Surveillance State Subscribe to Surveillance State
March 3, 2008 9:02 AM PST

Security researchers to unveil pacemaker, medical implant hacks

Posted by Chris Soghoian

A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.

The researchers will present their paper, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field.

The authors of the paper are listed as: Shane S. Clark, Benessa Defend, Daniel Halperin, Thomas S. Heydt-Benjamin, Will Morgan, Benjamin Ransford, Kevin Fu, Tadayoshi Kohno, William H. Maisel.

Kevin Fu, an assistant professor at the University of Massachusetts Amherst, along with two graduate students who worked on the project all gained significant attention for their past work in attacking RFID-based credit cards and RFID (radio frequency identification) transit payment tokens.

Kohno, a professor at the University of Washington, was the subject of worldwide media coverage for his work in exposing flaws in Diebold voting machines back in 2003, and then later for finding major privacy flaws in the RFID-based Nike+iPod Sport Kit.

Shocking stuff

When contacted by e-mail, Kohno told me that he and his colleagues could not currently comment on their latest project. Without the help of the authors, it is difficult to predict the contents of their research paper. However, it is possible to piece together other bits of information to try to learn more about the project.

A previous research paper published by the same team noted that over 250,000 implantable cardiac defibrillators are installed in patients each year. An increasingly large percentage of these can be remotely controlled and monitored by specialized wireless devices in the patient's home. The devices can be accessed at ranges of up to 5 meters.

By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public.

Just remember where you saw it first.

advertisement
 
Zune Pass
Discover unlimited music for the price of one CD a month
Learn more at Zune.net

 

Recent posts from Surveillance State
Hiatus
Legal liability for YouTube viewers
For Hezbollah, it's fiber warfare
U.K. turns CCTV, terrorism laws on pooping dogs
IRS Web site opens door to phishers
Add a Comment (Log in or register) 3 comments (Page 1 of 1)
by rnieves1977 March 3, 2008 10:18 AM PST
sounds something putin would do... lol I don't think RFID is safe at all... maybe for mundane stuff but for personal information or devices like this it's a nightmare waiting to happen.
Reply to this comment
by bravian March 3, 2008 12:37 PM PST
"millions of remotely implanted medical devices" Your own message contradicts this statement. "can be controlled remotely from distances up to 5 feet" Heh - this statement gives clues into who the manufacturer is. The latest systems can go much farther than 5 feet. "designed by people who know nothing about security" how do you know this? Do you even know what is involved with the design and manufacture of ICDs? I used to work for one of the big three ICD makers. I can't speak for the other two ICD makers but the system at this company was designed and implemented with the input of security experts who were permanent part of design team. I look forward to the paper but one gets tired of this blatant over-generalizations from the press.
Reply to this comment View reply
Powered by Jive Software
advertisement
Click Here

  • About Surveillance State

  • Christopher Soghoian, a graduate student in the school of Informatics at Indiana University, delves into the areas of security, privacy and e-crime. He is a member of the CNET Blog Network. His homepage is www.dubfire.net/chris and his research group is available at www.stop-phishing.com. Disclosure.

Add this feed to your online news reader
Google
Yahoo
MSN

Surveillance State topics

advertisement
Click Here.
Welcome (log out) |View profile
Log in | Sign up Why join?
On GameFAQs: Grand Theft Auto IV (PS3) cheats & more!
advertisementVery Good CNET Review - Dell XPS One
Visit other CNET Networks sites: