Monday, July 18, 2011

Hacking into your body

Hackers have been breaking into everything from banks to clothing stores to the Sony Playstation.

But the next big hack attack could be on you -- a cyber-attack on your body.

You've probably never even considered this -- I know I never had. But devices like wireless insulin pumps are usually protected by little more than a pin code -- and researchers recently demonstrated just how easily they can be cracked.

------------------------------
Breaking and entering
------------------------------

Using only an instruction manual, some info from the Internet, and off-the-shelf hardware, the researchers were able to break into a wireless insulin pump and gain access to medical information such as insulin doses and glucose readings.

OK, you're thinking, not that big a deal. What can someone possibly do with my glucose numbers?

If it ended there, you'd be right... but the researchers were also able to take control of the device and change the insulin dosages at will.

And if you think that's bad, consider all the other wireless devices now on the market -- like implantable defibrillators and pacemakers worn by heart patients.

-----------------------------
Wireless shock threat
-----------------------------

Several years ago, researchers carried out a similar experiment and broke into an implantable cardioverter defibrillator, or ICD, like the one worn by former vice president Dick Cheney.

ICDs track a patient's heart rhythms and deliver small jolts of electricity when needed to help prevent a heart attack.

The researchers were able to take control of one and reprogram it, giving it the ability to deliver enough electricity to kill a patient.

As of right now, there's at least one built-in safeguard: the devices have limited range, so they'll only accept signals from someone in the same room.

That means we're not at a point – yet – where a hacker can take control of your device from the Internet and kill you with a few strokes of the keyboard.

But as these devices get more sophisticated and add more features – the FCC has already moved them onto a frequency capable of receiving signals over longer distances -- they will also become more tempting targets for would-be hackers.

Imagine someone threatening to cause a heart attack, send your insulin levels soaring, or even kill you unless you made an immediate payment.

Can that day really be far behind?

-------------------------------------
Tomorrow's security, today
-------------------------------------

The researchers behind the new study say the first step in making these devices more secure is giving them the same rolling security codes used by garage door openers and car ignition systems instead of pin codes.

But while that's a step in the right direction, even that won't be good enough in the long run.

A better option is one proposed by researchers at MIT. It's actually a jammer, small enough to be worn on the wrist or on a necklace, and it prevents any unauthorized signals from even operating on the same frequency as the device.

The researchers call it a shield, and say it could act as an intermediary -- receiving, decoding, and relaying instructions from authorized devices…. and blocking everything else.

Unlike code-based systems, the shield can be removed -- so if a patient suffers a heart attack, for example, ER docs won't have to waste time trying to get the security code from the patient's doctor before they can gain access to the device.

Of course, that's a glimpse into tomorrow.

The real problem is today – and if you have an implantable wireless medical device, ask your own doctor about the best ways to keep yourself safe and secure.

On a mission for your health,
Ed Martin
Editor, House Calls

No comments:

Post a Comment