In a presentation at the BreakPoint security conference in Melbourne, IOActive researcher Barnaby Jack described an attack on pacemakers that could, he says, deliver lethal shocks to their owners. Jack claims that an unspecified pacemaker vendor's devices have a secret wireless back-door that can be activated by knowledgeable attackers from up to 30 feet away, and that this facility can be used to kill the victim right away, or to reprogram pacemakers to broadcast malicious firmware updates as their owners move around, which cause them to also spread the firmware, until they fail at a later time. Darren Pauli from Secure Business Intelligence quotes Jack as saying,
“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,” Jack said.
He was developing a graphical adminstration platform dubbed “Electric Feel” which could scan for medical devices in range and with no more than a right-click, could enable shocking of the device, and reading and writing firmware and patient data.
“With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop," he said.
Manufacturers of implanted devices have been resistant to calls to publish their sourcecode and to allow device owners to inspect and modify that code, citing security concerns should latent vulnerabilities be exposed, and put implantees at risk. But as Jack's presentation demonstrates, vulnerabilities can be discovered without publication -- and if they are discovered and not disclosed, they may never be patched (or may not be patched until coming to light in some kind of horrific attack). In other words, secrecy helps bad guys, but keeps good guys and innocent bystanders in the dark.
Hacked terminals capable of causing pacemaker deaths
(Image: Atlas Pacemaker, a Creative Commons Attribution (2.0) image from travisgoodspeed's photostream)
Justine Haupt made this handsome and completely functional rotary cellphone. Her design is open-source and you can even buy a case kit from her company, Sky’s Edge Robotics. You have to find and carefully modify your own rotary dial, though — they’re apparently no longer made — as well as a few other components. Why […]
Samsung claims to have developed an “Ultra Thin Glass” for its new Galaxy Z Flip foldable smartphone, signalling scratch resistance and durability beyond that of similar products. But tests conducted by Zack Nelson using a Mohs Hardness Testkit [Amazon] — a set of styluses made of different materials — show that it is no more […]
There is very little evidence that Ring reduces crime. Hundreds of police departments have signed agreements with Amazon-owned Ring to obtain access to the home surveillance camera footage. Interviews with many of them, in 8 different states, show little to no evidence that Ring actually deters criminal activity.
If you remember your Norse mythology (or just watched Marvel’s Thor movies), you’re probably familiar with Heimdal, the god whose ever-watchful eye was entrusted with protecting the home of the gods in Asgard. Back on Earth, Heimdal Thor is also the name of a security package from Heimdal Security, that’s actually dedicated to much the […]
Everyone’s got their nose in a phone these days, and that doesn’t seem like it’s going to change anytime soon. With the increase in mobile device and e-commerce reliance comes increased need for developers who can build the apps we’re all so glued to. In fact, employment of devs is expected to grow up to […]
Whether you love cooking at home or you swore this was going to be the year you curbed your DoorDash addiction, you know you can’t get the job done well without the proper tools on hand. For all your recipe and meal prep needs, this 3-piece Sukasu Osami Chef’s Knife set will do you right […]