Researcher Reverse-Engineers Pacemaker Transmitter To Deliver Deadly Shocks 216
Bismillah writes "Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"
Vulnerability in pacemaker firmware? (Score:5, Funny)
Re:Vulnerability in pacemaker firmware? (Score:5, Funny)
I'm shocked, shocked!%N#)NO CARRIER
Re: (Score:3)
Re: (Score:2)
You should familiarize yourself with the Rule of Funny [tvtropes.org].
Re: (Score:2)
Dick Cheney option!
Re: (Score:2)
You can program pacemakers to shoot lawyers in the face?!!!
I think you're onto something! (Score:2)
You can program pacemakers to shoot lawyers in the face?!!!
Ooo, now there's an idea!
Beaker, get in here, I have something I want to show you...
Re: (Score:2)
They trip the cord with their foot as they fall from the chair.
Isn't it plain and obvious... (Score:5, Insightful)
...the state of computer "engineering" is complete and utter shit if a fucking pacemaker can be hacked and compromised? What the mother fuck? Are you fucking kidding me? Shouldn't those be among the best designed, safest, most reliable and secure of devices? God help us all. Just wait until they drag us into this war with Iran here soon, and China and Russia decide to team up to end our bullshit and we end up descending into WW3.
Can you imagine the utter chaos in the U.S. when all our magic electronic boxes suddenly stop working, or worse, work silently behind our backs to sabotage and/or kill us? According to another /. article, it's 300+ days on average (sometimes years) between the finding of a typical "zero day" exploit and when it was actually found (kept hidden, and potentially exploited) by attackers. Who wants to bet money China and Russia both have teams of hackers dedicated to finding exploits for all common software and systems in the U.S., extensively documenting and writing code against them, nicely sorting and tabulating it all out and filing it away in an archive, then keeping this info close at hand at all times for when the right opportunity presents itself?
Right now we are more vulnerable than ever. Hands up: who here is looking forward to jumping into a world war with both feet, then being surprised by how much we don't know about our own security vulnerabilities, learning the hard way from powerful foreign countries that just might kick our asses, or at the very least cause massive damage (bombing, etc) to the mainland U.S.? We're learning now that pacemakers have huge gaping security holes. Holy fucking Christ. What else is out there waiting to be compromised and exploited?
Re:Isn't it plain and obvious... (Score:5, Funny)
Holy fucking Christ. What else is out there waiting to be compromised and exploited?
Your sanity?
Re: (Score:2, Flamebait)
Holy fucking Christ. What else is out there waiting to be compromised and exploited?
Your sanity?
Your dildo?
Re:Isn't it plain and obvious... (Score:4)
Shouldn't those be among the best designed, safest, most reliable and secure of devices?
I'm surprised they would allow remote access without a direct connection. It's vulnerable enough in that it relies on electronic timing and can be affected by external electromagnetic forces; but, to make it accessible via wireless/RF/whatever just seems like a bad idea through and though.
Re: (Score:2)
AFAIK, wireless access was designed in so doctors can tweak the settings without having to cut into the patient to make a wired connection.
Re:Isn't it plain and obvious... (Score:5, Informative)
> Then maybe you need to go work for a body piercer, who has more than enough experience installing hardware into people without so much risk of infection.
The epidermis is highly resistant to infection compared to internal organ tissue which largely has no nerves and no significant way to deal with infection. The primary cause of death for cardiac surgery patients is infection.
> Pretty sad a piercer would have more experience than someone that supposedly worked for a medical device manufacturer.
The sad part is your ignorance.
Re: (Score:3)
Last time I checked (and to be honest, I didn't look that hard given the location of the particular piercing), these afficiondos don't go for the deep structures like the heart. There are qualitative and quantitative differences between putting a piece of metal in your skin and a wire into your heart. Guess which one is easier?
That said, I've seen plenty of infected piercings. The nice thing is you can remove them and the problem goes away. Removing the heart has other consequences.
Re: (Score:3)
As a pile-on to what others before me have said, piercings usually go into healthy individuals. Pacemakers and similar devices usually go into people who are highly vulnerable to immune system compromise.
Re:Isn't it plain and obvious... (Score:5, Funny)
utter shit if a fucking pacemaker
What the mother fuck?
