful that manufacturers are so negligent with firmware/BIOS updates :)

Re:Bionic eye (0)

Anonymous Coward | more than 6 years ago | (#22727722)

there is practically no way to sew it into your skin and have it heal. open wound + non-organic equipment = fail. that's the reason they use wi-fi or similar in the first place.

Re:Bionic eye (4, Informative)

tsa (15680) | more than 6 years ago | (#22728612)

Believe me, you really want the thing to be programmable. They have to try a few settings to find oujt which makes you feel good, and if/when your body changes they can adjust the pacemaker accordingly. Modern pacemakers are marvellous pieces of technology that can give you your life back as long as you program them well!

Re:Bionic eye (1)

downix (84795) | more than 6 years ago | (#22727424)

You know I'd often wondered about your sig, but never wondered hard enough to read. Now I have, very interesting, as you have, well, a better "viewpoint" at this than the rest of us.

Re:Bionic eye (3, Interesting)

Misagon (1135) | more than 6 years ago | (#22727660)

Some things shouldn't be networkable.
Not networkable. A pacemaker communicates only with the diagnostic equipment.
Pacemakers are [i]implanted[/i] under the skin. The only way to interface with them is through induction or radio signals. The signals have ranges measured in centimeters.

Re:Bionic eye (5, Funny)

StylusEater (1206014) | more than 6 years ago | (#22727688)

I can see the headlines... "Cheney's Pacemaker Hacked by Chinese Militants" ... :-) One can only wish.

Re:Bionic eye (1)

BoomerSooner (308737) | more than 6 years ago | (#22727858)

Or better yet, "Cheney's pacemaker hacked by time travelers from the future." Circa 1999. Now that's a wish.

Re:Bionic eye (1)

sm62704 (957197) | more than 6 years ago | (#22728016)

I can see the headlines... "Cheney's Pacemaker Hacked by Chinese Militants" ... :-) One can only wish.

This is off the topic for the summary (but on topic for your comment) but if Cheney goes duck hunting with Bush we could have the first woman President.

If Cheney shoots Bush in the face [msn.com] accidentally while duck hunting (well it happened once before, I'd never go hunting with him) and suffers a heart attack as a result, and both die, then House Speaker Nanct Pelosi [wikipedia.org] becomes President Pelosi.

One can only wish!

Modding myself down with the "no karma bonus".

remote kill? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22727382)

does this mean that someone can eventually kill people remotely?

Re:remote kill? (4, Interesting)

Snowgen (586732) | more than 6 years ago | (#22727556)

does this mean that someone can eventually kill people remotely?

The technology for that already exists; it's called a "gun". It replaced an older technology called an "arrow", which in turn was the replacement for an even older technology called the "javelin". There was also an older technology called a "sling" which was a peripheral device designed to increase the effectiveness of the original technology call the "rock".

People have been remotely killing other people for millions of years.

Re:remote kill? (4, Insightful)

Oktober Sunset (838224) | more than 6 years ago | (#22727716)

Killing people remotely is not hard, doing it without anyone knowing it was you, without any indication at the time that it was anything other than natural causes, requiring no opportunity other than being within wireless range and leaving no evidence behind whatsoever. That's the novel part.

Re:remote kill? (0)

Anonymous Coward | more than 6 years ago | (#22727802)

... That's the novel part.
So, patent, may be ....

Re:remote kill? (1)

kdemetter (965669) | more than 6 years ago | (#22727984)

good idea .

That leaves a hole in the market , namely defensive devices this , like a tin foil t-shirt , sweater , etc
Together we will make millions .

More interestingly: get away with it (2, Insightful)

davidwr (791652) | more than 6 years ago | (#22727604)

I heard Uncle Joe is about to write me out of his will. He has a pacemaker. He's old, there won't be an autopsy. Hmmm......

Hacking the VP (5, Funny)

tobiasly (524456) | more than 6 years ago | (#22728132)

Yes, that's a very real concern that the secret service has been terrified of for years. Most people know that Cheney has a pacemaker, but the real secret is that they forgot to turn off SSID broadcast and its password is "Linksys".

