Wireless networking is clearly a basic requisite for any electrical device these days, now we all live in the future. The Nintendo Wii, for instance, would almost be worth the extra £180 even if it was exactly the same as a NES, but had wireless controllers and the ability to upload your shamefully bad racing times to the world. However, inevitably, the more devices that are on networks, the more security issues crop up; and the more devices that are on wireless networks, well, you don't even have to touch them to destroy them.
It's bad enough that people's computer networks are relatively easy to illegally access, even when certain common forms of encryption are used to prevent it. Generally, this isn't a matter of life or death. When it's hacking into someone's pacemaker though, obviously it is.
To refresh the memory of any non-medicos, a pacemaker or defibrillator is implanted into the chest of people with certain disorders that cause their heart to beat slowly, irregularly or otherwise "wrongly". When required, they send a quick zap of electricity into the heart in order to stimulate into beating in a rhythm conducive to the person staying alive.
These days, for obvious common-sense reasons, some pacemakers are fitted with wireless networking technology. This allows doctors to monitor how the device is working out for the patient in a nice clean office rather than a messy and painful surgical theatre; the device can upload data to a computer, or if things aren't going quite right the pacemaker's settings can be modified to set things straight. Advanced models can even communicate via the Internet, allowing doctors to monitor and supervise a patient from far, far away.
But of course, if doctors can mess around with such things, so can other people. Perhaps even nasty people. In a paper by Halperin et al. researchers share with the (scientific) community some of the little experimentation they've been doing regarding the analysis and attack of a typical example of this sort of device, the Medtronic Maximo.
As the New York Times reports, even without authorised access, they managed to access the pacemaker device wirelessly. Furthermore, they managed to program it to turn off, and, even more sci-fi-assassination-tastic, deliver a pile of dangerous electrical charges that were it implanted as per usual in someone's heart, could kill them. Scary stuff.
Part of the problem no doubt is many of these devices were never really built with security as the most important feature. After all, what weirdo would want to turn other people's hearts off? Well, probably at least the several hundred people who commit murder offences in the UK each yet. And that's without even mentioned the big bad "T" word that seems to set the agenda of the rather less liberal half of crime and punishment policy in the UK these days.
There is apparently (and indeed for now, realistically) no massive need to worry. It's not the sort of things that's easy to do, the NY Times article seemingly ruling it out as it takes a stack of specialist effort, $US 30,000 of equipment and to be within a few inches of the pacemaker the way the scientists did it. But really, for someone intent on causing death and destruction, these are hardly impossible resources to get hold of. The knowledge has obviously been discovered, the technology exists, and for devices that link up the t'internet you could possibly sit the other side of the world, click your mouse, and stop someone's heart beating.
Reference: Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
Comments
Post new comment