@ Skyye " Is hacking implanted medical device a serious issue in the States?"
So far most of the hacking has been done by engineers trying to prove that it is possible, so that the companies making the implants will be forced to provide security before it becomes a problem. Many security techniques have been proposed, which prompts engineers to by to crack those protection schemes--just to prove that they are crackable However, I don't know of any serious incidents of malicious hacking of an implant inside a person to harm that individual.
Hello everyone, please excuse me to interrupt the middle of the conversation. I am Debby, a student studying in journalism from Taiwan. I wold like to write an article about this, due to the lack of medical background, I want to ask: Is hacking implanted medical device a serious issue in the State?
By going wireless all we are trying to do is prevent another minor surgery to operate device, and easing out reprograming. Touching doesn't defeat the purpose of wireless in medical equipment. I dont think we can consider it as step back.
You make a good point. The implant industry is increasingly going wireless, so in that sense requiring touch for 12 seconds in order to establish a secure connection is a bit of a step back, although in the doctor's office it probably would not be much of an inconvenience.
Just because there is an Internet of Things doesn't mean that my medical device has to be on it. There are plenty of non-contact options that obviate this kind of attack. If you are requiring that an authorized reader be in touch contact with the patient, why one of those? WiFi, Wi-Max and Bluetooth aren't the only things out there.
Hacking a pacemaker is something that has been researched and proven to be possible. The problem is though, it is a lot of effort when a good EMP would do the job just as well. there just isn't much benefit to hacking them.
prabhakar_deosthali re: "I am just imagining a scenario where the hacker hijacks a high profile person"
The hacker would have to be touching the person with an ECG probe for 12 seconds to successfully "hijack" the random number and then negociate a secure wireless connection--which doesn't seem long, but if you count it down on a clock seems much longer. Nevertheless, I do see your point that some scenario could make that possible.
Indeed, this seems like a cool idea...but as we all know too well, most device makers won't do much about the so-called security (even though they should), until some truly traumatic and tragic accidents happen.