Re:Hacking the VP (1)

Mister Whirly (964219) | more than 6 years ago | (#22728412)

It has been changed for security purposes. The SSID is now "Geezer" and the password is "psychograndpa". It also displays a warning when logging in "WARNING - unauthorized users will be shot in the face with a shotgun!"

pacemakers (4, Funny)

gEvil (beta) (945888) | more than 6 years ago | (#22727398)

Hacking a pacemaker? What could possibly go wr... *thud*

Re:pacemakers (0)

Anonymous Coward | more than 6 years ago | (#22727724)

"Repent, Harlequin!" Said the Ticktockman

Harlan Ellison

Re:pacemakers (1)

BillGod (639198) | more than 6 years ago | (#22727934)

I want to give this a try. Can I borrow someones grandpa?

Oh no, another exploit (0)

techgu (1253898) | more than 6 years ago | (#22727414)

What a surprise that you can hack something that has electronics?

If there is a will there is a way.

Re:Oh no, another exploit (1)

zappepcs (820751) | more than 6 years ago | (#22727670)

and if they hack your pace maker, you had better have a will.

Nevermind that, the burning question is will Clinton use this to scare us out of voting for McCain? He should be due for a pace maker soon if he doesn't already have one.

That kind of attitude is the problem (2, Insightful)

Moraelin (679338) | more than 6 years ago | (#22727672)

Well, sad to say and please don't take it as an offense, it's that kind of attitude that's the cause of half the problems today. Products are made by engineers couldn't care less about security, with their budget dictated by a boss who couldn't care less about security, and end up configured by users who couldn't care less about security. Because they all operate under that assumption that if it's even remotely related to computers or electronics, it can be hacked anyway, so why bother?

Well, no, there are ways to prevent that.

Let's start with the simplest: you can't remote-hack a computer which isn't connected to the net. Pull your network cable out of the computer and that's it, you can't be hacked by some guy in China any more.

Of course, you don't want to do that to your home computer, but we're talking pacemakers and the like. Why _does_ a pacemaker need a WiFi interface anyway? No, seriously. It's not like you want the users to surf for porn and post to Slashdot on their pacemakers. It's not even an appliance, as far as the user is concerned, it's a standalone device like their computer chair or the windshield wipers on their car. You have no freaking need for those to be networked, in any form or shape.

And here's an even more sobering thought: even if you wanted some control from outside, you're near your pacemaker the whole time. In fact, it's inside you. There's no time when you're on the other side of the town than your pacemaker is. So even if you're one of the die-hards that can argue with a straight face why you might need to log in to your fridge from work, the same doesn't apply to pacemakers. You're near it all the time. Any interface to it or from it can be contact-based just as well.

Second, even if you do want it networked, there _are_ ways to minimize bugs drastically. Code _can_ be proven correct, test cases can cover the code to ridiculous extents, and the thing can be riddled with pre- and post-condition checks right in the code and be able to fail safely to its normal offline mode. Yes, it's damn expensive to do that to something the size of Vista. But we're talking a pacemaker. It's just not the same number of lines of code. (Or if it does have millions of lines of code, maybe you just need to fire the guy who programmed it;)

More importantly, we already do _both_ of those for life-and-death systems like flight control systems on airplanes or brake computers on cars. They're both built and reviewed to be as good as bulletproof, _and_ not wired to talk to the outside world, unless one physically plugs in a special connector and a special computer into it. You don't want a car's brakes to be hijacked by wireless by the guy in the next car, so you just don't give them a wireless connection. Do you see any reason why we wouldn't apply the same thinking to a pacemaker? It's even more likely to kill than hijacking someone's brakes. There is no airbag to save you when your pacemaker fails.

So what I'm saying is: let's all stop and think twice before shrugging and dismissing security as impossible anyway. Sometimes it's very feasible to make it bulletproof, and, really, it has no excuse to not be so.

Re:That kind of attitude is the problem (4, Insightful)

Ihlosi (895663) | more than 6 years ago | (#22727736)

Why _does_ a pacemaker need a WiFi interface anyway?

Because sticking a JTAG connector through someones chest is fairly painful. You're welcome to experiment on yourself to confirm this.

Also, it's not a WiFi interface. It's a short-range (it goes through your chest, and water absorbs radio waves like crazy), custom, wireless interface. You have no freaking need for those to be networked, in any form or shape.

And you're, what ? An M.D. ? A biomedical engineer ?

Tell you what: Have fun with your dumb fixed-rate 75 bpm pacemaker, but don't expect to be running up any stairs anytime soon.

Any interface to it or from it can be contact-based just as well.

