A near-future wireless implant ecosystem might become a target for scripts
In what amounts to a fairly shocking reminder of how quickly our technologies are advancing and how deeply our lives are being woven with networked computation, security researchers have recently reported successes in remotely compromising and controlling two different medical implant devices . Such implanted devices are becoming more and more common, implemented with wireless communications both across components and outward to monitors that allow doctors to non-invasively make changes to their settings. Until only recently, this technology was mostly confined to advanced labs but it is now moving steadily into our bodies. As these procedures become more common, researchers are now considering the security implications of wiring human anatomy directly into the web of ubiquitous computation and networked communications.
Barnaby Jack, a researcher at McAfee, was investigating how the wireless protocols between implants and their remote controllers opened up potential vulnerabilities to 3rd party attacks. Working with instrumented insulin pumps he found he could compromise any pump within a 300-foot range. “We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number”, he noted, adding that making the device empty its entire cartridge into a host’s bloodstream would cause “deep trouble”. Previously, independent security researcher Jerome Radcliff, a diabetic and insulin pump recipient himself, showed a crowd at the 2011 Black Hat Security Conference how he could wirelessly hack into his own pump to obtain its profile, then alter it in a way that would modify his prescription when sent back to the device.
In another case, computer science researcher and professor at the University of Massachusetts Amherst, Kevin Fu, found that by interrogating an implantable heart defibrillator he could capture its signal and use the identifier to remotely turn the device on & off. This would have potentially catastrophic effects for a patient relying on such a device to maintain a steady heart rhythm. Many new pacemakers include wireless components and remote authentication schemes that are open targets for potential attackers. A near-future wireless implant ecosystem might become a target for scripts looking to scour data or add more microcontrollers to their botnets.
Over the past 15 years these types of malevolent attacks have become the driver for a suite of best-practices used to design security into wireless consumer goods.
via Big Think – Chris Arkenberg