Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Communications Security Software

'Fatal' Flaws Found in Medical Implant Software (bbc.com) 38

Security researchers have warned of flaws in medical implants in what they say could have fatal consequences. The flaws were found in the radio-based communications used to update implants, including pacemakers, and read data from them. From a BBC report:By exploiting the flaws, the researchers were able to adjust settings and even switch off gadgets. The attacks were also able to steal confidential data about patients and their health history. A software patch has been created to help thwart any real-world attacks. The flaws were found by an international team of security researchers based at the University of Leuven in Belgium and the University of Birmingham.
This discussion has been archived. No new comments can be posted.

'Fatal' Flaws Found in Medical Implant Software

Comments Filter:
  • Back in 2007, Dick Chaney's cardiologist disabled his pacemaker [sciencemag.org] - article also talks about the Homeland episode where this happened.

    LOL that most anything is controllable these days [control-ch...lights.com]

  • by Anonymous Coward

    and it hasn't done that yet. The medical profession kills a million a year who would otherwise not have died if they'd have stayed away from a hospital.

    • by Anonymous Coward

      obama care made killing so much easier

    • and it hasn't done that yet. The medical profession kills a million a year who would otherwise not have died if they'd have stayed away from a hospital.

      And they save hundreds of millions from death too... Not to mention the increased quality of life that comes with proper medical care.... But hey, let's not quibble about the little stuff..

    • Also, in most instances if you get close enough for the telemetry to cause the device to kill the person it is implanted in, you could have used a handgun. Or a knife, for that matter.

      • Most implant telemetry is very limited range - it's far easier to kill someone by any number of more common methods, and probably easier to get away with it via the more common methods, too.

        • by Gonarat ( 177568 ) *

          It depends. If the device uses bluetooth, then the proprietary commands could be reversed engineered and an app be put together. Imagine sitting next to someone while changing settings on their pacemaker. You get up and leave, and five minutes later the person dies. The chances of someone putting 2 and 2 together are slim, and even if they remembered you, you're just another guy on his smartphone. If the device uses a proprietary communications protocol on another part of the radio spectrum, then a tra

          • Generally speaking, devices like pacemakers run on very low power. The only way to interrogate or change their settings is to set the probe directly over the device. I'm not saying they have good security, but you're not going to do it without their noticing.
            • The old school ones communicated via air-core transformers, like wireless toothbrush chargers. There is a newer generation of higher frequency communications, but its still very range limited - it's quite hard to transmit out of a meat-bag.

          • Implants don't use bluetooth - though some of their external accessories do.

      • by sjames ( 1099 )

        Sure, but the cops are a lot more likely to believe the guy just dropped dead as you walked past if witnesses aren't saying they saw you shoot or stab him.

    • by TWX ( 665546 ) on Thursday December 01, 2016 @09:12PM (#53405515)
      Isn't this one of those false-equivalency things?

      The point is that the software to run these medical devices is designed with model where everyone is good and no one wants to do anything nefarious. We've learned with basically every system that has ever existed that people will attempt to manipulate it if they can. That no one has done it yet just means that no one has bothered getting around to doing it yet.

      Someone else in this discussion pointed out that Dick Cheney has a pacemaker and that it might have been accidentally shut off by his doctor at one point. If enemies of the United States figured out that he had this particular pacemaker then they could have looked for ways to intentionally make changes to it, either shutting it off or else attempting to change it to where it causes harm instead of helping. If it's wireless then those town halls, fundraising dinners, or any of a large number of other events where Cheney would routinely come into contact with the public would have offered an opportunity to attempt this, and it's very unlikely that medical professionals would have immediately leaped to the conclusion that the pacemaker was malfunctioning.

      Carry this further. A lot of older people have pacemakers. Those who stand to inherit might want to tamper with said pacemaker in order to inherit.

      The applications for this exploit already exist. I'm sure there are more than I've described. Right now this vulnerability remains unexploited (as far as we're aware) only through obscurity.
    • The medical profession also kills millions a year via medical mistakes, mostly unrelated to software.

      They help more than they hurt, by a wide margin, but it's like investing in the stock market: past performance is no guarantee of future returns, positive returns are NOT guaranteed.

  • So you're saying the firmware embedded in the devices to allow the operational parameters to be changed allows the operational parameters to be changed?
    • No, what they're really saying is that the firmware is updateable, which means that a determined attacker could push an update to a victim while they sleep with any kind of malicious functionality they choose Muahahahaha. But, seriously, why bother?

