Hacker Barnaby Jack dies just before Black Hat presentation on lethal pacemaker hacks

Reuters reports that hacker Barnaby Jack, who was headed to the Black Hat hacker convention to present techniques for attacking implanted heart devices that could kill their user from 30 feet away, has died unexpectedly. He was 35.

Authorities in San Francisco are investigating.

He discussed the pacemaker hack, featured in fiction on the TV show "Homeland," in a blog post earlier this year.

In 2012, Cory wrote on Boing Boing about his claims of being able to write lethal pacemaker viruses.

Previously, the security researcher had demonstrated at Black Hat how to hack ATMs to spit out money.

Bloomberg has more on his life and death.

The synopsis for his scheduled August 1 talk at Black Hat 2013:


In 2006 approximately 350,000 pacemakers and 173,000 ICD's (Implantable Cardioverter Defibrillators) were implanted in the US alone. 2006 was an important year, as that's when the FDA began approving fully wireless based devices. Today there are well over 3 million pacemakers and over 1.7 million ICD's in use.

This talk will focus on the security of wireless implantable medical devices. I will discuss how these devices operate and communicate and the security shortcomings of the current protocols. Our internal research software will be revealed that utilizes a common bedside transmitter to scan for, and interrogate individual medical implants.

I will also discuss ideas manufacturers can implement to improve the security of these devices.

Notable Replies

  1. You know BBG has had a lot of stories lately that point to big brother and loads of somewhat creepy things that lead me to believe that the world is largely out to get us....

    Could we get some posts about people working together in peace and harmony as a bit of a unicorn chaser.

  2. BRB, I'm set to construct a tinfoil hat to dwarf those monoliths of Giza

  3. Do we have any actual reason to suspect that this guy was murdered by, I dunno, anyone? Skepticism doesn't even require faith in the government, just common sense: there's no reason why a sinister cabal capable of ordering untraceable assassinations should give two shits about your Grandma's pacemaker, and anyone who did care to gather enough info on this guy to kill him would have realized in the process that he's actually trying to improve pacemaker security, fearmongering news reports notwithstanding.

  4. It's not just the pacemakers that are at risk. An extremely high percentage of computer systems used in US hospitals and medical offices run out of date OS software, do not have up-to-date virus definitions for their AV software, and do not have updated medical software, and it's the government's fault.

    Under the current wording of laws (as of last November, when I researched Jack and the pacemaker hacks for an ethical position paper), any software updates to such systems technically count as a modification that would require recertification of the equipment by the FDA or other bodies involved in such certifications. As a result, hospital administrators and IT teams are choosing to turn off automatic updates and keep going with what they have, rather than risk invalidating their equipment. It's a flawed set of rules that needs to be rewritten, especially considering that some institutions in the studies demonstrated malware infections rates as high as 90% of all computers in some hospitals being affected.

  5. If all you're looking for is motive, then I will point out that the majority of the US government is composed of old men. They're also primarily wealthy, and have probably the best health plan in the country. I have no idea how many congresscritters or other high ranking washington types have pacemakers, but I'm sure it's more than a few. And with their resources, I'm sure they all have the best and newest. In other words, if you had to pick a group of people most at risk for an attack of this kind, it just happens to be the same group that has the ability to pull off a "died under mysterious circumstances" to prevent it.

    That's still not proof by any means, but as a conspiracy theory, it is definitely plausible.

Continue the discussion bbs.boingboing.net

9 more replies