Half a million pacemakers recalled due to hacking risk. - Sensationalist Headlines

[quote] In what may be a first, patients with heart conditions that are using particular pacemaker brands will have to visit their doctors for firmware updates to keep their embedded devices safe from tampering. It seems such an odd concept at first, but with many kinds of pacemakers now "smarter," with connections to mobile devices and diagnostic systems, the avenue has been carved for these medical devices to potentially be tampered with, should a threat actor choose. In particular, Abbott's pacemakers, formerly of St. Jude Medical, have been "recalled" by the US Food and Drug Administration (FDA) on a voluntary basis. The devices must be given a firmware update to protect them against a set of critical vulnerabilities, first reported by MedSec, which could drain pacemaker battery life, allow attackers to change programmed settings, or even change the beats and rhythm of the device. On Tuesday, the FDA issued a security advisory, warning that the pacemakers must be recalled -- and as they are embedded within the chests of their users, this requires a trip to the hospital to have the software patch applied.[/quote] [url]http://www.zdnet.com/article/fda-forces-st-jude-pacemaker-recall-to-patch-security-vulnerabilities/[/url] I wonder how long before cybersecurity is finally hammered into heads properly?

Is this where the trend of the internet of shit finally ends up directly killing someone?

[QUOTE=RaraKnight;52632771]Is this where the trend of the internet of shit finally ends up directly killing someone?[/QUOTE] That has to have already happened the internet of things* is just hilariously dumb *corrected [editline]31st August 2017[/editline] when you try connecting every stupid little thing to everything else, bad things happen

I remember when exploits like these were produced at some security conference years and years ago but the medical companies did absolutely nothing

Good to know pacemaker manufacturers are taking notes from Hacknet making their products hackable :v:

The sad thing is that people getting killed is likely required for companies to get their security together.

[QUOTE=J!NX;52632776]That has to have already happened the internet of things* is just hilariously dumb *corrected [editline]31st August 2017[/editline] when you try connecting every stupid little thing to everything else, bad things happen[/QUOTE] There's nothing wrong with IoT inherently. There's a lot of things wrong with the way it's implemented, this being a prime example.

[QUOTE=mastersrp;52632963]There's nothing wrong with IoT inherently. There's a lot of things wrong with the way it's implemented, this being a prime example.[/QUOTE] "What's an SSL?" -90% of the IoT market

I remember playing through Deus Ex and having sheer fear of people augmentations getting hacked that could result in deaths [sp]and it actually happened[/sp], and now this actually becomes a real possibility.

Are we truly living in a cyberpunk future?

This isnt IOT, these things aren't directly connected to the internet, you have to get a receiver close by. The wireless function is meant for sleep, so an alarm goes off if something is wrong. And considering that the hacks are unpractical and you need direct access, and also that updating tge firmware of the pacemaker has its own risks, I can see why some people wouldnt get this update

This reminds me too much of that one scene from Homeland.

[QUOTE=Secrios;52633194]This reminds me too much of that one scene from Homeland.[/QUOTE] Reminds me of Watch Dogs.

We are flying into the future at a much faster rate than I anticipated

[code]$ ssh root@pacemaker $ cat /dev/zero > /dev/mem[/code]

How much are you guys willing to bet the NSA/CIA had already developed something for this and will show up in the ext leak (if it shows up)?

[QUOTE=Cutthecrap;52633588]How much are you guys willing to bet the NSA/CIA had already developed something for this and will show up in the ext leak (if it shows up)?[/QUOTE] Who are the assholes of the world with pacemakers. Can we blow up Kim Jong-Un?

That requires that the target has a pacemaker, which seems a little specific, though still worrying. On the whole I'd be more worried about hacking of things like cars. What do you do when your car wants to drive off a bridge?

[QUOTE=mastersrp;52632963]There's nothing wrong with IoT inherently. There's a lot of things wrong with the way it's implemented, this being a prime example.[/QUOTE] On a purely hypothetical basis I'd agree but realistically companies just don't typically do security well and the result is often constant risks to your privacy in exchange for being able to turn the lights in your kitchen on from work. I actually find the concept of filling your home with technology fun being in automation/robotics but I've just yet to see anything interesting. There's literally fridges with twitter on them and that would be silly even if most of us didn't have much more convenient device for apps like that on us 24/7.

[QUOTE=ferrus;52633740]That requires that the target has a pacemaker, which seems a little specific, though still worrying. On the whole I'd be more worried about hacking of things like cars. What do you do when your car wants to drive off a bridge?[/QUOTE] You don't have to target someone specifically. Just write some ransomware that scans IP addresses for the vulnerability, hack into the pacemaker and send a text to the phone saying "Send me nudes of your wife or I'll fucking blow ur heart up m8"

Time to bring grandma or grandpa in for a firmware update.