  • Anyone have a map to Wyoming?
    • Anyone have a map to Wyoming?

      Well.. (humming).. I know "the way to Santa Fe" if that helps, Wyoming is just north north east from there...

  • by mmell ( 832646 ) on Thursday December 01, 2016 @10:06PM (#53405761)
    The "Blue Scream of Death" would be the first hint.
  • Early pacemakers were "programmed" by magnetic pulses from a wire coiled wand. They could get reset to default by getting too close to any magnetic signal.
  • by Anonymous Coward

    Medsec partners with short-sellling specialists Muddy Waters LLC. Go public with claims of serious vulns in St Jude pacemakers, implanted defibrilators and remote programming tool. St-Jude takes them to court.

    Interesting situation ethically with the short selling & with respect to the whole responsible disclosure vs public disclosure debate

    https://www.bloomberg.com/news/articles/2016-10-24/muddy-waters-fights-st-jude-lawsuit-over-pacemaker-reports

    Technic details of vulns here (with redactions):
    http://

  • by bradley13 ( 1118935 ) on Friday December 02, 2016 @03:06AM (#53406745) Homepage

    "The team reverse-engineered the proprietary wireless signalling systems used by the implants which revealed flaws in the way data was broadcast."

    From this sentence alone, it is entirely obvious: The signals are not encrypted; there is no security to hack. These aren't flaws at all - they are design decisions. The manufacturers have some command protocol that they developed and use; while this may not be publicly documented, it is hardly secret: monitor the signals used, and you can figure it out. This doesn't take a "security researcher", all it takes is a kid with the right radio kit.

    People then rush to ask: Why do these devices not secure their signals? It may be that they never thought about it. However, the answer may also be that they want an open interface. Consider: you have a pacemaker and suddenly have a heart problem, and you are taken to the nearest hospital. With a secure interface, how does that hospital get the private key required to talk to your pacemaker? Which is the lesser risk to the patient's health: leaving the interface open, or securing it?

    • by rlumpy ( 906114 )
      My new Biotronik pacemaker appears to have security protocols installed. A programming session is started by pairing the programmer and the pacemaker with a wand that requires 10cm proximity (this provides the security key). The RF communications can then take place up to 3meters away utilizing a proprietary communication protocol. They claim that the communication is "security protected by state-of-the-art measures," according to the technical manual.
      • by Ihlosi ( 895663 )
        A programming session is started by pairing the programmer and the pacemaker with a wand that requires 10cm proximity (this provides the security key).

        How is the distance verified? Is it merely a matter of signal strength, or do they actually measure response times and signal trip times?

        If signal strength is the only criterion, all an attacker needs is a powerful transmitter and a sensitive receiver.

    • by Ihlosi ( 895663 )
      Indeed. How many locks do you want to see on an emergency exit or a fire extinguisher?

      Another thing to consider is battery life. Changing the pacemaker requires cutting holes in the patient, which poses a small, but (over a large number of procedures) real risk (anesthesia, infection, etc).

    • "The team reverse-engineered the proprietary wireless signalling systems used by the implants which revealed flaws in the way data was broadcast."

      From this sentence alone, it is entirely obvious: The signals are not encrypted; there is no security to hack. These aren't flaws at all - they are design decisions. The manufacturers have some command protocol that they developed and use; while this may not be publicly documented, it is hardly secret: monitor the signals used, and you can figure it out. This doesn't take a "security researcher", all it takes is a kid with the right radio kit.

      People then rush to ask: Why do these devices not secure their signals? It may be that they never thought about it. However, the answer may also be that they want an open interface. Consider: you have a pacemaker and suddenly have a heart problem, and you are taken to the nearest hospital. With a secure interface, how does that hospital get the private key required to talk to your pacemaker? Which is the lesser risk to the patient's health: leaving the interface open, or securing it?

      Not to mention the decision on risk is not decided by the manufacturer but by the FDA (I think that is the right group, I know much of the general details having worked in the field but never worked directly with certification). I believe they tend to focus more on immediate risk to the patient and a secure interface seems like a more immediate and dire risk to the patent in a time of crisis, as you mention, as compared to the lower likelihood of someone trying to hack that specific device.

  • If the compromised devices still function, even in a reduced capacity, is it really a fatal flaw?

God doesn't play dice. -- Albert Einstein

Working...