Are you fucking kidding me?
end our bullshit and we end up descending into WW3.
work silently behind our backs to sabotage and/or kill us?
powerful foreign countries that just might kick our asses
Holy fucking Christ.
Ask your doctor if Xanax is right for you
Re: (Score:3)
I think this guy is well into Thorazine territory.
For the Slashdot crowd: Clomipramine (Score:3)
No, seriously, it sounds like he isn't getting any, in which case he might want to try clomipramine / Anafranil.
Apparently around 5% of users report spontaneous orgasm when yawning. [snopes.com]
I wish more things in life had side effects like that. Of course, that would necessitate certain changes to one's wardrobe, but I think the minor additional hassle would be well worth it...
:-P
Re: (Score:2)
"...the state of computer "engineering" is complete and utter shit if a fucking pacemaker can be hacked and compromised?"
While I don't know the details of this, I don't think you can claim that computer "engineering" is complete and utter shit because it's possible to do bad things that will kill people.
The vast majority of cars have wheel nuts that are accessible and use a standard spanner to remove. This is a real threat - cars with expensive wheels now typically use locking wheel nuts - but what you don'
Re: (Score:2)
God help all those poor soldiers on the front lines with pacemakers.... ...
oh wait...
Re: (Score:2)
The clear answer is that security has been an afterthought and still is for the most part. There is also the rather idealistic notion that such things are utterly beneath humans to do. What we have found on the Internet is pretty much nothing is "beneath" humans. If someone can get away with doing some mischief, they might do it. If they can do it anonymously, it is almost a dead certainty someone is going to do it if for no other reason than for laughs or bragging rights.
We are clearly starting to see
Umm... (Score:2)
We are clearly starting to see the dark underside of humanity. The Internet has allowed a huge amount of anonymous and pseudo-anonymous activity and this has pretty much turned over the rock so everyone can see the squishy, many-legged stuff that is buried in the human psyche.
"Starting to see"? No offense, cdrguru, but you sound like someone who has never read any history. All of that squishy, many-legged stuff has been happily striding across the breadth and scope of human experience for some time now. Arguably, since we've been human. (And by some accounts, much longer than that even -- pretty much all of humanity's ugly behaviours have clear predecessors / analogs in other primate species.)
Cheers,
Fireman Bill fallacy? (Score:2)
if a fucking pacemaker can be hacked and compromised [...] God help us all. Just wait until they drag us into this war with Iran here soon, and China and Russia decide to team up to end our bullshit and we end up descending into WW3.
Can you imagine the utter chaos in the U.S. when all our magic electronic boxes suddenly stop working, or worse, work silently behind our backs to sabotage and/or kill us?
I'd like to propose a new logical fallacy, the "Fireman Bill [google.com]" fallacy.
That's where you start with a problem and predict a series of possible - but highly unlikely - events which lead to total catastrophe.
I don't see it on the Lofical Fallacy Bingo card [lifesnow.com]. (Some are close or have similar characteristics, but none address the complete goofiness of the argument.)
Where does one go to register these things?
Re: (Score:3)
Re:Isn't it plain and obvious... (Score:4, Insightful)
Yes but, there are consequences. When someone gets shot, investigations happen, people with motive are questioned. Mode of death and circumstances affect alot.
As an example, I have some friends with a farm and a good amount of land behind it. They have a camping ground for events and a number of structures etc in the woods from the many many years of farm and other uses.
They allowed someone that was going through hard times to stay in their woods, living in one of the primitive stuctures. He helped out at the farm, feeding the animals. One day, they noticed the animals hadn't been fed, later on, they went out to check on him.... he had attempted to kill himself, but was still barely alive.
The parametics and police were decidedly unhappy about having to head out into the woods....but did tell my friends that its a really good thing that they found him when they did, because if he had died, and they came to find the dead body, the investigation would have been a very different matter, whereas, since he was (even if just barely) alive when the police arrived, they could just call it an accidental OD or possible suicide and not have to investigate.
Now, if it were a gunshot?... you know they would investigate. However.... guy with a pacemaker has a heart attack? Thats natural causes man.
This could have happened already, many times over, and nobody would be any wiser.... no need to investigate such an "obvious" death.
Re: (Score:2)
In the USA, there are plenty of people - millions actually - who have the means to kill anyone wearing a pacemaker quite easily. These people are called "gun owners". Now the number has increased by one - some idiot hacker who figures out how to hack into the pacemaker software. So what has changed?
