Stories
Slash Boxes
Comments

SoylentNews is people

Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks

posted by mrpg on Saturday December 03 2016, @03:31PM   Printer-friendly
from the hacked-in-a-heartbeat dept.

Phoenix666 writes:

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.

Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols.

From the position of blind attackers the pair managed to hack pacemakers from up to five metres away gaining the ability to deliver fatal shocks and turn off life-saving treatment.

The wireless attacks could also breach patient privacy, reading device information disclosing location history, treatments, and current state of health.

[...] "Using this black-box approach we just listened to the wireless communication channel and reverse-engineered the proprietary communication protocol. And once we knew all the zeros and ones in the message and their meaning, we could impersonate genuine readers and perform replay attacks etcetera."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by maxwell demon on Saturday December 03 2016, @08:03PM

    by maxwell demon (1608) on Saturday December 03 2016, @08:03PM (#436615) Journal

    Using your private key, you log-in to the admin interface and install the hospital's public key for special and speicic operations

    So, please tell me, what is the hospital you'll be delivered to in case of an emergency while on your next travel? Do you search out every hospital along your travel route to register all their keys?

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Saturday December 03 2016, @08:16PM

    by Anonymous Coward on Saturday December 03 2016, @08:16PM (#436623)

    MD here. Upvote parent, this is the correct answer.

    • (Score: 0) by Anonymous Coward on Saturday December 03 2016, @11:31PM

      by Anonymous Coward on Saturday December 03 2016, @11:31PM (#436692)

      System designer here. Public key server or possibly a public block-chain (depending on merits of centralized vs decentralized) is the right answer. Don't let MDs decide technical issues outside their field of expertise is another correct answer.

  • (Score: 2) by RamiK on Saturday December 03 2016, @09:53PM

    by RamiK (1813) on Saturday December 03 2016, @09:53PM (#436659)

    A time limited travel-route \ country wide keyring while traveling would be a quick fix. Maybe a small bar-code on a necklace or bracelet that you get before heading out that has the time limited key on it it... People with chronic conditions (allergies, chronic heart, pancreatic, renal problems...) deal with these sort of headaches all the time where they might be admitted to the care of doctor that doesn't have their medical records.

    --
    compiling...