Announcement

Collapse
No announcement yet.

Hacking Can Kill Now

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacking Can Kill Now

    People see this. I guess Thorn won't be able to come to Defcon anymore (drum roll) :-). I know terrible.

    xor


    This adds new meaning to the term computer forensics.

    You thought hackers have a bad name now.


    Research: Heart implant could be hacked

    Published: March 12, 2008 at 7:58 AM
    Print story
    Email to a friend
    Font size:
    SEATTLE, March 12 (UPI) -- A heart defibrillator-pacemaker combination is vulnerable to hacking, a team of U.S. computer security researchers say.

    In the lab, researchers could reprogram the device to shut down and deliver potentially fatal jolts of electricity if it were implanted, The New York Times reported Wednesday.

    Researchers said they could intercept patient data by "eavesdropping" on signals from the wireless radio embedded in the implant so doctors could monitor and adjust the device without surgery.

    The report, published Wednesday at www.secure-medicine.org, said hundreds of thousands of people with implanted defibrillators or pacemakers -- including U.S. Vice President Dick Cheney -- needn't worry about hackers. The experiment required more than $30,000 worth of lab equipment and a continuous effort to interpret the data from the implant's signals. The device the University of Washington and University of Massachusetts researchers tested -- a Medtronic defibrillator-pacemaker -- was within inches of the test gear.

    The researchers said results suggested that little attention was being paid to security in medical implants with communications capabilities.

    "The risks to patients now are very low but I worry that they could increase in the future," said Tadayoshi Kohno, a lead project researcher at the University of Washington.

    Obviously he has never been to Defcon :-).
    Last edited by xor; March 17, 2008, 20:11.
    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

  • #2
    Re: Hacking Can Kill Now

    I see the hacking humor but don't see the payoff unless you were hell bent on doing someone in and had $30,000 worth of very portable lab equipment you could get within 2 inches of the target. Something here a miss tuned microwave oven or cell phone couldn't also accomplish?
    Last edited by Greyhatter; March 17, 2008, 22:10.

    Comment


    • #3
      Re: Hacking Can Kill Now

      Most hackers don't need or have a reason. It's a lot like mountain climbing, people do it because it's there.

      xor

      A little wishful thinking sort of like this, man funny stuff http://www.alternet.org/blogs/video/52465/
      Last edited by xor; March 17, 2008, 20:26.
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #4
        Re: Hacking Can Kill Now

        Medtronic, the industry leader in cardiac-regulating implants, said Tuesday that it welcomed the chance to look at security issues with doctors, regulators and researchers, adding that it had never encountered illegal or unauthorized hacking of its devices that have telemetry, or wireless control, abilities.

        "To our knowledge, there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide," said a Medtronic spokesman, Robert Clark. Clark added that newer implants with longer transmission ranges than Maximo also had enhanced security.


        If this hack was viable and had been used to derail a live subject before then....

        "If I needed a defibrillator, I'd ask for one without wireless technology."
        Last edited by Greyhatter; March 17, 2008, 21:01.

        Comment


        • #5
          Re: Hacking Can Kill Now

          Originally posted by xor View Post
          The experiment required more than $30,000 worth of lab equipment and a continuous effort to interpret the data from the implant's signals.
          Remember when Sun SPARC 5's cost 10 grand? I'm sure this will be more of an issue in a few years when that 30K room full of equipment can be bought at Fry's for under 200 bucks and it fits in your backpack. Of course hackers aren't going to be running around flatlining people, but we'll get the heat when the criminal element does it.

          I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

          Comment


          • #6
            Re: Hacking Can Kill Now

            Cardiac pacemakers/implanted defibrillators are just the latest incident of this and we should expect the trend to continue. At DC15, a member of the DC Forums showed that different type of medical device was showing up on some wireless programs.
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: Hacking Can Kill Now

              Originally posted by Thorn View Post
              Cardiac pacemakers/implanted defibrillators are just the latest incident of this and we should expect the trend to continue. At DC15, a member of the DC Forums showed that different type of medical device was showing up on some wireless programs.
              That would have been me with my "Medtronic" Insulin pump and continuous glucose monitor. Like last year I will only be wearing the pump and leaving the wireless glucose monitor at home for defcon.