Don't forget the 10s of millions of car owners.
Re: (Score:2)
Re: (Score:2)
Re:Vulnerability in pacemaker firmware? (Score:5, Informative)
There's pacemakers that only do the pacing.
There's ICDs; Implantable cardioverter-defibrillators that restores proper rythm after detecting arrythmias.
And there's combinations of the two. Most likely the pacemaker in question here is a combination device or they're actually talking about ICDs and not pacemakers.
A classic heart attack involves blocking of coronary arteries however and a defibrillator won't do shit for that. Defibrillations are made to terminate an arrythmic beat and restore the normal sinus rythm.
Re: (Score:2)
Sure, but any of those pacemakers can administer shocks to your heart. Whether they normally operate one way or another probably has little impact on whether somebody who can hack them can get them to do whatever. My understanding is that many pacemakers are capable of many modes of operation, since in terms of the hardware there isn't much difference. Kind of like how the ECU hardware in a sports car and a compact car might be the same, though the software might be different. Either way if somebody tel
Re: (Score:3, Funny)
Remember to disable fsck on startup!
Why are these approved? (Score:5, Interesting)
... he discovered no obfuscation efforts and even found usernames and passwords ...
How come such pacemakers were ever approved by the FDA?
Re: (Score:3, Insightful)
Because the FDA doesn't care about security. It's not in their mission or charter, and they don't test for it. Hopefully with issues such as this, that issue will be rectified.
Re:Why are these approved? (Score:5, Insightful)
Because the FDA doesn't care about security. It's not in their mission or charter, and they don't test for it. Hopefully with issues such as this, that issue will be rectified.
Uh, not their mission or charter? Care to tell me exactly what the fuck their mission and charter is, if it's somehow not trying to keep citizens safe from products produced by companies with crystal-clear motives (greed, profit), driven by executives with less-than-average morals?
Computer security may not specifically be their primary mission, but product security sure as hell is. And if it's not, then dismantle the whole damn organization, because clearly what the public thinks they do, and what they actually exist for, are two completely different things.
Re: (Score:3)
Re: (Score:3)
It takes a real paranoid person to think that someone would "just for fun" want to hack into a pacemaker. We haven't gotten over the idea that people are generally good and nobody would want to do this, even if they could.
The truth is that if you could kill someone with a mouseclick, you might - I don't care who you are, that is just the way people are in reality. We have operated under the assumption that "nobody would do this" for far too long.
Re: (Score:2)
The purpose of the FDA is to keep the profits of the pharmaceutical industry high. And nothing else.
FDA, for example, has entirely skipped on regulating "supplements". No matter their claims or effects, as long as they don't contain restricted substances.
Re: (Score:2)
And to add to that point:
People dying is very bad advertising for new medications, so FDA has an interest in preventing that. However, if someone else can be blamed for the death - or if it causes symptoms that can be treated or reversed - suddenly FDA cares much less.
Because if someone hacks a pacemaker the death can be blamed squarely on the hacker and FDA's hands are clean. Despite letting a dangerous, hackable pacemaker enter the market.
In many ways, FDA approval resembles a brand. And I suppose in that
Re: (Score:2)
FDA, for example, has entirely skipped on regulating "supplements". No matter their claims or effects, as long as they don't contain restricted substances.
Talk to Congress(ask for Tom Harkin(D-IA) and Orrin Hatch(R-UT) in particular. Harkin appears to be a True Believer and gets some nice campaign cash from Herbalife, Hatch? Well, let's just say that Utah has a thing [nytimes.com] for 'supplements'.).
The "Dietary Supplement Health and Education Act of 1994’’ [gpo.gov] says that the FDA can't do jack about 'supplements', aside from some basic manufacturing standards stuff, unless they get enough adverse event reports to satisfy the burden of proof(on them) and
Re: (Score:3)
Certainly part of their mission, but quality in the FDA realm has a peculiar definition. Quality is measured by presence/absence of paperwork for the most part. Sure, there are guides on what kinds of paperwork need to exist, but for the most part the FDA is much better at finding issues with the paperwork that is there than they are with finding issues with the paperwork that isn't there.
Most FDA types are doctors or scientists or such. You don't really get people thinking in terms of computer security.