It basically is, genius. Or do you want it so contact-based that they have to shoot a couple of amps through your chest in order to make the pacemaker respond ? Hint: Think of a vital organ that's very, very close to the pacemaker and reacts very badly to having current shot through it.

More importantly, we already do _both_ of those for life-and-death systems like flight control systems on airplanes or brake computers on cars. They're both built and reviewed to be as good as bulletproof, _and_ not wired to talk to the outside world, unless one physically plugs in a special connector and a special computer into it.

They're also conveniently located outside the human body, so plugging a special connector into them doesn't involve going through someones tissue first.

Re:That kind of attitude is the problem (1)

radarsat1 (786772) | more than 6 years ago | (#22728020)

It basically is, genius. Or do you want it so contact-based that they have to shoot a couple of amps through your chest in order to make the pacemaker respond ? Hint: Think of a vital organ that's very, very close to the pacemaker and reacts very badly to having current shot through it.


While I agree with your post, don't forget that electricity and radio are not the only ways to communicate..

This seems like a situation where ultrasonic (or even just sonic) communication might be very useful! You could attach a voice coil to the inside shell of the pace maker. Then have a device which you press up against the chest of the patient. The pace maker and the device could easily communicate through physical vibrations without penetrating the skin! I wonder if this is already done..

After all, it's not like telling a pace maker to go to a new BPM setting requires a high bit rate.

Re:That kind of attitude is the problem (1)

Ihlosi (895663) | more than 6 years ago | (#22728066)

This seems like a situation where ultrasonic (or even just sonic) communication might be very useful!

If you had unlimited power, maybe. Just maybe.

You could attach a voice coil to the inside shell of the pace maker.

The acoustic impedance mismatch between the case of the pacemaker and the surrounding tissue will make this virtually impossible. You might get away with having the US transmitter on the outside, but this opens up the device for all kinds of nasty biocompatibility / degradation issues and most likely drains more power than a RF transmitter. So, interesting in theory, but not really feasible in practice.

Re:That kind of attitude is the problem (0)

Anonymous Coward | more than 6 years ago | (#22728168)

Great. That makes hacking even easier. Then you only have to send a kill-signal through radio or tv...

Re:That kind of attitude is the problem (1)

MMC Monster (602931) | more than 6 years ago | (#22728388)

Pacemakers have a limited battery life. Changing the battery requires surgery. (They are working on recharging, but the technology isn't there yet.) Wireless communication requires orders of magnitude less energy for the device than wireless.

Re:That kind of attitude is the problem (1)

kappa701 (742837) | more than 6 years ago | (#22728024)

If my doctors have given me correct information the radio transmitter in most pacemakers need to be activated by a magnet to work. The transmitters they put on top of the patients chest above the pacemakers activate the wireless signal, and need to stay on the chest to keep the signal. This is not only for security, but it also helps the pacemakers save battery. And changing a pacemaker battery is a bit like changing one in a MacBook Air, it is minor surgery. And so far they have not made rechargeable ones that last much longer then regular ones before the battery looses it's charging ability.

Re:That kind of attitude is the problem (0)

Anonymous Coward | more than 6 years ago | (#22727762)

No, your mom's the problem.

Literally.

Re:That kind of attitude is the problem (0)

Anonymous Coward | more than 6 years ago | (#22727790)

You have no freaking need for those to be networked, in any form or shape.
As long as you don't mind major surgery to make minor adjustments, I guess that's true.

There's no time when you're on the other side of the town than your pacemaker is. So even if you're one of the die-hards that can argue with a straight face why you might need to log in to your fridge from work, the same doesn't apply to pacemakers.
These things have a range of centimeters. So unless you live in a really small town...

Re:That kind of attitude is the problem (2, Informative)

Asic Eng (193332) | more than 6 years ago | (#22727908)

Why _does_ a pacemaker need a WiFi interface anyway?

Well it's not a pacemaker, it's a combination pacemaker/defibrilator. The second part is the reason why it can "deliver potentially fatal jolts" - that's just the range a defibrilator operates in. A connection via the internet allows a doctor to be notified of problems while the patient is at home, and the doctor could even take corrective actions right away. That's presumably why one of the doctors involved in this investigation said "If I needed a defibrillator, I'd ask for one with wireless technology." This is great research though - while it may not be possible to prevent any attack, it's quite possible to put safeguards in place and these guys are pushing the FDA and the industry to make that happen.

