Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks

posted by mrpg on Saturday December 03 2016, @03:31PM   Printer-friendly
from the hacked-in-a-heartbeat dept.

Phoenix666 writes:

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.

Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols.

From the position of blind attackers the pair managed to hack pacemakers from up to five metres away gaining the ability to deliver fatal shocks and turn off life-saving treatment.

The wireless attacks could also breach patient privacy, reading device information disclosing location history, treatments, and current state of health.

[...] "Using this black-box approach we just listened to the wireless communication channel and reverse-engineered the proprietary communication protocol. And once we knew all the zeros and ones in the message and their meaning, we could impersonate genuine readers and perform replay attacks etcetera."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Dunbal on Saturday December 03 2016, @03:49PM

    by Dunbal (3515) on Saturday December 03 2016, @03:49PM (#436540)

    Of course for most of these you have to be in physical contact with the patient. The "wireless" attack has a range of 2-5 meters, but very few defibrillators/pacemakers have that feature turned on. The others you need to be in skin contact with the person. Well if you can get that close, a knife could be much simpler.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2, Informative) by Ethanol-fueled on Saturday December 03 2016, @04:12PM

    by Ethanol-fueled (2792) on Saturday December 03 2016, @04:12PM (#436542) Homepage

    Notably, Dick "Darth Vader" Cheney had high-profile issues [sophos.com] with potential threats to his pacemaker.

    • (Score: 2) by Dunbal on Saturday December 03 2016, @05:48PM

      by Dunbal (3515) on Saturday December 03 2016, @05:48PM (#436569)

      The wireless is disabled by default. You have to enable it. This is per my experience as a physician and per TFA. So the Cheney story was probably just attention-seeking which is all well and good because secure devices are not a bad idea, but not exactly the truth either.

      • (Score: 0) by Anonymous Coward on Sunday December 04 2016, @01:48AM

        by Anonymous Coward on Sunday December 04 2016, @01:48AM (#436729)

        Wow, a physician.

        Hey listen, doc. I got this weird itch...

      • (Score: 2) by Snotnose on Sunday December 04 2016, @01:58AM

        by Snotnose (1623) on Sunday December 04 2016, @01:58AM (#436734)

        If it's disabled by default how do you enable it? Get the pulse rate up to 120, down to 90, up to 100, within 5 minutes?

        --
        When the dust settled America realized it was saved by a porn star.

        • (Score: 2) by davester666 on Sunday December 04 2016, @08:05AM

          by davester666 (155) on Sunday December 04 2016, @08:05AM (#436820)

          You have to hit it with a defibrillator to flip the switch.

      • (Score: 1) by anubi on Sunday December 04 2016, @06:15AM

        by anubi (2828) on Sunday December 04 2016, @06:15AM (#436794) Journal

        Seems like something like an induction-coil coupler would be appropriate, so one would have to have the communication coil right over the skin under which the other coil resides.

        If one has intent to do another in, its probably gonna happen anyway... whether it be done by clever technical means, chemical means, or physical means.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  • (Score: 5, Informative) by TheRaven on Saturday December 03 2016, @06:53PM

    by TheRaven (270) on Saturday December 03 2016, @06:53PM (#436582) Journal
    If you stab someone, it's obvious to them that you've attacked them and even more obvious on surveillance footage, plus you have a bloody murder weapon that's tied to the victim and it's pretty obvious that they were murdered. If you only need brief skin contact, then you can just brush past them and trigger a heart attack. It probably won't even show up on CCTV - you're just one of the people in a crowd that passed the person who died of natural causes.
    --
    sudo mod me up

  • (Score: 2) by dyingtolive on Saturday December 03 2016, @11:14PM

    by dyingtolive (952) on Saturday December 03 2016, @11:14PM (#436687)

    Five fingered death punch?

    --
    Don't blame me, I voted for moose wang!