Re:Why are these approved? (Score:5, Informative)
Re: (Score:2)
Re: (Score:3)
Re:Why are these approved? (Score:4, Insightful)
Yeah, but there's a difference between short range wireless (several cm) and long range (10's of metres) that makes a huge difference to the possible attach vectors.
Re: (Score:2)
Yeah, but there's a difference between short range wireless (several cm) and long range (10's of metres) that makes a huge difference to the possible attach vectors.
But since the attacker isn't worried about getting his hacked programming device approved, he's free to boost the amplifier and/or antenna gain on his end, or any other tweak he can come up with to increase the effective range.
Re: (Score:2)
he's free to boost the amplifier and/or antenna gain on his end
This is why I was fairly shocked (:wince:) when Dick Cheney very publicly got a remotely programmable pacemaker while he was in office. We'd just read stories about bluetooth being beamed over something like a kilometer at the time.
Re: (Score:3)
There actually isn't a fundamental difference between short-range and long-range wireless: its all broadcast, and range depends on both the the sensitivity of the receiver and the power of the transmitter. You can't make a system "short-range only" when you control only one endpoint.
Re: (Score:2)
Well in theory you can use a ping to determine distance, generally though you won't.
Re: (Score:2)
The FDA is clueless, susceptible to coercion and no competent independent security review was ever done.
Re: (Score:2)
Except, medical devices of all kinds are supposed to go through some fairly rigorous hurdles before they can be approved by the FDA. Even more so for the implantable kind.
That this is actually possible means either someone didn't fully grasp the impact of being able to get into these things remotely, or went for a "security by obscurity" approach. (Yes, they do need to be remotely accessible by the doctors, but you'd think they'd need to be som
Re: (Score:2)
medical devices of all kinds are supposed to go through some fairly rigorous hurdles before they can be approved by the FDA. Even more so for the implantable kind.
They do, but it's [been] more stuff like "resistant to body fluids and sanitizing compounds" and "rubber covers for all ports to prevent short circuits with possible sparks if items are set down on a metal surface which may be near an open oxygen tap" than "secure cryptographically protected interfaces" or "maximum protection for patient data".
Correction (Score:2)
a series of 830 volt shocks from the pacemaker
I think I understand the lack of security (Score:3)
I'm sure the developer was thinking, "Who would even think of trying to hack a pacemaker? Who would even want to?"
Unfortunately, it only takes one sociopath.
Re: (Score:2)
I'm sure the developer was thinking, "Who would even think of trying to hack a pacemaker? Who would even want to?"
Unfortunately, it only takes one sociopath.
Yeah, but there are a lot of developers are sociopaths. Fortunately one of the people who discovered this went public with the information.
Re: (Score:2)
So, Bobby, you're pretty good with the computers, right? Could you make the old ticker run a bit stronger for a while? Ya see, old man Johnson's been telling all the dames down at the retirement home all about how he keeps lapping me around the mall. I just need, you know, a little boost.
Re: (Score:2)
No, sorry this is just completely insane. Under no circumstances should this have been possible, at all, ever. How many senior politicians and CEOs have pacemakers? Something sounds like it went very wrong in the engineering, development, or management departments, or maybe all three.
Re: (Score:2)
No, sorry this is just completely insane. Under no circumstances should this have been possible, at all, ever. How many senior politicians and CEOs have pacemakers? Something sounds like it went very wrong in the engineering, development, or management departments, or maybe all three.
Think your statement through a couple more times. With emphasis on "CEO" and "politician".
Did something go wrong? Really?
Re: (Score:2)
Politicians are people t- ...hmm... hm...
Re: (Score:2)
Unfortunately, it only takes one sociopath.
Or an advertising company (for tracking). Or a supermarket. Or...
Re: (Score:3)
Think about intelligence agencies and secret service. The same people that already killed with Polonium poisoning in the past, for instance.
It's a very clean and safe way to dispose of someone after all: who can tell it from a real heart attack after the fact?
Re: (Score:2)
Logs? They were able to reprogram the firmware. You can't trust the logs - they say whatever the attackers want them to say. (Presuming the logs aren't being stored in a way that prevents them from being rewritten... but if their security is this bad, what's the chance that they did that?)
Time he died? Again, they were able to reprogram the firmware. Don't kill him right then - insert a "kill him at time X", with X being days, weeks, or months away. Note that you can also do things like "deliver the
Re: (Score:2)
Unfortunately, it only takes one sociopath.