Re:That kind of attitude is the problem (2, Insightful)

DataBroker (964208) | more than 6 years ago | (#22728160)

So what I'm saying is: let's all stop and think twice before shrugging and dismissing security as impossible anyway. Sometimes it's very feasible to make it bulletproof, and, really, it has no excuse to not be so.


The excuse is that people are not willing to spend the difference it would cost to make it bulletproof. There are diminishing returns (even on life-saving devices) which people won't recognize or spend on.

Imagine walking into a doctor's office being presented with two (apparently) identical devices. One costs $1000, and the other costs $10,000. Yes, it's your life, but spending another $9000 to make it more secure isn't going to be the option most people choose.

Beyond that, imagine trying to convince an HMO the medical necessity for spending more money on the secure version. I'd suspect that the manufacturers have already considered that and decided to be competitive instead.

Re:Oh no, another exploit (1)

tristian_was_here (865394) | more than 6 years ago | (#22727680)

"hey Grandad I have something for you"

Don't fear.... much (4, Insightful)

NIckGorton (974753) | more than 6 years ago | (#22727416)

From TFA:

a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker. They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal

hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts -- they include Vice President Dick Cheney -- have no need yet to fear hackers
No need to fear they tell us because:
One:

The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant's signals.
And two:

"To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,"
Um, that was until a NYTimes article described that it could be done and (more importantly) a /. article linked to that NYTimes article so tons of geeks worldwide see the information. While security through obscurity doesn't really work, there is something to be said for people just not noticing that a thing is hackable.

Similarly the argument that it took $30,000 worth of equipment and a 'team of experts' is retarded because the same might probably have been said about DVD encryption till an adolescent did it in his bedroom with his home computer and enough caffeine.

If I had an AICD, I sure as hell wouldn't want to be around Cheney, lest the signal from mine be confused with his. Of course maybe that is why he has a man sized safe in his office is a Faraday cage.

Re:Don't fear.... much (2, Interesting)

TheRealMindChild (743925) | more than 6 years ago | (#22727772)

Similarly the argument that it took $30,000 worth of equipment and a 'team of experts' is retarded because the same might probably have been said about DVD encryption till an adolescent did it in his bedroom with his home computer and enough caffeine.

Not only that, but let's say the President of the United States has a pacemaker... $30000 is pittance for someone who wants him dead.

Re:Don't fear.... much (1)

Ihlosi (895663) | more than 6 years ago | (#22727800)

Not only that, but let's say the President of the United States has a pacemaker... $30000 is pittance for someone who wants him dead.

Now you only need to get that $30000 worth of lab equipment (= big and bulky) within a few inches of your intended victims chest ...

Re:Don't fear.... much (2, Interesting)

MMC Monster (602931) | more than 6 years ago | (#22728064)

Recent models of pacemakers and defibrillators from the major companies (Guidant, Medtronic, etc.) allow remote telemetry from home: You have a device sitting on a table next to the patient's bed which will check the device every night (or one night a week, etc.) and report back to the physician any abnormalities. Some also allow wireless programability, but not from home: The nurse waves the wand over the device, then the patient goes in another room and gets seen by the physician while the settings on the device are changed. The range is less than 50 feet, based on personal experience. Now, this can theoretically be done from home (if someone has the right device), and you can make changes without any passwords.

Before you ask, you should *not* start passwords-protecting these devices, as you may have a patient traveling and rendered unconscious and need to make setting changes and not have time (or ability) to call the manufacturer.

Come on...Seriously (1)

holmedog (1130941) | more than 6 years ago | (#22728190)

You know what else can stop your heart? And, at a much larger distance? My rifle. I find this kind of subject to just be more of the terror sensationalism.

I mean, sure, if your heart was hooked to the internet and easily hackable, I would be worried. But, right now, if I want to kill someone it would still be done with a good old fashioned bullet. Much cheaper (maybe a dollar?) and a hell of a lot faster.

dos (0)

Anonymous Coward | more than 6 years ago | (#22727418)

anyone else thinking DOS on Cheney?

But why? (2, Insightful)

Tsoat (1221796) | more than 6 years ago | (#22727434)

Even if you could hack it wirelessly the only benefits I see are bragging rights cool they may be just doesn't seem worth the time and effort

Re:But why? (2, Insightful)

kalirion (728907) | more than 6 years ago | (#22727744)

Unless you're looking to kill someone by pressing a button, of course.

