Researcher Reverse-Engineers Pacemaker Transmitter To Deliver Deadly Shocks 216
Bismillah writes "Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"
Re:Why are these approved? (Score:3, Insightful)
Because the FDA doesn't care about security. It's not in their mission or charter, and they don't test for it. Hopefully with issues such as this, that issue will be rectified.
Isn't it plain and obvious... (Score:5, Insightful)
...the state of computer "engineering" is complete and utter shit if a fucking pacemaker can be hacked and compromised? What the mother fuck? Are you fucking kidding me? Shouldn't those be among the best designed, safest, most reliable and secure of devices? God help us all. Just wait until they drag us into this war with Iran here soon, and China and Russia decide to team up to end our bullshit and we end up descending into WW3.
Can you imagine the utter chaos in the U.S. when all our magic electronic boxes suddenly stop working, or worse, work silently behind our backs to sabotage and/or kill us? According to another /. article, it's 300+ days on average (sometimes years) between the finding of a typical "zero day" exploit and when it was actually found (kept hidden, and potentially exploited) by attackers. Who wants to bet money China and Russia both have teams of hackers dedicated to finding exploits for all common software and systems in the U.S., extensively documenting and writing code against them, nicely sorting and tabulating it all out and filing it away in an archive, then keeping this info close at hand at all times for when the right opportunity presents itself?
Right now we are more vulnerable than ever. Hands up: who here is looking forward to jumping into a world war with both feet, then being surprised by how much we don't know about our own security vulnerabilities, learning the hard way from powerful foreign countries that just might kick our asses, or at the very least cause massive damage (bombing, etc) to the mainland U.S.? We're learning now that pacemakers have huge gaping security holes. Holy fucking Christ. What else is out there waiting to be compromised and exploited?
Re:Why are these approved? (Score:5, Insightful)
Because the FDA doesn't care about security. It's not in their mission or charter, and they don't test for it. Hopefully with issues such as this, that issue will be rectified.
Uh, not their mission or charter? Care to tell me exactly what the fuck their mission and charter is, if it's somehow not trying to keep citizens safe from products produced by companies with crystal-clear motives (greed, profit), driven by executives with less-than-average morals?
Computer security may not specifically be their primary mission, but product security sure as hell is. And if it's not, then dismantle the whole damn organization, because clearly what the public thinks they do, and what they actually exist for, are two completely different things.
Re:Why are these approved? (Score:4, Insightful)
Yeah, but there's a difference between short range wireless (several cm) and long range (10's of metres) that makes a huge difference to the possible attach vectors.
Re:Isn't it plain and obvious... (Score:4, Insightful)
Yes but, there are consequences. When someone gets shot, investigations happen, people with motive are questioned. Mode of death and circumstances affect alot.
As an example, I have some friends with a farm and a good amount of land behind it. They have a camping ground for events and a number of structures etc in the woods from the many many years of farm and other uses.
They allowed someone that was going through hard times to stay in their woods, living in one of the primitive stuctures. He helped out at the farm, feeding the animals. One day, they noticed the animals hadn't been fed, later on, they went out to check on him.... he had attempted to kill himself, but was still barely alive.
The parametics and police were decidedly unhappy about having to head out into the woods....but did tell my friends that its a really good thing that they found him when they did, because if he had died, and they came to find the dead body, the investigation would have been a very different matter, whereas, since he was (even if just barely) alive when the police arrived, they could just call it an accidental OD or possible suicide and not have to investigate.
Now, if it were a gunshot?... you know they would investigate. However.... guy with a pacemaker has a heart attack? Thats natural causes man.
This could have happened already, many times over, and nobody would be any wiser.... no need to investigate such an "obvious" death.