How's this for a bit of Thursday morning news?
At this year's Ruxcon BreakPoint Security Conference in Melbourne, researcher Barnaby Jack demonstrated how a laptop-wielding hacker could, from a 50 foot distance, remotely hack a victim's pacemaker and deliver a deadly 830-volt shock (for the record, it was a video and Jack didn't actually kill anyone :D)
That being said, this is seriously terrifying. The purpose was to raise awareness so that these medical device manufacturers actually do something to "up" the security on the products they make. Jack also went ahead to "demonstrate how he could re-write the devices' onboard firmware" and warned how "hackers could upload malicious firmware to servers that would be capable of infecting pacemakers and ICD's."
While the FDA focuses on how effective these medical devices are, it doesn't take the time out to inspect the code. The result is malware-stricken medical equipment. Couple that with the fact that the majority of hospitals and clinics have computers with long-outdated OS's, and you have a recipe for potential disaster.
Something needs to be done. And quickly, too. Otherwise, anonymous assassinations using laptops may not just be something that sounds like it came out of a movie, but rather a terrifying new-age malware reality. Read the full story here.
Killer Malware, Literally
Userlevel 7
Userlevel 7
+56
Yes this is very worrisome for me as I have a nephew with the Insulin Pump that can be compromised. :(
TH
TH
Userlevel 7
Hey T.H.
I can definitely see why you are concerned. Hopefully, this demo doesn't lead to any developments from the hackers' end, but helps move the medical industry to take the necessary steps and make the crucial upgrades so they can become more secure.
I can definitely see why you are concerned. Hopefully, this demo doesn't lead to any developments from the hackers' end, but helps move the medical industry to take the necessary steps and make the crucial upgrades so they can become more secure.
Userlevel 7
+56
I agree fully and I hope the Medical Community takes notice before it does happen.
TH
TH
Userlevel 7
Wow! What the heck is this world coming too. It's getting scary out there for sure. I have a few old friends that are on pacemakers. I agree, Something needs to be done quickly. Thank you for posting this information Yegor.
Userlevel 7
You're welcome PTD! Who would have imagined that this stuff is becoming a reality? It sounds like something straight out of a sci-fi movie and yet Jack showed that it's in fact very doable.
Userlevel 7
Remember Barnaby Jack? Back in October 2012, the man demonstrated how a pacemaker could be remotely hacked-the perpetrator could then send a lethal shock to the victim from up to 50 ft away. Scary, scary stuff. Not only that, but Jack also came up with a system able to scan for any insulin pumps within 300 ft. The hacker can then compromise the pump without needing to know the serial number (vulnerability provides it), at which point he/she can deliver a lethal dose of insulin to the victim. Well, earlier today, William Alexander of Vice posted an interview he had with Mr. Jack. You can read it here.
Below are two of the important questions asked in the short phone interview:
"So why are these devices designed with back doors that can lead to tampering?"
"There's valid reasoning behind having emergency methods to interrogate these devices. After all, these devices are implanted, and forgetting credentials would require cutting someone open [so they're made wirelessly-accessible so that doctors don't need to cut people open to make changes]. Our main concern is the distance in which these devices can be reprogrammed."
"I've heard that many hospitals use out of date software that could potentially be full of malware. Does that pose a potential risk to people's health?"
"Yes, many hospitals are using out of date software, and malware is known to be rampant on hospital networks. Hospitals often don't update their software as they're afraid of running afoul of FDA regulations. I think there is certainly a potential health risk, particularly if malware infects critical machines."
(Source: Vice; Via)
Below are two of the important questions asked in the short phone interview:
"So why are these devices designed with back doors that can lead to tampering?"
"There's valid reasoning behind having emergency methods to interrogate these devices. After all, these devices are implanted, and forgetting credentials would require cutting someone open [so they're made wirelessly-accessible so that doctors don't need to cut people open to make changes]. Our main concern is the distance in which these devices can be reprogrammed."
"I've heard that many hospitals use out of date software that could potentially be full of malware. Does that pose a potential risk to people's health?"
"Yes, many hospitals are using out of date software, and malware is known to be rampant on hospital networks. Hospitals often don't update their software as they're afraid of running afoul of FDA regulations. I think there is certainly a potential health risk, particularly if malware infects critical machines."
(Source: Vice; Via)
Userlevel 4
I sense an untapped market for Webroot. You know what to do! I can see a whole new line of products on the horizon. Better get R&D on this stuff now.
Webroot SecureHeartAnywhere.
Webroot SecureHeartAnywhere.
Userlevel 7
LOL! Love that one Gorg!@ wrote:
I sense an untapped market for Webroot. You know what to do! I can see a whole new line of products on the horizon. Better get R&D on this stuff now.
Webroot SecureHeartAnywhere.
On the serious side, I can understand why the devices are designed the way that they are, but it is indeed a rather serious situation, and quite concerning.
Userlevel 7
+54
I hope it does not take a tragedy before something is done about it.
Userlevel 5
This killer Malware worries me to no end!!!! I have family with pace makers and the thought what these hackers could do with this technology scares me to death. And as mentioned above what is this world coming to.:(
Userlevel 7
Any of the medical equipment I have used had properitary software and connectors (apart from serial ports) and you would really need to know what you were doing to access them. Obviously larger machines like MRI scanners etc will have a controlling PC`s (with Windows/Linux) but machines used to control body functions are normally fairly basic devices.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.