              You would think Medtronic would be more concerned, but that might be why a few of their products are not covered by insurance companies yet. Which sucks if you need said product/device, I have great insurance and they cover all of my stuff at 100%, however they will not cover the glucose monitor until more studies and upgrades to fix problems have been done.
              "It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times". Pearl S. Buck

              Comment


              • #8
                Re: Hacking Can Kill Now

                Originally posted by lil_freak View Post
                That would have been me with my "Medtronic" Insulin pump and continuous glucose monitor. Like last year I will only be wearing the pump and leaving the wireless glucose monitor at home for defcon.

                You would think Medtronic would be more concerned, but that might be why a few of their products are not covered by insurance companies yet. Which sucks if you need said product/device, I have great insurance and they cover all of my stuff at 100%, however they will not cover the glucose monitor until more studies and upgrades to fix problems have been done.
                Yes, that would be you, lil-freak! I just didn't want to mention names without permission.

                Actually, I'd really like to explore the idea further. Can you send me some screen and/or packet captures?
                Thorn
                "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                Comment


                • #9
                  Re: Hacking Can Kill Now

                  I was actually going to guess that it would be some sort of monitoring equipment that is equipped to output dumps of data without the use of wires, etc. It makes the most sense that the biotech industry would first attempt WiFi or BlueTooth type radio on those devices. Of course, they'll say that these are just outputting simple data streams or XML whatnot... but still.
                  1. How long until someone figures out that by associating with the device it's possible to do a lot more than just get simple figures but actually interact with the control systems or mess with firmware? (firmware updates are often the second thing that a manufacturer will start to play with over communication links... after data but before full control signaling)

                  2. What about just good old information leakage? For instance, someone having a radio receiving in their office when interviewing job candidates... "well, he goes in the 'no' pile since we don't want someone with weak kidneys on the healthcare plan" Even worse... if you know the unique ID of someone's unit, you could do the sort of things we talk about concerning the risks of chipped passports, like setting an explosive or other terroristic-type of device in a lobby and triggering detonation only after a specific individual's short-range signal is seen appearing.

                  Creepy, creepy stuff to me. What the fuck is the big goddamn hassle with a mini-USB port on these devices? (Yeah, i get it... internal vs. external... but still)
                  Last edited by Deviant Ollam; March 19, 2008, 12:17.
                  "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                  - Trent Reznor

                  Comment


                  • #10
                    Re: Hacking Can Kill Now

                    Originally posted by Deviant Ollam View Post
                    Creepy, creepy stuff to me. What the fuck is the big goddamn hassle with a mini-USB port on these devices? (Yeah, i get it... internal vs. external... but still)
                    Manufacturers don't think like we do.
                    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                    Comment


                    • #11
                      Re: Hacking Can Kill Now

                      Anyone good at writing formal letters to see if we/I can get some of these devices to crank at since they seem so willing to discuss potential issues?
                      Never drink anything larger than your head!





                      Comment


                      • #12
                        Re: Hacking Can Kill Now

                        Originally posted by Thorn View Post
                        Yes, that would be you, lil-freak! I just didn't want to mention names without permission.

                        Actually, I'd really like to explore the idea further. Can you send me some screen and/or packet captures?
                        Once I get a chance to go home I'll grab those for you and send them your way Thorn.


                        Originally posted by Renderman
                        Anyone good at writing formal letters to see if we/I can get some of these devices to crank at since they seem so willing to discuss potential issues?
                        I'm already working on this with one of my states local distributors for Medtronic. I soon as can get something the first one is yours Render.

                        I'd send you mine but I had to pay out of pocket for it and for a wireless device the size of a silver dollar they currently run more than $3000.00 USD plus $350.00 USD a month for the sensors that have to be changed out every few days.
                        "It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times". Pearl S. Buck

                        Comment


                        • #13
                          Re: Hacking Can Kill Now

                          Normally I don't post back to back however I thought for those of you who wanted more information on the tech I wear everyday here's a link Medtronic Minimed
                          "It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times". Pearl S. Buck

                          Comment


                          • #14
                            Re: Hacking Can Kill Now

                            Originally posted by theprez98 View Post
                            Manufacturers don't think like we do.
                            This article seems to fit rather well in the discussion: http://www.wired.com/politics/securi...tymatters_0320

                            Comment


                            • #15
                              Re: Hacking Can Kill Now

                              Originally posted by 0x58 View Post
                              This article seems to fit rather well in the discussion: http://www.wired.com/politics/securi...tymatters_0320
                              I feel better knowing I'm not the only person who walks into a place and wonder how I might shoplift.
                              "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                              Comment

                              Working...
                              X