GIF89a̙fffff33333!,I8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzxL.zn|N~@8V8 a%(T@  bĆJhȱcGnXH20dĉDTp2Lqi@I,*D$̣.Qit!|*4QB^TP@.jD FIBLmĺUHBک8jv&ֹC[C[v* $5zG[kpc<[W{.)HWњ> Jmםi!L/ V5&s mjdO ʓh(л˅"ݥ!Ye% QS 2xĀ{,4aUb$$'Ԅh\t C}enpc!z%g"E,=!IE% 85 gSS9VtS7UDԌSquImyC ȇ{]6g 1*l\3tfYۭPCXxOB=>RcP0Xפ^'9t]*\]O ,$1ex}{m9` :s[kfMhfL/'mmsQ){ PV@GQ.Ap[ws,:% oq^ f8!!|AE&Ƒx:ǿd)0 <]g:٭!PD۔z䁾du% FXv HDE%^xaULkF䈧 ix#c22L#ǶaF??T! :#{A!MPcJ>*rk$b١~:" ƞy/dF(HPNJ,SDK\eiL&ʯ ⢣0uD fy@i:N>#!xKeS@Y4,shyl6g&IRT,S πiAFz0ldP2iQxdk֣aw}O dW&}`GO̯ڔDYD {G"פW&)~w_T3A|_ΰv>Vmo{Q^{~|I:cFDa~Ok+D(y<ͨU/D m-,ؗi5"'vb#noҀ  &#7a(6؁ "8$X&x(*,؂.0284X6x8:<؃>@B8DXFxHJp6p00P(pSx^(U\(^XaQ؆ 0rZx`^hH=pȇ}Xp pH"`؈0i8px(`((؈g(Xx[؋V8~NxxxhfHH`xfHhx8X#؍"pe(Ũ ؈0˘XxqobvX昏:Hن)YI!iH&*#و'yh647lXؑs3)6)hF ؆<[M%ЈM\Kۚ ّ=f ]Cz9:0vXݜ <x+Aܾ,-? ڵ-:ߺm>=-]^Pι=ކKiн=a|}%omͬ\}MdMވ͝؋X|۬>n 1ۼߝ:C=xIĽ2( KN]D-Q-T>\l3,:ʪ ͈zm7+iI@ʚ=ms]\F N$톍౎ A^*$>W~(~n,ݞN|띭'!Rm>{=6@~X؍ˎ@ڶ՜ +©̎ŽH" pWmΉN ϑ=5(m︭⯞㘻Nϔu@~_=n>ۍo\OI~亮D-kI4 `ޮ'|+Т`-+9_1);ɲ.\Mi_}/,+)b1|Ժ:M}WH|_?*ƋǍ>m隖/yw?nv* SӦ_'UȌ-Wyc{ޏ# /Sdž*˯/U f&_5@ INYR}:6qԺ".q``shP>: {N? 0 *Ԣ 78KQ0ACVk 1;"Bh"1̏(A(r4Dɯ[rdQ̚oBb)ѡ(o''2qчNLL(۠.\Ql,Ϝ <(O<LgEHb*4\Q`)DosV0U^etawTbZH6ZijsRtjlUT;-JaD#hs=3ZST^>Mw= |?WWlZ}V Wށ8a?9dG&dOF9eWfe_9fgfo9gwg:h&hF:ifi:jj:kk;l&lF;mfm߆;n离n;oox'xG>ygy矇>z駧z>{{?|'|G?}g}߇?~秿~?`8@ЀD`@6Ё`%8A VЂ`5Av(0 $"$@@(B@ @ &< BЃP@81ЁbBD"BD* 07V;TA*E,cи hшM<D3N'v3:t#S%‐Cǒ)RrDr1͑!XI@VQȣK"҉A$!p3~MDDv24m#YfRԘ8g8w~-.QMRG)Ѕ ?SCbPhyKG5XcP I.$pAI7B&3Ae$,EVke!L+6-3@Z-}0+TA8i(3ظ46e+c!63Pb@%ZZlD;ϴ"(%#)Y.+)8gdyT"#QEj 1߸MҀ$EyY $f9UG/nLmiMs=x}d _R%;̡u7[qKevmkdʒ:fiΙOΖh`m5=4yl2(@>$$%kbav~,=JчEu[m2oWߑerOg|Nh7S;us[5x q-j|3tі)r~y}[d#%Qƣ6v?>9ͩzm^<.Δ:ͫtO9oAӛX~ziF}~ܙ޷:7;s.y1v:vz$Gi'z3oUu y'Qݸ j?>ͯg}y_COϙ⛞_~@oG ZjOlyk'Ĩӿ3Y-c@#k:;{@D#[=Ż@_A2A?18C>9R83LӴփ7+)ۺKKq#B=J"@9$%\t!/8BBк/$@8A1-ϻ71ԂC l:,@@6t>k>*8,ړ맢BBH۩LӲJC0 $yK695 C#@Ck6B;I~*3N0F~:*,HBԵ#d/L;4EL*$lt9>$dEm>AD>WdU26ƛk<|GRܤbBo$@I@ GLJ%FC|ES0)):/iCoy\0CI|=w,I:s5W򥉫!lVşܙ2cJ& pJ*X9Yȧ<Z jİc8 G QT_;&k%Bh$BKCdozsCAƍ!qDǿ4\DADBry!ċGDȫ R˛K:2̉Qj0Œ~J4*Z&RIpL̏ 0͌۲dNB2̽5T-M@A#ܜ@HrMT<C#:[-+ν:NKW#ALLl&+PMDTPL̻9:$OF,DzO&-JS O 8ǤIѾf#>J# , 'M;"e3'<p*όPSZ/EC\UD*}EP[P8mQnPěBtS[m2XiVGq ˬM!L$@V]%H 'vC]ҖDЀeTA=Y#3T#Wye0(}-P|6.mS'MXdY&eMZ:0|%,yRZE"*Z#dNZژų$mIXE@Dm(8;YBK[O3S*uCGY`F&`ۼہfIdm#luB[l[T+\@QR$\[|ۇ5Eř)/Sݱ]Rr%U5b݈֕U%]kN]U\*YE:1K8%^٥ŞFpMQ$SPp]WAU_ *_z0BE_&6FVfv `‚_`C`=,EY!J{ݶ\LC ̚]¥PKX9VdŋeRJٱS1ӫIf ε+Ël LDmE#;؄j!$cݤUUM`7<6c,cqx$*3?K3^KO@. / I~G#E~hp t deLJݨv1K1h&GiR,vឭ\)3r,.⠤VUSbB";ElCc4FӰ:m&nE4ޮWmc>Lǫi T{Y0Qdv\L:BX.B=Xf\,*Eh/E\lo~, dTZ.FqjL..BDŽLklmײiMXiudR'SrRvXKaoŇk";e WUk˽r*vJQo*K޺>j-Jԋ%beFDM@(T̝b8Ϟqad$Q1n ĝї>"&n*\'\[eO#[VyNcH^y}<0/vzNfvUg=T ^R) NrVgbS%8C;_^sOUl%ORiK?TxaGuM&)-Z ˾V'zXtumO(> [HO*s&K2fWe+oVtBrIoovPz.VTOV5[ˣfs"~rfog3#mz{s->,p_%/VĔMj-u{2 婗ժOgeXI[dYJKaΨ++,@^B[F_@[`B^O% 'hhJ# Mœ ٭$ WT,)-Ei*ȳ١0ͩ`$qq`rr/H+pyh=z*\fB$R< 4җ"A(7x&#L^ `@Z E0lo&q@Р4zqG"ǒóL,KkPcTb^(KZW;Lx5MTyԔW3+~~MDYvIk5%bM-m ,͏%j\IM&\8퉊ZO^JVc":L@tn:Hc3 0 pF: Tkn08̱r̫(Kh"`A4h.+:4gyWC4 g_ШUĠ#[_}$a~<_HA]gbK{!WhWPgݍEb4rߎFj,JatɜW#{0E;\D$j t%Ywya -0\Xdz/963N>9qډ(7]Y7dYmhMlyjt*pW|#%諆nmXX!;Ԓ֧)~AhyİjaxrDh8Ydm**!81j)L##ZçWnhH,jZ[(*`)+畳{q5AO 8DEK ;,ԹA !&l*{šq O$|A ",BpO紤\hHDK9Iclء>]c1joq6mfku ν$M6yҦ"Gi'5;N"ۏK>9[~9kNy{9衋>:饋ҹ驫:뭻:(>;~;˞;;<<<;<1o[=={0?>>髿>>?????(< 2| #( R 3 r C(&!(!F<"%P2N|"()RV"-r^"(1f<#Ө5n|#(9ұv#=~# )A/;
Monday, October 29th 2012

