Pacemakers, defibrillators open to attack (The Register)
Crims could send 830 volts straight to your heart...
Join the discussion
1 Comment
October 17, 2012 --
Pacemakers and implanted defibrillators are vulnerable to wireless attacks that could kill tens of thousands, says the security researcher best known for "jackpotting" an ATM on stage at the BlackHat security conference in Las Vegas in 2010.
The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that “the most obvious scenario would be a targeted attack against a high profile individual.”
Jack also warned of a worst-case scenario “worm with the ability to commit mass murder".
Such devices are accessible through a wireless interface designed to deliver telemetry and allow maintenance. But Jack, who works for US-based security company IOActive, has subverted security in that interface and showed delegates a video demonstration of a wireless attack against an Implantable Cardioverter-Defibrillator (ICD). "There's 830 volts going into the heart there, which is a bummer," he said as an audible zap played over the conference audio system.
The attacks work at a range of up to 50 feet.
Comments
Hello,
Scary stuff. For me, this type of article is where disclosure of security research crosses the line as people could actually get hurt. I think in this case, a code of ethics in disclosure would be useful - i.e "You found the bug, you fix the bug" before disclosure? If the company doesn't want to fix it after taking account of the research, they should be held liable.
Interesting to note that before drugs come to the market they have to undergo strict testing. What happened to the code audit before the device was deemed fit to be implanted? Perhaps a new area of IT compliance to be introduced?
Post new comment