Friday, September 04, 2009

Defcon: Excuse me while I turn off your pacemaker



Defcon: Excuse me while I turn off your pacemaker


August 8, 2008 Dean Takahashi


The Defcon conference is the wild and woolly version of Black Hat for the unwashed masses of hackers. It always has its share of unusual hacks. The oddest so far is a collaborative academic effort where medical device security researchers have figured out how to turn off someone's pacemaker via remote control. They previously disclosed the paper at a conference in May. But the larger point of the vulnerability of all wirelessly-controlled medical devices remains a hot topic here at the show in Las Vegas.


Let's not have a collective heart attack, at least not yet. The people on the right side of the security fence are the ones who have figured this out so far. But this has very serious implications for the 2.6 million people who had pacemakers installed from 1990 to 2002 (the stats available from the researchers). It also presents product liability problems for the five companies that make pace makers.


Kevin Fu, an associate professor at the University of Massachusetts at Amherst and director of the Medical Device Security Center, said that his team and researchers at the University of Washington spent two years working on the challenge. Fu presented at Black Hat while Daniel Halperin, a graduate student at the University of Washington, presented today at Defcon.


Getting access to a pacemaker wasn't easy. Fu's team had to analyze and understand pacemakers for which there was no available documentation. Fu asked the medical device makers, explaining his cause fully, but didn't get any help.


William H. Maisel, a doctor at Beth Israel Deaconess Hospital and Harvard Medical School, granted Fu access for the project. Fu received an old pacemaker as the doctor installed a new one in a patient. The team had to use complicated procedures to take apart the pacemaker and reverse engineer its processes. Halperin said that the devices have a built-in test mechanism which turns out to be a bug that can be exploited by hackers. There is no cryptographic key used to secure the wireless communication between the control device and the pacemaker.


A computer acts as a control mechanism for programming the pacemaker so that it can be set to deal with a patient's particular defribrillation needs. Pacemakers administer small shocks to the heart to restore a regular heartbeat. The devices have the ability to induce a fatal shock to a heart.


Fu and Halperin said they used a cheap $1,000 system to mimic the control mechanism. It included a software radio, GNU radio software, and other electronics. They could use that to eavesdrop on private data such as the identity of the patient, the doctor, the diagnosis, and the pacemaker instructions. They figured out how to control the pacemaker with their device.


"You can induce the test mode, drain the device battery, and turn off therapies," Halperin said.


Translation: you can kill the patient. Fu said that he didn't try the attack on other brands of pacemakers because he just needed to prove the academic point. Halperin said, "This is something that academics can do now. We have to do something before the ability to mount attacks becomes easier."


The disclosure at Defcon wasn't particularly detailed, though the paper has all of the information on the hack. The crowd here is mostly male, young, with plenty of shaved heads, tattoos and long hair. The conference is a cash-only event where no pictures are allowed without consent. It draws thousands more people from a much wider net of security researchers and hackers than the more exclusive Black Hat.


Similar wireless control mechanisms are used for administering drugs to a patient or other medical devices. Clearly, the medical device companies have to start working on more secure devices. Other hackers have figured out how to induce epileptic seizures in people sensitive to light conditions. The longer I stay at the security conferences here in Las Vegas, the scarier it gets.

High Tech PILLS and capsules ,in the foot steps of the pill cam endoscopy



Philips iPill -- Like a Regular Pill, But With a Microprocessor


by
Engadget Staff (RSS feed) — Nov 12th 2008 at 8:10AM




It's been just about a year since we saw the patent for Philips' remote control "pill," and it looks like the thing is finally a reality. For those of you straining to remember that far back, the iPill (as it is now sadly known) is a miniature capsule that among its many charms contains a microprocessor, power supply, medicine reservoir and pump, and a radio so that it can remain in contact with external medical equipment. The pill's ability to accurately determine its position in the digestive tract enables it to deliver drugs precisely where they're needed, reducing dosage strength and side effects. According to Philips, the current design is a prototype, but it's suitable for serial manufacturing. Of course, this is not the first robot
pill we've seen -- and it certainly won't be the last. Just the same, we think we'll refrain from swallowing any nanotech for the time being.

Crawling robot pill

by Katie Fehrenbacher posted Oct 7th 2004 at 2:51AM


While the initial response to the idea of a leggy robot crawling around your guts is naturally one of shock and awe, but if you really think about the other surgical and endoscopic options, they're all a little offputting as well: tubes, little cameras on wires, so why the hell not a tiny-legged robot pill? The 25mm long and 10mm diameter crawling capsule was created by researchers in Italy and Korea and once the pill is swallowed the soft coating dissolves and the crazy-legged robot starts its course. The only issue might be one of control, since we're sure the patient won't be none too pleased when some rogue robot goes starts aimlessly inspecting his intestines.

[Via
Near Future]

Medical-miracles-that were –NOT!

Crawling robot pill