Ever since the day I learned that artificial pacemakers are read and adjusted via a wireless/wifi protocol I have had concerns for device security. What's to say malicious hacker can't sit at the bus stop with a laptop running packet sniffing software, and crack the device security and disable the pacemaker implanted in a nearby commuter?

I haven't digested this paper in it's entirety yet, but the gist I got was pretty alarming. Researchers at the University of Washington and the University of Massachusetts have conducted a study, and written a paper which describes how they were able to successfully "hack" pacemakers using wi-fi technology, and in some cases adjust and disable the device. Quiet an alarming read.

I would love to hear from anybody who has an opinion, and encourage differing opinions, or technical/device knowledge that suggests otherwise to this paper.

Greg

Oy,

I forgot to tell you Greg, When I got on the plane in Adelaide last week (I was just following up on the guy with the thing that I owe you for ) I found a copy of New Scientist Magazine next to the sick bag (Empty thank Gawd) and there was a short piece on Pacemaker Hackability

Apparently it's quiet do-able............. In theory.

Anyways, most devices broadcast a sudo-SSID, so when a legit reader unit is within range it can log on. The problem is (and I can just picture Greg spraying imported beer and cheap peanuts all over his "Macbook" screen after the "Broadcasting an SSID" quote - Oh boy, am I gonna pay for that jibe ) that if a device is "permanently broadcasting", anyone sitting in Starbucks with a laptop running Ethereal (Actually, I think its Wireshark now - don't ask me how I know that, but gee you been getting some great email lately Greg ) can "theoretically" sniff a data packet and log on - again, "Theoretically" - All of this stuff seems oddly speculative and non-committal.

So, what does that mean?

Again, "in theory"

If somebody with an artificial pacemaker goes to a place where there is WIFI connectivity, another person with malicious intent "may" be able to read, adjust, or disable the device.

I know this probably isn't a great consideration for a pet with a pacemaker as they don't usually go to Starbucks (But hey Greg, we used to know that Narelle Looney girl who claims she used to take her Horse to McDonalds ), but in the interest of artificial pacemaker device info & education, this info info is relevant.

I kept it, (The mag, not the puke bag ) and will scan it to pdf and upload it just as soon as Greg comes over, wipes the dribble off my chin and shows me how to wire up that blasted new fangled whatchmacallit

Yimmy

Oh, I forget to mention the cure!

Apparently a "Magnetic Switch" is the cure for a permanently broadcasting SSID.

This kinda makes sense to me. If an electronic device is in a "Permanent Broadcast" state, the answer is a small metallic switch in a "Normally Open" state. Because this switch is normally open, a pacemaker recipient can go to Starbucks, and sit there til the cows come home and be safe from attack, because the switch is open, breaking the transmit/receive data circuit. The transmit/receive functionality is disabled, hence making it impossible to hack.
But when the recipient goes to the medical centre to have their device tweeked and adjusted, the physician places a small magnet to their chest which closes the circuit and makes the device accessible.
By placing the magnet near the switch, the open circuit is now closed, allowing the device to transmit and receive data packets.

But my question here is, what effect does a magnet have on an artificial pacemaker?

J-Dog

Hey Jim,

Great Post! (which you are gonna pay for dearly )

It amazes me that an organisation with enough smarts and technology to produce an electronic device like an artificial pacemaker can be so freaking stupid to have it in a permanent broadcast state.

But then again, (this is me back peddling from my first statement now that i have said it and had time to think about it ) I guess the twin towers should have been built to withstand an impact from a large commercial airliner? I guess its impossible to foresee these things until these inventions have been out in the wild for an extended period of time, and events like hacks and 911's occur which we can learn from.

Lets hope that articles and studies like this one bring these issue's to the manufacturers awareness, and future models can have these inefficiencies corrected.

Greg

P.S. Ethereal? That's for old farts! I been reading your email with airsnare and siphoning $50 a week out of your bank account with Cain & Able for at least 12 months now