If you need assistance, please send an email to forum at 4hv dot org. To ensure your email is not marked as spam, please include the phrase "4hv help" in the subject line. You can also find assistance via IRC, at irc.shadowworld.net, room #hvcomm.
Support 4hv.org!
Donate:
4hv.org is hosted on a dedicated server. Unfortunately, this server costs and we rely on the help of site members to keep 4hv.org running. Please consider donating. We will place your name on the thanks list and you'll be helping to keep 4hv.org alive and free for everyone. Members whose names appear in red bold have donated recently. Green bold denotes those who have recently donated to keep the server carbon neutral.
Special Thanks To:
Aaron Holmes
Aaron Wheeler
Adam Horden
Alan Scrimgeour
Andre
Andrew Haynes
Anonymous000
asabase
Austin Weil
barney
Barry
Bert Hickman
Bill Kukowski
Blitzorn
Brandon Paradelas
Bruce Bowling
BubeeMike
Byong Park
Cesiumsponge
Chris F.
Chris Hooper
Corey Worthington
Derek Woodroffe
Dalus
Dan Strother
Daniel Davis
Daniel Uhrenholt
datasheetarchive
Dave Billington
Dave Marshall
David F.
Dennis Rogers
drelectrix
Dr. John Gudenas
Dr. Spark
E.TexasTesla
eastvoltresearch
Eirik Taylor
Erik Dyakov
Erlend^SE
Finn Hammer
Firebug24k
GalliumMan
Gary Peterson
George Slade
GhostNull
Gordon Mcknight
Graham Armitage
Grant
GreySoul
Henry H
IamSmooth
In memory of Leo Powning
Jacob Cash
James Howells
James Pawson
Jeff Greenfield
Jeff Thomas
Jesse Frost
Jim Mitchell
jlr134
Joe Mastroianni
John Forcina
John Oberg
John Willcutt
Jon Newcomb
klugesmith
Leslie Wright
Lutz Hoffman
Mads Barnkob
Martin King
Mats Karlsson
Matt Gibson
Matthew Guidry
mbd
Michael D'Angelo
Mikkel
mileswaldron
mister_rf
Neil Foster
Nick de Smith
Nick Soroka
nicklenorp
Nik
Norman Stanley
Patrick Coleman
Paul Brodie
Paul Jordan
Paul Montgomery
Ped
Peter Krogen
Peter Terren
PhilGood
Richard Feldman
Robert Bush
Royce Bailey
Scott Fusare
Scott Newman
smiffy
Stella
Steven Busic
Steve Conner
Steve Jones
Steve Ward
Sulaiman
Thomas Coyle
Thomas A. Wallace
Thomas W
Timo
Torch
Ulf Jonsson
vasil
Vaxian
vladi mazzilli
wastehl
Weston
William Kim
William N.
William Stehl
Wesley Venis
The aforementioned have contributed financially to the continuing triumph of 4hv.org. They are deserving of my most heartfelt thanks.
Registered Member #96
Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4062
Potentially serious repercussions if say, a well known pacemaker or insulin implant company had its code database unknowingly stolen by hackers exploiting a zero day flaw, then a few weeks later everyone in a major city with one of these implants drops dead or comatose because some terrorists with an axe to grind decided to pick an easy target.
Registered Member #65
Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155
The probability a nurse or doctor will kill these people though incorrect treatment is an order of magnitude more likely. Additionally, sedentary overweight people will almost always develop diabetes and other more serious health problems later in life.
This kind of sensationalist news does not offer any constructive insights, but does raise the anxiety level of naive consumers.
The anti-virus placebo-protection/snooping racket must be getting less profitable for the company. Someone will likely root their anti-virus signing-key system for upsetting their grandma...
I can picture that happening one day. Instead of nuking a populous city, a plane flies over a city emmitting multiple frequencies. This would happen during the night, so fewer people would see it. They would disguise it as a normal airline, flying over the city each day. Pretty soon, people with the implants will be dropping dead. Or one could sneak a transmitter into a hotel or casino... god that's pretty scary.
