A recent study by Kevin Fu, an associate professor at the University of Massachusetts at Amherst and director of the Medical Device Security Center, has uncovered a weakness in some pacemakers. It turns out that pacemakers communicate with a computer during initial configuration. This wireless communication channel is not encrypted and provides test functions that can turn off the device! The research team has developed a countermeasure which allows the wearer of the pacemaker an alert when someone is attempting to interact with their device. I hope these devices are upgraded to prevent this attack and future models keep this hack in mind…
Read published study (PDF)
"Our prototype of zero-power notification wirelessly drives a piezo-element that can audibly warn a patient of security-sensitive events. The prototype builds upon revision 1.0 of the Wireless Identification and Sensing Platform (WISP) [27], a postage stamp-sized embedded system that contains RFID circuitry and a Texas Instruments MSP430F1232 microcontroller with 256 bytes of RAM and 8 KBytes of flash memory. The WISP harvests energy from a 915 MHz RF signal generated by the Alien ALR-9640 nanoscanner, a UHF RFID reader running the EPC Class 1 Gen 1 protocol. Although we prototyped at 915 MHz, it may be possible to create similar hardware that operates at the frequency of current ICD programmers. WISPer adds to the WISP’s base code a 30-line C program that activates a piezo-element which we attached to the general-purpose I/O (GPIO) ports of the WISP. After WISPer receives a sequence of wireless requests from the RFID reader, it emits constant chirping, thereby informing the patient of the wireless interaction. A future version of WISPer could set a separate GPIO high after buzzing for a certain number of cycles, and the IMD could allow remote communications only after that GPIO is raised. WISPer satisfies our zero-power notification design constraints: it draws no energy from a battery and can issue alerts for all reprogramming activity."
Permalink
oh no this things are not also protected against solar storms
if the strong solar storm will hit the earth this devices will become out of control
Permalink
An alert? “Warning, warning, you are about to die.” How about some authentication?
Permalink
Next we’ll find out that prosthetic arms have a “stop hitting your self” function
Permalink
I wonder if it beeps like a truck backing up. I guess it’s good to know if you’re about to die, so you can avoid it…lol
Permalink
Wow.. “miky” — learn some English, please… “Day Trading Computers” — you can’t be serious… Can you? Other than that — this is ridiculous. Why would someone want to have control over a pacemaker? Seriously, it’s not like the person isn’t about to die anyways…
Permalink
[Robs NSFW Blog] if someone has total control of Pacemaker he can stop the hurt for a short time
you would have question how is that possible? it is possible because Pacemaker works when the hurt starts working irregularly
or stops working completely when that happens Pacemaker will hit the hurt with electricity and hurt will stop working and it will start again (hitting hurt with electricity it is like a reset button which we have on computers)
hacker which is in bed mode and he is a bad person can kill human
sorry for bad English
Permalink
That chink in the armor is one thing I feared, now there’s something that will act like a sentry.