SoylentNews is people
SoylentNews
Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols.
From the position of blind attackers the pair managed to hack pacemakers from up to five metres away gaining the ability to deliver fatal shocks and turn off life-saving treatment.
The wireless attacks could also breach patient privacy, reading device information disclosing location history, treatments, and current state of health.
[...] "Using this black-box approach we just listened to the wireless communication channel and reverse-engineered the proprietary communication protocol. And once we knew all the zeros and ones in the message and their meaning, we could impersonate genuine readers and perform replay attacks etcetera."
(Score: 0) by Anonymous Coward on Saturday December 03 2016, @11:52PM
The most critical messages should be encrypted using symmetric cryptography. The passkey would be stored in software and carried by the patient in his/her wallet or house key ring. They would also be registered with the patient's health care provider(s).
Of course critical messages would include changing the passkey, and some way to do a secure ping to verify that the key is correct (the answer would be yet another numeric code, whose correct value would also be stored on the passkey card; failure would produce a non-matching code, indistinguishable in appearance from a correct value).
Status and other routine messages could be unencrypted, to give attackers less opportunity to monitor encrypted traffic.
This is all pretty much common sense.