|Go onward! Hackers can break your heart|
My life depends on medical equipment operations: generating every beat of my heart a pacemaker. I know how it feels to have my body does not work the machine control, which is why I encourage compatriots security researchers in-depth study of these medical devices, and try to make them more secure.
Mary Moe is a security researcher SINTEF.
Four years ago, I woke up lying on the floor, but I do not know how I'll get there or how long I've been out. Shocked, I went to the emergency room of a local hospital. It turned out that I had fallen, because my heart has taken a break long enough to cause coma. Fortunately, it began beating itself, but the resulting low pulse, irregular. In order to take my pulse and I need to get my chest implanted medical device, we will monitor each heartbeat and send a small electrical signal through the electrode directly to my heart to keep it beating pause stop my heart.
Things medical network
I am a security researcher, my daily work that I get this medical implants when Norway is to protect against cyber attacks nation's critical infrastructure. When I got the pacemaker, this is an emergency procedure. I need life-sustaining equipment, so there really is no choice get implants. There are, however, time for questions. Unlike most patients and doctors my surprise, I began to ask potential security vulnerabilities and hacker software running on the pacemaker attack the possibility of life-critical equipment. Answers to these questions are not satisfactory, they are beside the point. I need a pacemaker, so I got it.
I realized that my heart is now wired to the medical network of things, it is not notice me or ask my consent carried out.
After the operation, I started looking for more information. I find technical manuals and research my pacemaker. I was surprised when I found out that it has built-in wireless communications. It has a near-field interface and configuration settings for easy adjustment of another wireless interface for remote monitoring purposes. This means that the pacemaker capable providers to connect to the server via an access point to send my device logs and patient information. I realized that my heart is now wired to the medical network of things, it is not notice me or ask my consent carried out. I was shocked. I realized immediately that this remote monitoring capability is a lot of people who need regular checks, very helpful patient, but with the connection comes vulnerability. As a security researcher I think this is an attack surface increases.
A pacemaker is implanted after under my skin, it needs to be configured. It has a sensor system needs to be fine-tuned so that it will work seamlessly with my body, heart rhythm enough to create enough oxygen in my blood. When it is working properly, the pacemaker should be recognized when I go running, for example, let my heart rhythm quickly.
Because I am better than most pacemaker patients when I was young, the default configuration settings are not right for me. It took trial and error to adjust a few months before, the doctor can get the right adjustment, which is used to adjust their settings pacemaker programming device software bug complex. The error cause actual set up my equipment from the pacemaker art is seen differently on hospital screen.
This results in greatly affected my happiness. If I try to run after the bus or climb the stairs I suddenly get out of breath. I detected a pacemaker pulse is the heart of the upper rate limit, which is incorrectly configured to 160 beats per minute outside. When I reached the heart rate, cardiac pacemakers suddenly put half my pulse, 80 beats per minute because of security mechanisms. This is a very uncomfortable feeling. Suddenly my body does not get enough oxygen. I liken it to the feeling you get as fast as you can until you reach the point of exhaustion, but it happens in an instant uphill, without any warning. Like hitting a wall.
No access code
Doing research in this field security issues in part because medical device appears as a black box. How can I trust my body when it is running on proprietary code, no transparency?
How can I trust my body when it is running on proprietary code, no transparency?
My patients advocate Karen Sandler, Jay Radcliffe, and Hugo Campos has been fighting for their rights to gain access to proprietary software, their devices to collect data obtained from a medical equipment supplier This one. A significant battle, but when access to medical equipment safety research DMCA exemption was granted in October last year. I really hope that this paves the way for more research methods.
A pacemaker is fragile
It has established a pacemaker can easily be hacked. In 2008, a group of researchers, by Archimedes Center at the University of Michigan medical device security, led by Dr. Kevin Fu, published show that it can extract sensitive personal information from a cardiac pacemaker, even by will threaten the patient's life or change the pacing article Close behavior. Fortunately, the need for such an attack close to the patient, and can not be performed remotely.
A more threatening attack by hackers Barnaby Jack, who is going to give a speech at the Black Hat conference in 2013 on the possibility of the pacemaker by remote control 15 meters away from the development of wireless communication in. Sadly, he died a few days before the meeting, and his research has not been carried out.