Announcement

Collapse
No announcement yet.

New pacemaker - safe at DEFCON?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mr Frosty
    replied
    Hey...son...where have you been all this time....;)

    Intentions aside, there is quite a bit of novel experimentation in this area at DC. I would not only be concerned with intentional acts buy the malicious, but also miscalculations by the curious and uninformed. LOTS of unlicensed radio gear being 'checked out' at Paris and Ballys last year, that is for sure.

    If you are truly concerned...a little shielding can go a long way...;)



    Leave a comment:


  • Frosty
    replied
    I'm by no means an expert, but after watching literally hundreds of talks from Defcon over the years the impression I get is that hackers take risk extremely seriously and this is a huge drive to do the jobs they do. No one knows the risks better than hackers do, it's just part of the mentality that hackers have. Being absolutely sure is impossible but that applies everywhere in the world. Even if you do not trust all hackers to be responsible there is a higher density of FBI and NSA in the area than probably anywhere else in the world for those 4 days and so people know to be on good behaviour. Honestly I have absolutely no expectation that anyone at the event has any risk from the activities discussed, there's been talks on interfering with planes and their communications/broadcast in the past yet I have no worries flying into DefCon from abroad.

    All I can really say for sure is that if I personally had a pacemaker I'd have no more considerations visiting Defcon than I would say flying there from overseas (which we are), I think it's a case where serious risk is plausible in a technical way but in reality extremely small, something you might liken to the risk of being hit by lightning if you leave your house during a storm.

    Leave a comment:


  • TheCotMan
    replied
    Originally posted by liberator View Post
    My wife just got a pacemaker implanted. Knowing how much interest there has been in insecure medical devices, and RF generally, I'm a bit paranoid about her attending. We are going to get her a conductive undershirt (yes, they exist, claiming 34 dB shielding), but I'm not confident in this approach. Any thoughts?
    I know very little about pacemakers, or how approved devices are normally expected to communicate with them.

    Nothing is safe at DEF CON or anywhere; we are surrounded by risks.

    I would expect there are different models made by different manufacturers. I would suspect each model has a unique collection of weaknesses. (From frequencies used, if any, and communicative protocol, and design changing which frequencies of EMI and field strength might cause problems with each model.)

    I would bet her risks are higher at DEF CON than other places like in a cave underground, but I would also bet that other people have attended DEF CON with pace-makers and suffered no pace-maker related issues as a result of attending. How can we cross-compare models even if people have had one and not encountered problems? It is also possible there yet are many unknown security issues, and once they are exposed, people may use them.

    I don't think anyone can accurately predict human behaviour with respect to attacks on medical devices.

    I don't think there is anywhere that is safe from attack.

    Best suggestions?

    Find out about the model of the device that she has and is using, and read about the specifications on how to communicate with it. If you are looking to provide shielding, test the frequencies it uses on any of the methods of shielding you are planning on using, and see if you can estimate the power required for various distances to overcome the shielding. Since most of these estimates of force applied with fields are based on distance as an inverse squares or cubes (power required for distance) you should be able to build a nice graph to show how much power would be required at various distances to defeat the shielding. Some ranges of power will likely be large enough to be discounted (for the most part) giving you a good estimate for maximum power. With a max power, you can then establish an estimated ceiling for distance with that power.

    Then you have the other side of things, where scientists have attempted to switch to directed EMI to make better use of power, but this is hard. Another approach that has been used to "increase power" has been to apply the same amount of power, but shorten the time it is applied. If you can dump 1000 watts of power over 1 hour to generate EMI you have 1 hour of 1 kilowatt hours of power, what happens if you can find a way to dump that same 1000 watts per hour over 1 hour, but dump all of the power in 1 second? The effective power over time would appear to be larger, even if sustained over a shorter time.

    Try finding all you can about the pacemaker that is used and if possible, get some you can use to test far away from your wife, and run some experiments, and attack it in as many ways as you can conceive. After you finish, consider passing your findings to the vendor to improve security of their devices. Then take all your work on what was found and fixed and submit a talk to the CFP (Call for papers) at DEF CON.
    Last edited by TheCotMan; June 28, 2016, 17:18.

    Leave a comment:


  • liberator
    started a topic New pacemaker - safe at DEFCON?

    New pacemaker - safe at DEFCON?

    My wife just got a pacemaker implanted. Knowing how much interest there has been in insecure medical devices, and RF generally, I'm a bit paranoid about her attending. We are going to get her a conductive undershirt (yes, they exist, claiming 34 dB shielding), but I'm not confident in this approach. Any thoughts?
Working...
X