Bad infrastructure means pacemakers can be compromised before they leave the factory

It's been ten years since the first warnings about the security defects in pacemakers, which made them vulnerable to lethal attacks over their wireless links, and since then the news has only gotten worse: one researcher found a way to make wireless pacemaker viruses that spread from patient to patient in cardiac care centers, and the medical device makers responded to all this risk by doubling down on secrecy and the use of proprietary code.

Apple, CTA and Big Car are working in secret to kill New York's Right to Repair legislation

Here's the list of companies that are quietly lobbying to kill New York State's Right to Repair legislation (previously), which would force companies to halt anticompetitive practices that prevent small businesses from offering repair services to their communities: "Apple, Verizon, Toyota, Lexmark, Caterpillar, Asurion, Medtronic" and the Consumer Technology Association "which represents thousands of electronics manufacturers."

Can you audit the software that goes in your body?

The Software Freedom Law Center's latest white-paper, "Killed by Code: Software Transparency in Implantable Medical Devices," examines the strange circumstances around pacemakers and other implanted medical devices. Regulators like the FDA inspect the hardware designs for these devices in great detail, but the crucial software that runs the devices is a closed book — a proprietary secret that's only ever called in for examination when the devices start to crash, with disastrous circumstances. — Read the rest

Pacemakers can be remotely pwned

Kevin Fu (associate prof at the UMass Amherst/director of the Medical Device Security Center) gave a Black Hat presentation in Vegas yesterday in which he demonstrated a way of remotely disabling a pacemaker, using open radio technology. It sounds like other implantable devices, like those used for auto-administering drugs, would also be vulnerable to the attack. — Read the rest