Hackable Medical Devices

As we become more and more reliant on active, implanted biotechnology the opportunities for malicious manipulation of such rise. The hacking of medical devices isn’t a new threat. I’ve commented on it, as have publications more prominent than this blog. The issue has taken on enough of intellectual seriousness that it has prompted the creation of a multi-institutional center, the Medical Device Security Center. In 2008 that group published a method of wirelessly accessing information from some models of pacemakers and then injecting active attacks to change the performance of the pacemakers. After publication they presented the same at Defcon.

At the Black Hat Conference last year an independent researcher presented a theoretical method of wirelessly changing the serum glucose readings of an implanted diabetic pump.

An attacker could intercept wireless signals and then broadcast a stronger signal to change the blood-sugar level readout on an insulin pump so that the person wearing the pump would adjust their insulin dosage. If done repeatedly, it could kill a person. Radcliffe suggested scenarios where an attacker could be within a couple hundred feet of a victim, like being on the same airplane or on the same hospital floor, and then launch a wireless attack against the medical device. He added that with a powerful enough antenna, the malicious party could launch an attack from up to a half mile away.

The most recent, highly publicized hack devised by researchers is one concerning implantable cardiac defibrillators. At the Breakpoint conference in Australia this year,

In a video demonstration, [researcher Barnaby] Jack showed how he could remotely cause a pacemaker to suddenly deliver an 830-volt shock, which could be heard with a crisp audible pop.

[...]

In 2006, the U.S. Food and Drug Administration approved full radio-frequency based implantable devices operating in the 400MHz range, Jack said.

With that wide transmitting range, remote attacks against the software become more feasible, Jack said. Upon studying the transmitters, Jack found the devices would give up their serial number and model number after he wirelessly contacted one with a special command.

With the serial and model numbers, Jack could then reprogram the firmware of a transmitter, which would allow reprogramming of a pacemaker or ICD in a person’s body.

Any attacks on medical devices requires more than a common level of expertise but to one dedicated probably something within the ability to be self taught. There are much bigger public health issues, even within the biotechnology sphere, including the function and operating safety of such but this remains a scary prospect and one that deserves more attention. Medical device makers need to put more into the security of these devices and the FDA needs to place a focus on making sure device makers are doing such.

Share/Bookmark