[QUOTE=ferrus;52633740]That requires that the target has a pacemaker, which seems a little specific, though still worrying. On the whole I'd be more worried about hacking of things like cars. What do you do when your car wants to drive off a bridge?[/QUOTE] Of course it requires that. But that's just another tool Like proboardslol said, but on a more intelligence op scale: "Hey. Give us the files of your company or that employee or whatever or say goodbye to your/your husband's/your wife's life" And as Elspin also says, these kind of security holes are common. Extremely common. Come think about it...you can walk inside some companies wearing some hats (Specially if that's an industrial plant) and speaking the correct workplace language. That shows how lax security measures can be. so it wouldn't be crazy if tomorrow we have a lot of people being hacked or stuff being hacked.

[QUOTE=damnatus;52632842]Good to know pacemaker manufacturers are taking notes from Hacknet making their products hackable :v:[/QUOTE] The thing that a lot of companies don't seem to grasp is that anything, hardware, software, or otherwise, can be hacked. You can make it really fucking hard to do, you can encrypt the mother-loving shit out of stuff, you can put in hardware traps, but you can never 100% guarantee that someone with enough determination isn't going to find a way in, and once there, make it their play-ground. It's one of the reasons I hope to God that if/when humanoid robots become commonplace, they don't give them wireless connectivity, because that just opens up a massively vulnerable attack vector, and I've had nightmares of some android tasked with caring for a little old lady going berserk on them, just because someone realized they could. We've already seen simple appliances turned into bot-net nodes, imagine what some malicious hackers could do if those devices were ambulatory.

[QUOTE=Zezibesh;52632838]I remember when exploits like these were produced at some security conference years and years ago but the medical companies did absolutely nothing[/QUOTE] They've totally reacted before; remember Barnaby Jack? [sp]He died in a "tied himself up and shot himself in the back of the head"-tier way a week before giving a presentation on attacking pacemakers[/sp]

[QUOTE=mastersrp;52632963]There's nothing wrong with IoT inherently. There's a lot of things wrong with the way it's implemented, this being a prime example.[/QUOTE] There is nothing wrong with most things inherently. They are still bad things in reality. The more complicated devices get the more ways you can break them. Usually though IoT ends up being hackable by being too simple. I'm kind of against 'smart' tech because not everything really needs to be integrated into other tech. [editline]1st September 2017[/editline] Though there are still ways that you can implement it non-shittily of/c, by making it so certain flaws can't exist. [editline]1st September 2017[/editline] [QUOTE=da space core;52633193]This isnt IOT, these things aren't directly connected to the internet, you have to get a receiver close by. The wireless function is meant for sleep, so an alarm goes off if something is wrong. And considering that the hacks are unpractical and you need direct access, and also that updating tge firmware of the pacemaker has its own risks, I can see why some people wouldnt get this update[/QUOTE] that seems practical enough tbh Something screws up, phone tells you "yo lol get the fuck up dude" and your ass gets saved.

This really scares me because my grandma just got one of those and I don't think she could take a third heart surgery in a month or two span. :( How dangerous is this flaw in the pacemakers?

[quote]which could drain pacemaker battery life, allow attackers to change programmed settings, or even change the beats and rhythm of the device.[/quote] the lengths people will go to promote their mixtape. writing software for pacemakers and other things that could end up killing someone if you fuck up sounds like something i'd never want to do.

I will say that it does make sense to make a pacemaker "smart" more than a lightbulb. It can collect important data that doctors could use to more effectively treat patients and maybe save lives. They absolutely need to sort out their security, though.

[QUOTE=Tobba;52636173]They've totally reacted before; remember Barnaby Jack? [sp]He died in a "tied himself up and shot himself in the back of the head"-tier way a week before giving a presentation on attacking pacemakers[/sp][/QUOTE] Preeeettty sure there's a shitload of evidence pointing to him having died of a drug overdose after years of use, his brains weren't blown out. The particular cocktail of drugs he was on isn't a very surprising mix, either.

[QUOTE=Elspin;52633817]On a purely hypothetical basis I'd agree but realistically companies just don't typically do security well and the result is often constant risks to your privacy in exchange for being able to turn the lights in your kitchen on from work. I actually find the concept of filling your home with technology fun being in automation/robotics but I've just yet to see anything interesting. There's literally fridges with twitter on them and that would be silly even if most of us didn't have much more convenient device for apps like that on us 24/7.[/QUOTE] And even if a company does release a secure, useful product, how long they're willing to provide support for it is another big problem. I can't say I'm really up for buying a new fridge every 5 years.