Photo: Flickr/[email protected]
A highly contagious software virus is proving very effective at targeting a very important piece of electronics: The Pacemaker.Pacemaker’s keep poorly functioning human hearts on beat, by discharging small amounts of electricity into the cardiac muscle at specific times.
The malware spreads like a disease to every pacemaker in range of the originally infected unit, effectively daisy chaining a deadly voltage of electricity.
This is just one of a couple revelations that came out of a recent BreakPoint security conference in Melbourne.
Barnaby Jack, IOActive researcher, diagrammed just how easy it was to hack into a pacemaker from 30 feet away, just by using the ID number of the unit. Jack said it was up to the designers to put in fail safes against such compromises, and that they should be liable for allowing such a weakness.
Gregory Ferenstein of TechCrunch reports that Jack said, “”The worst case scenario that I can think of, which is 100 per cent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD [implantable cardioverter-defibrillators] and then each would subsequently infect all others in range.”
And it’s not just pacemakers where manufacturers fail to produce hacker fail safes, it almost all medical equipment.
MIT’s Technology Review that “A meeting of government officials reveals that medical equipment is becoming riddled with malware,” and that the trend is steadily growing. The Tech Review goes further, calling out manufacturer’s for their dangerous concerns over adherence to regulatory agencies — “The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features … because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration”
“I find this mind-boggling,” said Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst. “Conventional malware is rampant in hospitals because of medical devices using un patched operating systems. There’s little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches,” concluded Fu at a medical device panel that Tech Review covered.
Jack said these attacks, especially on but not limited to the Pacemakers, could be used in targeted assassination plots on U.S. officials — currently former vice president Dick Cheney has a pacemaker.
That being said, yet again the idea of a future national security tied to a honed offensive and defensive cyber prowess is becoming more of a reality.
Business Insider Emails & Alerts
Site highlights each day to your inbox.