...or one particularly loathsome patient.
Re: (Score:2)
Or...an heir or business partner.
Re: (Score:3)
There's a good chance the developer fuly intended to implement security. The conversation probably went like this:
PHB: Is it done yet?
Dev: All the basic functions work but now we need to do a secu....
PHB: Ship it!
Crank 3 (Score:5, Funny)
Dick Cheney (Score:3, Funny)
Dick Cheney has a pacemaker...
Re: (Score:2)
Dick Cheney has a pacemaker...
Had. He has a transplanted heart now.
Hmmm... sounds familiar (Score:5, Informative)
Seems like this was demonstrated four years ago, no?
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel.
IEEE Symposium on Security and Privacy, May 18-21, 2008.
See: http://www.secure-medicine.org/icd-study/icd-study.pdf [secure-medicine.org]
Solution.... (Score:5, Funny)
Assassins Creed 2020? (Score:2)
Sounds like a fun mission or mini-game for a future Assassins Creed title. Maybe you invade a Templar nursing facility and need to kill them without being detected.
*Lock-on target*
*BZZZZ-BZZZZ*
"Requiescat in pace."
Herp Derp article author (Score:5, Informative)
Pacemakers are used to establish a regular heartbeat (pacing) at a specific interval. Implantable Cardiac Defibrillators (ICDs) are used to deliver high-voltage shocks at a precise moment in time to stop an arrhythmia. Delivered at exactly the wrong time, this can induce an arrhythmia.
(2) "he issued a series of 830 volt shocks to the pacemaker using a laptop". Sorry pal, thanks for playing, hit the bricks, you're done. The ICD (not pacemaker) is the one issuing the shocks. At least the voltage level sounds about right. All of this starting from a ~3V battery too.
The wireless interfaces (telemetry) into pacemakers and ICDs are notoriously insecure, from all major device manufacturers. They are playing catch up now. Believe me, there is a lot of heartburn (no pun intended) in the ranks of corporate/executive management in the device companies when it comes to this topic.
A couple points worth remembering:
(1) These devices have very long lifetimes. The typical implant is expected to last 6-10 years (usually the battery is the limiting factor). So there are people walking around with devices in them with security problems from 10 years ago in some cases.
(2) It takes a tremendous amount of money to develop a new device in this class. All the testing, certification, trials, etc. The electronics and firmware are incredibly optimized for their specific function, the test suites are massive, the verification & validation processes are lengthy.
(3) Regarding (1) above about 10 year old firmware - essentially all devices support near-range telemetry, which allows a physician / tech within physical proximity (a few inches) to download logs about what events the device has seen / experienced. It also allows the device to be updated with firmware patches. Having been around this enough in different places, I'm pretty confident saying that it's always in the form of patches, as opposed to wholesale forklift updates.
Patches aren't just pushed out like Firefox releases, even the smallest one is a massive amount of effort -- even if the change is a one-line change in code. And more importantly, any patch requires the patient to visit the physician, the physician to be up to date on patches & warnings, etc.. I've seen data first-hand from 2 device manufacturers showing the distribution of devices & updates in the field, and believe me, not everyone is anywhere near up to date. Actually, it probably looks a lot like the Firefox version distribution...
Re: (Score:2)
Delivered at exactly the wrong time, this can induce an arrhythmia.
No kidding. That asystole arrhythmia is a real bitch.
Re: (Score:2)
The Power of Three? (Score:2)
Wasn't this the plot of a recent Doctor Who episode? [wikipedia.org]
Love the fact that... (Score:2)
Gee Brain, what do you want to do tonight? (Score:2)
This sounds like a plot for an episode of Pinky and the Brain.
See Karen Sandler's work on this issue. (Score:4, Informative)
Hackable medical devices are a known problem -- there's a great paper on it from Karen Sandler, at that time at the Software Freedom Law Center (she's given OSCON talks about it too):
Killed by Code: Software Transparency in Implantable Medical Devices [softwarefreedom.org]
And the SFLC's announcement / summary of the paper:
Software Defects in Cardiac Medical Devices are a Life-or-Death Issue [softwarefreedom.org]
Wonderful discovery! (Score:2)
12 years too late...