Re:But why? (1)

ConfusedMonkey (1248260) | more than 6 years ago | (#22728278)

We have those already, they're called "guns". They even have an additional advantage of being lethal from 300 yards away rather than having to be pressed against someone's chest.

Hmmm (0, Redundant)

tarogue (84626) | more than 6 years ago | (#22727436)

Doesn't Dick Cheney have a pace maker?

Re:Hmmm (4, Funny)

Ihlosi (895663) | more than 6 years ago | (#22727456)

Doesn't Dick Cheney have a pace maker?



Yes, but the purpose of this device is unclear. What exactly is it pacing ?

Re:Hmmm (2, Funny)

BakaHoushi (786009) | more than 6 years ago | (#22727734)

I find this joke to be old and rather insulting, really. Of course Dick Cheney has a heart.

However, the notion that the heart is somehow related to empathy and love is also false. Instead, he had that section of his brain surgically removed. It helps him collect himself faster after his 3pm puppy kicking and orphanage closing.

Re:Hmmm (0)

Anonymous Coward | more than 6 years ago | (#22728052)

Buzz Killington ladies and gentlemen.

Re:Hmmm (1)

Mr2cents (323101) | more than 6 years ago | (#22727896)

I heard it was a present from the Wizard of Oz, but it didn't help.

FWD:hmmm (1)

RiotingPacifist (1228016) | more than 6 years ago | (#22727690)

TO: osama.bin.laden@cave.net
Doesn't Dick Cheney have a pace maker?

your sincerely, a helpful Brit.

Life imitates art (1)

theGreater (596196) | more than 6 years ago | (#22727440)

From http://www.snpp.com/episodes/BABF01 [snpp.com]

% The Simpsons happen upon Krusty, who is having a Y2K crisis of his
% own. His pacemaker is stuck in the "hummingbird" mode. Krusty
% lifts himself in the air briefly by flapping his arms, before
% collapsing on the ground.

See also:

http://en.wikipedia.org/wiki/Treehouse_of_Horror_X#Life.27s_a_Glitch.2C_Then_You_Die [wikipedia.org]

-theGreater.

This story is shocking... (0)

Anonymous Coward | more than 6 years ago | (#22727458)

A real heart stopper if you will.

Easy fix (1)

InvisblePinkUnicorn (1126837) | more than 6 years ago | (#22727468)

Just make a pacemaker for the pacemaker. That way, if it ever shuts down, it'll have a tiny little heart inside it to get it going again.

Re:Easy fix (1)

kdemetter (965669) | more than 6 years ago | (#22728072)

feeling very tempted to make beowulf cluster joke about it

Yeah but hacking a pacemaker (1)

sleeponthemic (1253494) | more than 6 years ago | (#22727474)

Would be heartless.

Medtronic Inc. (1)

metalman (33387) | more than 6 years ago | (#22727526)

For a device that serves a life-or-death function for many individuals, some of these headlines [nytimes.com] about Medtronic Inc. are not the most heart-warming. Especially this recall [nytimes.com] of defective heart parts.

I'm not that worried about this (1)

director_mr (1144369) | more than 6 years ago | (#22727528)

I'm not that worried about this for 2 reasons: Hackers usually want something that is easily available to hack. These pacemakers are not so common as to be everywhere and easy to access. It would take some work to find and set up a situation where you can hack a pacemaker. The second reason is there are a lot easier ways to kill people than this. If someone goes through this much effort to kill you, they could have done it any number of different ways already. So if you die this way, think of it as living longer than you would have otherwise.

Just shut it off (2, Insightful)

epilido (959870) | more than 6 years ago | (#22727532)

Most pacemakers and defibrillators can be turned off with just a magnet. This is designed to allow medical staff to stop a defective device. Yep I have done it myself and seen it done many times for diagnostic reasons in the hospital. M

Re:Just shut it off (1)

Arancaytar (966377) | more than 6 years ago | (#22727972)

Indeed - most technology exhibits that contain strong magnets have warnings about pacemakers. And a strong electromagnet could be hidden anywhere (didn't this site discuss them in door frames to avoid seizing of harddrive data, in fact?). The wireless networking may seem scary, but unless the range of the receiver is much greater than it needs to be, this doesn't sound like it would make pacemakers much more fragile than they already are.