Registered Member #96
Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4062
I think the main point of the article was that security on these devices is based on obscurity i.e. using low power and propriety codes. If you happen to know those codes then the security becomes useless. As they can't be changed due to the device being implanted and hard coded, there is a possibility that someone could:- 1) DDoS the implants when something needed to be changed. 2) Induce the implant to do something bad like drop its cartridge into the bloodstream. 3) Reprogram the implant to cause a boundary condition if a particular series of events is seen.
3) is the worst case scenario as it is not obvious anything is wrong until the logic bomb goes off. Such as a trigger date and time.
The really nasty scenario is hacking someone's laptop speaker using software to emit the low frequency interference signal via wave interference. Possibly a combination of modulating the HDD seek coil and speakers at a particular frequency that duplicates the code.
Registered Member #65
Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155
1. DDoS doesn't work on most "real" RTOS as guaranteed latency schedulers can't be stack smashed without tripping a WDT recovery mode. Usually, a known "safe state" is set by a ROM program, and it ignores such faulty signals to avoid comm collisions as this is part of FCC compliance.
2. The amount of auditing a piece of medical equipment must endure to pass the right ISO standards is ludicrously extensive. Every aspect of the devices component history is placed under scrutiny, and even the company structure undergoes audits.
3. Assuming the person who built the device knows less about it than some malicious individual.
4. Self-auditing backplane monitoring supervisory safety subsystems are not in most consumer equipment, but they have been around for decades.
Registered Member #30
Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706
I must admit that I hadn't read the original article properly when I replied. Having read it, I'm not worried about this attack being used in the wild. I'm worried at the depths that security researchers will sink to to get publicity.
It is an interesting point though. There are EMC standards for medical implants that protect them against accidental interference, but there aren't any security standards dealing with deliberate interference. Maybe the implants need sanity check routines along the lines of Asimov's laws of robotics. Or maybe they just need to use a near-field radio link with a really short range.
Registered Member #96
Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4062
Interesting indeed. One wonders if they do an EMC test based on "patterned random noise" like say 3 mobile phones at once. Say one downloading over 3G, one phone call and the third doing something else like using Bluetooth.
Also another useful test, "How can I break it"... otherwise known as the "throw random spanners at it until something bad happens" test. Such as a badly adjusted inventory control system operating on the wrong frequency with a loose connection.
Another interesting point, these things are usually shielded but there is always some leakage. So you could hypothetically detect which pacemaker etc someone has by the clock signals, and determine that they have a given heart condition. Or you could track an individual using their unique paced heartbeat signal thanks to the RF signals emitted.
This article has implications for anyone doing (gasp!) homemade medical implants. There are real life "bio-hackers" who build into themselves RFID chips and magnets, the next logical step is for someone to do a cardiac and SpO2 monitor that stores the data internally and charges wirelessly. Or an implanted EEG for higher stability, such things are feasible.
What you don't want is for people to be building these things with an off the shelf micro, implanting them and then finding a year later that some nasty hackers have found a security hole in the microcode or device itself and can now track them or otherwise interfere with the implant. Say by making it drain the battery and stop working.
Registered Member #65
Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155
Again, most devices aren't even capable of generating an RF communication link.
People have died from cellphone batteries, joint replacement implants, and even infections from shaving. One simply can't help people who give themselves Nickel poisoning and risk unknown Neodymium toxicity with implanted magnets.
Registered Member #30
Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706
I don't have any experience of medical EMC, just the ordinary commercial and industrial sort. The immunity tests are done with a swept carrier, 80% AM modulated with a 1kHz tone.
The space of possible "random spanners" is so huge that it would take a lifetime of EMC testing to explore, so it's not really a productive way to think about the problem. It should be split into two independent problems:
Ordinary EMC testing to make sure that the receiver still works in the presence of interfering signals.
Algorithm design to make sure that the link degrades gracefully when the receiver is jammed for whatever reason. Error correction, encryption, fail-safe settings and so on.
The medical equipment designers will have done this already (I hope!) and so the attack mentioned in this thread would have to be very specifically targeted at the protocol level. It's a case of impersonating the genuine transmitter, using the same frequency and coding scheme, which is not at all the sort of thing that EMC testing addresses.
This site is powered by e107, which is released under the GNU GPL License. All work on this site, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 2.5 License. By submitting any information to this site, you agree that anything submitted will be so licensed. Please read our Disclaimer and Policies page for information on your rights and responsibilities regarding this site.
Medical implant hacks "could kill hundreds"
