SoylentNews is people
SoylentNews
Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols.
From the position of blind attackers the pair managed to hack pacemakers from up to five metres away gaining the ability to deliver fatal shocks and turn off life-saving treatment.
The wireless attacks could also breach patient privacy, reading device information disclosing location history, treatments, and current state of health.
[...] "Using this black-box approach we just listened to the wireless communication channel and reverse-engineered the proprietary communication protocol. And once we knew all the zeros and ones in the message and their meaning, we could impersonate genuine readers and perform replay attacks etcetera."
(Score: -1, Troll) by Anonymous Coward on Saturday December 03 2016, @06:25PM
If someone is victimized using the methods described by this paper, it would be hard for the authors to claim that their work had nothing to do with the crime.
Of course this issue comes up with other exploit publishing as well, but in this case the downside risk is unusually stark.
(Score: 2) by quintessence on Saturday December 03 2016, @08:30PM
I thought the security through obscurity model was sufficiently out of vogue by now.
While the notion of keeping people safe is laudable, there is also the not so small matter of determining whether a crime has been committed. If researchers can find the exploits, it is almost certain people with better incentives and more highly motivated can too. Better that those methods be described than hidden under wraps, especially for people who aren't necessarily in the know with regards to the latest tech, unaware that devices can be hacked; it just seems a run of bad luck with certain devices.