I guess it's psychological. We humans don't like being reminded of how easily we can be killed, both by accident and by malice - especially when it involves software, which we associate with bugs and BSODs. ...

Wait, aren't most of the world's missile systems software-guided? Nuclear war: Cancel, Allow?

Wait for it (4, Funny)

Bombula (670389) | more than 6 years ago | (#22727536)

"It wasn't me grabbing her ass your honor, someone hacked my arm!"

So they can crack RSA and then get the pacemaker? (2, Interesting)

dbIII (701233) | more than 6 years ago | (#22727548)

RSA encryption is used in these devices. There certainly is a lot of techofear journalism about lately.

Re:So they can crack RSA and then get the pacemake (5, Interesting)

frog_strat (852055) | more than 6 years ago | (#22727872)

Working on the communications software for one of these devices, I can say for sure there is no encryption on at least one of them. A decision was made by the company to not worry about this issue at the moment.

The government have escrow keys (1)

Chrisq (894406) | more than 6 years ago | (#22728080)

All new pacemakers are to be fitted with government escrow keys to the control interface. After all, if you have nothing to hide then you have nothing to worry about, have you......

A better method (5, Interesting)

yamamushi (903955) | more than 6 years ago | (#22727560)

The article details how the researchers had to be within 2 inches of the pacemaker, and several thousands of dollars worth of equipment. I suspect there is an easier way to deactivate a pacemaker, find out what frequency they operate at. I've got an FM radio blocker, that is basically just a 100mhz oscillator, a potentiometer, and a battery. It works by canceling out a given frequency, thus letting me silence my neighbors stereo from 50ft away. I know the technique works for the 2.4ghz band, for blocking out wireless phone signals and whatnot. I suppose finding an oscillator in the high ghz range would suffice for 'killing' a pacemaker.

Easy solution (2, Funny)

DotNetFreak (1018190) | more than 6 years ago | (#22727594)

Why don't they build firewalls into the pacemakers? And perhaps close off ports 21, 80 and 135. Hmmm...

Re:Easy solution (4, Funny)

CrashPoint (564165) | more than 6 years ago | (#22727682)

Why don't they build firewalls into the pacemakers?
Because then you'd get heartburn. Geez.

Vivid imagery (1)

Wilson_6500 (896824) | more than 6 years ago | (#22727602)

But device makers have begun designing them to connect to the Internet, which allows doctors to monitor patients from remote locations.

"Excuse me, sir? The plane is about to taxi, and I'm going to need you to shut down your wireless internet device."

Some day in my lifetime, a person's heart might have "flight mode." That idea bowls me over. I'm assuming this is some kind of cellular internet connection the devices use. Fifteen seconds of google didn't really turn up much info, but then again I wasn't looking very heard.

Re:Vivid imagery (0)

Anonymous Coward | more than 6 years ago | (#22727826)

The device itself doesn't connect to the internet, there is a "base station" in the patient's home which the device connects to on a regular basis, and this station transmits data over the internet.

Re:Vivid imagery (1)

Misch (158807) | more than 6 years ago | (#22728142)

At least for mine, it looks like a coupler-style modem with 2 leads that attach to your wrists. There's a magnet included as well (at least on mine) that cause a different signal to be sent.

My base unit doesn't have internet connectivity, though I suppose it potentially could be done that way someday.

Obligitory Bionic Man Reference.. (1)

clonan (64380) | more than 6 years ago | (#22727632)

So can I get the pacemaker make a heartbeat sound like the jumping sound effect....

"nah nah nah nahhhhhhhhh"

It's not that bad (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22727640)

(Posting this as AC since I don't want to get in trouble).

I think the summary is more alarming than the actual article. The researchers had to be at two inches from the device in order to tamper with it.

It's probably not such a big deal now, but some more thought should definitely go into future products. 30000$ sound like much, but it certainly sounds like a bargain if you can kill the Vice President of the USA without even touching him.

I mean, imagine the following scenario:

1. Bad guys want to kill Cheney. That seems quite plausible.

2. They find out the exact model of his pacemaker. That sounds feasible with some knowledge of the field, money, time and determination.

3. They buy one and hire some researchers to crack it and to create an automated system which is portable and works reliably. Say, a laptop with some transmitter attached or something similar. This is quite hard, but should be feasible as well with enough money and time.

