Wednesday, October 17, 2012

SHOCKING: Hacker Demonstrates Ability to Kill Anyone With a Pacemaker Inside a 30-Foot Radius

Remind me, if you will, to get a secure pacemaker when I reach that stage of my life. That is, if Obamacare hasn't banned them or killed me by that point.

Hacked terminals capable of causing pacemaker deaths

IOActive researcher Barnaby Jack has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.

The effect of the wireless attacks could not be overstated — in a speech at the BreakPoint security conference in Melbourne today, Jack said such attacks were tantamount to “anonymous assassination”, and in a realistic but worse-case scenario, “mass murder”.

In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop.

The pacemakers contained a “secret function” which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity.

Each device would return model and serial numbers.

“With that information, we have enough information to authenticate with any device in range,” Jack said.

In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server.

As we learned with Stuxnet, many embedded devices were never designed with security in mind. And it only takes one clever attack to raise awareness.

Hopefully our medical device, power and telecommunications companies are remediating these kinds of vulnerabilities as we speak.

No comments: