Kris, thanks for giving me the opportunity to point out one of the coolest aspects of our commenting system--you can actually go back and edit or even delete a previous post. Just click the Edit/Delete button below your post, change it as needed, then click the big Update button and you're done!
Similar to the car hacking article a few weeks ago. These devices should have some security, but it seems unlikely that anyone would go to the trouble to hack in to your pacemaker. Of course, with Obamacare, you probably won't be allowed to get one anyway.
The good doctor and her student told me that there is much concern that high-profile people could become targets of hackers because of the wide availability of wireless surveilance equipment. They are currently hawking their algorithm to makers of pacemakers, insulin pumps, defibrillators, neural implants, and drug delivery systems.
Beyond implants, since the heartbeat is being used as a random number generator, it is conceivable that the technique could be used in other forms ofr cryptography where the sender and receiver automatically generate the same secret key.
Hacking a pacemaker is something that has been researched and proven to be possible. The problem is though, it is a lot of effort when a good EMP would do the job just as well. there just isn't much benefit to hacking them.
Hello everyone, please excuse me to interrupt the middle of the conversation. I am Debby, a student studying in journalism from Taiwan. I wold like to write an article about this, due to the lack of medical background, I want to ask: Is hacking implanted medical device a serious issue in the State?
@ Skyye " Is hacking implanted medical device a serious issue in the States?"
So far most of the hacking has been done by engineers trying to prove that it is possible, so that the companies making the implants will be forced to provide security before it becomes a problem. Many security techniques have been proposed, which prompts engineers to by to crack those protection schemes--just to prove that they are crackable However, I don't know of any serious incidents of malicious hacking of an implant inside a person to harm that individual.
Indeed, this seems like a cool idea...but as we all know too well, most device makers won't do much about the so-called security (even though they should), until some truly traumatic and tragic accidents happen.
I am just imagining a scenario where the hacker hijacks a high profile person and using the same technique of touch-to-access is able to generate that key to be able to reprogram the implants in a malicious way.
It could become a tool to get some ransom out of hijacking the high profile people!
prabhakar_deosthali re: "I am just imagining a scenario where the hacker hijacks a high profile person"
The hacker would have to be touching the person with an ECG probe for 12 seconds to successfully "hijack" the random number and then negociate a secure wireless connection--which doesn't seem long, but if you count it down on a clock seems much longer. Nevertheless, I do see your point that some scenario could make that possible.
Just because there is an Internet of Things doesn't mean that my medical device has to be on it. There are plenty of non-contact options that obviate this kind of attack. If you are requiring that an authorized reader be in touch contact with the patient, why one of those? WiFi, Wi-Max and Bluetooth aren't the only things out there.
You make a good point. The implant industry is increasingly going wireless, so in that sense requiring touch for 12 seconds in order to establish a secure connection is a bit of a step back, although in the doctor's office it probably would not be much of an inconvenience.
By going wireless all we are trying to do is prevent another minor surgery to operate device, and easing out reprograming. Touching doesn't defeat the purpose of wireless in medical equipment. I dont think we can consider it as step back.