4. The researchers manage to increase the range from 2 inches to 20 inches. This is probably the hardest part.

5. The bad guys put the laptop in a briefcase, wires running up the sleeve and the transmitter in the other sleeve (close to the hand). This is easy.

6. Now they just have to get close enough to Cheney. I have no idea about how hard this is.

7. He has a "heart attack". Bodyguards/security come running and push all the people away. People go away because they don't want trouble, including the guy with the briefcase. I think this is quite realistic.

8. Cheney dies. Maybe they find out that the pacemaker was tampered with, maybe not. If not, the plan worked out perfectly. If yes, they will have some video on a security camera showing the bad guy, who is in another country by now. Maybe they catch him, maybe not.

This sounds pretty far fetched (and it is), but it could be possible with some minor advances. So some more thought should go into these devices.

Pacemakers have batteries which have enough power to supply some encryption hardware. What should be done to prevent this scenario is something like this:

1. Create a key pair for every pacemaker. The public key is on the pacemaker, the private key gets printed on a 2d barcode on a piece of plastic. The patient gets the barcode which he carries in his wallet. The patient's doctor/hospital also gets a barcode.

2. The devices used to communicate with the pacemaker have a slot for the barcode.

3. The pacemaker ignores any request not signed with the private key. Problem solved!

Re:It's not that bad (-1, Redundant)

morgan_greywolf (835522) | more than 6 years ago | (#22727730)

It's probably not such a big deal now, but some more thought should definitely go into future products. 30000$ sound like much, but it certainly sounds like a bargain if you can kill the Vice President of the USA without even touching him.
Several Presidents of the USA were already killed without even touching them: Abraham Lincoln, John F. Kennedy, James A. Garfield, and William McKinley. All were killed with such marvelous remote killing technology as a "gun".

 

Re:It's not that bad (0)

Anonymous Coward | more than 6 years ago | (#22727844)

That is true, but when somebody gets shot you know for sure that someone killed them. When somebody who already has heart problems has a heart attack you may not.

I draw the line here (0)

Anonymous Coward | more than 6 years ago | (#22727644)

The pacemaker is something that should be left alone. Its someone's life here that we are talking about.
Other things like a hearing aid, maybe... it just impairs communication. Pacemaker, no, your impairing someone's heart which you need to live.

Oh, great timing (1)

elrous0 (869638) | more than 6 years ago | (#22727648)

Dick Cheney is preparing to leave office and NOW you tell us?!?!

Insider (2, Insightful)

More Trouble (211162) | more than 6 years ago | (#22727652)

Would I need a "team of experts" and $30K of gear if I had worked as an engineer for Medtronic?

Re:Insider (0)

Anonymous Coward | more than 6 years ago | (#22728474)

you wouldn't even need to be within 2 inches of the device either... trust me on this one.

Yee-ha! (4, Funny)

clickety6 (141178) | more than 6 years ago | (#22727706)



I'm gonna overclock this sucker!
Better than a triple espresso!

Build your own joke: (1)

RandoX (828285) | more than 6 years ago | (#22727742)

Punchline: Heartworm.

Gives a whole new meaning to Force-Feedback (1)

Qbertino (265505) | more than 6 years ago | (#22727756)

Imagine hooking up your pacemaker to your favorite FPS via bluetooth or something. Every time you get hit your heart misses a beat. Literally.

I can also just imagine installing Vista remotely onto the pacemakers of all those Windows fanboys. ... :-) Hehehe ...

Not interesting (0)

Anonymous Coward | more than 6 years ago | (#22727760)

I don't see it as a big threat. In fact, I have a pacemaker implanted and HNNNNNNGGGGG.....

Gives a new meaning... (1)

Swampcritter (1165207) | more than 6 years ago | (#22727768)

to the term 'reboot', doesn't it? *Laugh*

Some health care insurance / hospitals may want to (2, Informative)

Joe The Dragon (967727) | more than 6 years ago | (#22727900)

Some health care insurance / hospitals may want to cut you off if you can't pay or they found out that you had a pre existing condition they make you pay up and say pay or we cut you off.
Some of them have said that a kidney transplant is to experimental and they let a someone die just to get out of paying for it.

Assasinate the VP (0)

Anonymous Coward | more than 6 years ago | (#22727918)

Will someone please take down the vice president?

