Breaking News
Blog

Are Implants a Hacker's Playground?

NO RATINGS
View Comments: Threaded | Newest First | Oldest First
eewiz
User Rank
CEO
Its just a matter of time
eewiz   8/21/2013 11:16:25 AM
NO RATINGS
Its just a matter of time, that somebody hack into any connected/progammable implants. Several cheap softwar tools available today can easily crack 128/256 bit AES encryption.   

http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-capable-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/

The impact of security on battery life is obvious. Add more encryption-> burn more power. Several people are working on ultra low power/ sub threshold encryption hardware to mitigate this.

 

BTW the bio of the Author is interesting :) 

Medical doctor + EE degree -> now working as a product marketer 

 

Jose Fernandez
User Rank
Blogger
Re: Its just a matter of time
Jose Fernandez   8/22/2013 1:47:18 AM
NO RATINGS
Hi eewiz,

Your are completely right, it is just a matter of time! Thanks for sharing the link, it is impressive how they can get the encryption keys even through hibernation files in computers that are turned off!

For us at Freescale Semiconductor, security through hardware and software is key to enable this new generation of future markets, if we, as an industry fail to provide a safe ecosystem for wearables, attachables, implantables and general medical devices, this interesting market might not grow to the expectations of everyone.

 

kfield
User Rank
Blogger
Re: Its just a matter of time
kfield   8/22/2013 1:36:16 PM
NO RATINGS
Does the medical industry have the means today to test all devices to make sure that they are not vulnerable to security threats? Who is responsible for this? I wonder what the legal situation would be if a device were hacked and a patient was injured.

Caleb Kraft
User Rank
Blogger
Re: Its just a matter of time
Caleb Kraft   8/23/2013 10:00:45 AM
NO RATINGS
What you may be seeing here is the birth of a new industry, just like computer security. We may be seeing contracters in the medical field specializing in implant security before too long. Kind of makes "penetration testing" seem like a very apt term.  

junko.yoshida
User Rank
Blogger
hacking implants
junko.yoshida   8/21/2013 5:56:30 PM
NO RATINGS
You wrote in you blog:

The balance between privacy and security is critical, but the question remains of how much security is enough?


This is fascinating. The very question you posed here seems to be a running theme today for every electronic product (including cars) we deal with. I very much look forward to your next blog!

rick merritt
User Rank
Blogger
Welcome to our newest blogger
rick merritt   8/21/2013 9:55:09 PM
NO RATINGS
I look forward to hearing more about what exactly you do --and think --as an MD and EE.


Also, I heard there were session planned at Black Hat on hacking a pacemaker.

Jose Fernandez
User Rank
Blogger
Re: Welcome to our newest blogger
Jose Fernandez   8/22/2013 1:52:46 AM
NO RATINGS
Hi Rick,

You are right! there was a session at Black Hat about that, it was quite controversial. I am glad it is raising awareness to all of us who are in the business. I can tell you as a practising medical doctor, we are always excited when technology brings us alternatives to cure, treat or prevent a disease in one of our patients.

However, we have seen also cases of really promising technologies/devices that were withdrawn from the market, even after FDA market approval because all the potential risks were not fully identified.

 

Charles.Desassure
User Rank
Manager
Working together...
Charles.Desassure   8/21/2013 11:56:20 PM
NO RATINGS
Thanks for your interesting article.  There are many medical devices that need to be revisited over the next few years and have preventive protection as it pertains to data security or security in general.  Remember, technology is everywhere.  Technology is used with printers? Watches? The list goes on and on.  So engineers and medical professionals need to work together and come up with  medical designs to address security.

Olaf Barheine
User Rank
Rookie
Security first!
Olaf Barheine   8/22/2013 3:24:04 AM
NO RATINGS
If I remember it correctly, in the case of the insulin pump there was a wireless connection with no encryption at all. That's not acceptable! I hope that the discussion will improve the security awareness of the manufacturers. And does an insulin pump really need a wireless connection instead of USB for instance? Of course, it is more comfortable for the users. But I think: security first!

Jose Fernandez
User Rank
Blogger
Re: Security first!
Jose Fernandez   8/22/2013 10:21:26 PM
NO RATINGS
Hi Olaf,

You are right, that is totally unacceptable! usually insulin pumps do need some kind of wireless protocol, mostly to communicate with the control unit. Right now the user needs to input some data through the control unit in order to control de amount of insulin that is released, or in order to avoid a recurrent dosis administration, when for example skipping a meal.

Some efforst are being done to actually communicate to continuous glucose monitors, so that the articificial pancreas will be built!, wireless will be needed.

 

prabhakar_deosthali
User Rank
CEO
Re:
prabhakar_deosthali   8/22/2013 7:07:19 AM
NO RATINGS
It is good to see the a doctor becoming a technologist and addressing the design issues related to medical devices.  More and more such collaborative effort is required as newer and newer medical appliances and health monitoring devices get developed.

I think to address the security issues of such devices the third party - a security expert -has to get involved in the design of such devices . Also ethical hackers can become part of the design team to asses the possible security threats and eliminate them at the design stage.

Luis Sanchez
User Rank
Rookie
yes it's a matter of time... and it depends on who?
Luis Sanchez   8/22/2013 11:51:06 AM
NO RATINGS
I think it's true that it is a matter of time for a system to be cracked open, so, a good countermeasure is for a system to be changing every periodic or random amount of time. That is. the encryption keys or also the algorithm itself to encode the encryption keys. This could be changed every now and then and so this provides another level of security right?  

 

And... let's reconsider everything here. If we're concerned with security... against which kind of attack are we concerned? Someone trying to kill someone who depends on a body embedded insulin pump? This would be a medical treatment and any medical treatment is optional, the user can opt to use it or not. The user has to understand the risks. 

Also, some regulations could rule out the use of these kind of devices for certain kind of people. Like us "Joes" very probably we can say we don't have enemies. But perhaps a known politician could and so as a security level, these kind of embedded medical wireless devices could be ruled out for them.

Thus, this makes us think that security can be addressed not only with technological developments but also with regulations, and that's where FDA and DHS comes in to place.  

krisi
User Rank
CEO
concerns?
krisi   8/23/2013 1:25:45 PM
NO RATINGS
The security concerns for hacking into bio-implants are real...but we need to put that into perspective, nobody has died yet...25,000 people die in car accidents in US alone, similar number die in US in hospitals due to wrong diagnosis or wrong medication...I won't mention wars or large natural disasters

Etmax
User Rank
Rookie
Hacking medical implants
Etmax   8/26/2013 11:53:27 PM
NO RATINGS
As far as I'm concerned, internet connected configuration of implants is probably a rediculous idea. what you need is remote monitoring, but to tinker with setting afar I think not. Have a small hall sensor that can be enabled by a magnet to enable setup functions and have the actual setup via a 10 or 20kHz carrier system that only works from cm's away and you address 99,99% of the issues. Then for someone to kill you they have to be within a knife's distance anyway so it becomes a moot point. Internet reconfigurable impalnts is even more crazy that enabling the reprogramming of a car from a distance

Flash Poll
Radio
LATEST ARCHIVED BROADCAST
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Top Comments of the Week