DNS (Score:4, Funny)
Re:Function creep...? (Score:5, Informative)
Re:Function creep...? (Score:5, Interesting)
There is the other side of this - if the pacemaker was protected by a password, what if a cardiologist other than the one that installed it had to access/update/configure it? Either there would have to be a commonly-known access code (negating all attempts at securing the device) OR the doctor would have to contact the Mfg. or some central password authority to get the codes to access the device, and that might be an unacceptable delay in a life-or-death scenario.
Sure, you could ask patients to carry password cards OR tattoo the password on a body part if you really felt the need to password-protect the device.
Not so sure about one pacemaker updating another pacemaker, as the description mentions - does the pacemaker really have a strong enough transmitter to download a new firmware image onto another pacemaker in another body?
Re: (Score:2)
Sure, you could ask patients to carry password cards OR tattoo the password on a body part if you really felt the need to password-protect the device.
What about implanting an RFID chip on the patient that constantly transmits the password? Oh, wait...
Re: (Score:3)
I think you're close. You need a secondary access method that requires direct skin contact near the device in order to bypass the front-line wireless security. Same concept as how most people will protect wireless access to their home network, but rely on physical security to prevent someone replacing their router: if someone can get close enough to get physical access, you'll know it and know to stop it before it's too late.
Re: (Score:2)
You can put a database with ID/key pairs inside the communication devices (pre-generated so you don't need to update the database). Can still be compromised of course by hacking the communication device, but it does add an extra layer of security.
Re: (Score:2)
Of course with a strong encryption algorithm a single secret key would be enough, but this is assuming you want to use something weak or password only.
Re: (Score:2)
If it's a non-time-critical update/maintenance sort of thing then there's no reason one cardiologist couldn't contact another and get the access information beforehand or just have a very expensive, very hard to steal machine in the hospital that authenticates things for you.
If it's in the field, I doubt a paramedic would have the kind of training to be tweaking a pacemaker anyway.
I'm sure they could be carrying a smartphone-type device that tunnels from the pacemaker or other such medical device to a speci
Re: (Score:2)
At 53, I'm still a boomer. Considering that I'm still out doing 5 mile runs, I suspect I have the potential to hang on a bit longer.
Re: (Score:2)
Considering that I'm still out doing 5 mile runs
Sadly, in the USA, that makes you a far right corner of the bell curve elite athlete.
I shit you not, I'm considered an "athlete" or "jock" at work because I take a 1+ mile walk every day as a portion of my lunch hour while everyone else in the 500 person building sits around and gets fatter at lunch time.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If after 53 years you still haven't finished your 5-mile run, you may not be in especially good condition...
Re: (Score:2)
Not "most", but more than a third of americans are obese, yes. If the trend holds, it'll be "most" in another decade.
Re: (Score:2)
I don't know enough about pacemakers / ICDs to know if they could have any extra-human capabilities ... Anyone?
"It's the sound of progress, my friend!"
Re: (Score:2)
Re: (Score:2)
So pacemaker manufacturers put in mechanism for making 800 volt shocks?
Read the article. It's an implantable _defibrillator_. You know, the ones where they used to rub the pads together and yell, "Clear!" before using?
Re:Well I'm convinced it's true (Score:5, Informative)
I built a stun gun capable of generating 900,000 volts on-demand out of a few dollars worth of parts and a 9 volt battery, and it fits in the palm of your hand
900V or 9 kV I would believe, 900 kV not so much.
You would need creeping distances of more than 300 mm just to prevent arcing and making the voltage collapse before it even reached the 900 kV.
"900 kV" and "fits into the palm of your hand" are mutually exclusive, I think.
(and yes, I've designed and built multi-kV devices myself)
Re: (Score:2)
Explaining it to the manufacturers of 900 kV stun guns will have no effect.
They know very well that their product does not reach 900 kV.
Those tasers may very well reach 90-100 kV (spark length of 3-3,5 cm), but not tenfold that.
It's just as with the 200W PMPO computer speaker sets that are supplied from a 12W transformer: pure marketing hype.
But, I agree with your main point: it is trivial to create a sufficiently high voltage in a small volume.
Even the simplest 2 kV fly swatter tennis rackets show that.
Re: (Score:2)
Why just have one wire in your bra? Introducing the Faraday collection!
Will it match my tinfoil hat?
Re: (Score:3)
... Reminds me of the TV-B-Gone.
Father-in-law begone.
Better.