Toyota Camrys and Defibrillators (1)

frog_strat (852055) | more than 6 years ago | (#22727966)

Some testing was conducted to see if the various transmitters on a Toyota Camry could interfere with operation of a defibrillator. Interference was detected that caused the defibrillator to miss sensing important heart events, and also to fire when there was no event. The study recommended staying a few meters away from certain areas of the car. Similar article on hybrid intereference: http://trusted.md/feed/items/system/2008/02/25/pacemakers_defibrillators_and_hybrid_cars [trusted.md]

About remote "Kill" signals (1)

Missing_dc (1074809) | more than 6 years ago | (#22727974)

There are many posts about high profile evil types with pacemakers and what-ifs to reprogram said pacemakers. They all seem a little silly to me since, as I recall, microwave ovens produce a signal that can kill the pacemaker user. Conceivably, it would not be very difficult to create a waveguide antenna to shape the output from a high-power microwave horn from a commercial microwave oven into an aim-able beam. With a few of these running at the same time a DOS attack would be very feasible. Disclaimer: IANAP (physicist), and have only dabbled in wifi antennas (about the same frequency of microwave ovens), nor do I recommend employing these tactics against anyone, no matter how despicable they are. Especially when a firing squad works just as well, its just not as geeky.

Anyone ever read "format C:"? (1)

Erez.Hadad (1131843) | more than 6 years ago | (#22727988)

I don't remember the author's name. Anyway, this book (should be 10 years old at least) has a pseudo sci-fi/apocalyptic plot in which the bad guy, who owns the most powerful software company on earth, uses its latest operating system to take control of all the desktops and collect information on all the people. I won't disclose the ending (but it's groovily psychedelic and dripping with LSD/religious fanaticism). However, I will point out the scenario where bad guy uses a PDA with his devilish OS to hack the pacemaker of one of his rivals and kills him through a fake heart-attack.

When my pacemaker is tested (3, Interesting)

InterGuru (50986) | more than 6 years ago | (#22728092)

Every six months my pacemaker is checked. Part of the test is to speed and slow down the pacemaker and my heart for a short time.

It is a truly heartfelt experience.

Bookwormhole.net [bookwormhole.net] -- a site for book lovers.

Re:When my pacemaker is tested (1)

Misch (158807) | more than 6 years ago | (#22728476)

I know. I was in for a checkup recently and came to the realization that of all the things I have been able to toy and tinker with, my doctor was essentially programming my heart.

I almost cried as I realized I had just been outgeeked, since I would never be allowed to operate the control panel. My doctor has toys that I cannot play with.

opportunity for extortion (1)

ch-chuck (9622) | more than 6 years ago | (#22728156)

Nice pacemaker you have there - shame if anything should happen to it.

The Article is Pure FUD (0)

Anonymous Coward | more than 6 years ago | (#22728452)

Last year I worked on a project that was trying to communicate with a proprietary communication protocol for a very large manufacturer of implantable cardiac monitors, pacemakers and defibrillator's. All I'll say is that even with all the documentation on the protocols, the source code and engineering resources of the company, getting a new device to even maintain an open communication link was a couple weeks worth of work. Then there was an entire software communication protocol after that.

Because this suckers are probably the most power conscience devices on the plant, on all the implants that had a radio link you had to activate the RF range communication by being a few inches away from the implants. The radio link distance wasn't much better, and meant that the person hacking your implant would have to be within a room or two away. So chances are, they couldn't hack your implant without you knowing it.

Yes, theoretically the implants are hackable. But for the amount of time, equipment and effort involved in hacking them, you might as well make your own medical implant instead. The "personal patient data" might mean they can tell what your heart condition is and what the settings are for the device, which would still be a lot of effort for very little gain. So in my opinion, the article is pure FUD.

Heart Attack (1)

jlebrech (810586) | more than 6 years ago | (#22728500)

Brings a different meaning to the words "Heart Attack"

Project Kira. (1)

MrMage (1240674) | more than 6 years ago | (#22728536)

Death Note, anyone?

(Sorry about the Anime reference, but wow.)

Researcher's article online (0)

Anonymous Coward | more than 6 years ago | (#22728554)

The research report is online at http://www.secure-medicine.org [secure-medicine.org] . The FAQ [secure-medicine.org] and paper [secure-medicine.org] have much more information. In fact, I'd suggest linking to the FAQ in an UPDATE to the main article.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>