A Microsoft researcher has suggested tattooing passwords on patients with pacemakers and other implanted medical devices to ensure the remotely-controlled gadgets can be accessed during emergencies. The proposal, by Stuart Schechter of Microsoft Research, is the latest to grapple with the security of implanted medical devices …
I do hope that it does not give the Identity Card mob any ideas.
C'Mon Now MS!
Let's see it for what it is. MS /really/ wants to implant <CTL><ALT><DEL> keys on everyone's forehead so they can be rebooted.
C'Mon Now MS!
Left nipple = <CTRL>
Right ripple = <ALT>
Belly button = <DEL>
Oh! Oh! Oh!
Let me be the first to beat the wacko's about how this is the "mark of the beast" ("number of the beast") from the Book of Revelation 13:17-18.
Of course, I am still waiting for all that Microsoft software in medical devices to start making "General Protection Fault" as a leading cause of death.
We just need you to change your tat every 90 days. That said, wouldn't it be easier if "the mark of the beast®" was a bar code that gets scanned by a UV scanner to prevent human error?
I'm sure they'd really want to run some edition or series of what-have-you of windows on your pacemaker too.
So you too can share the experience and die from a bluescreen of death.
Blue face of death
It's obvious that the password must be tattooed somewhere else, because as we all know, changing important passwords is a pain in the ...
what if the patient has been in a fire? the password would not be readable. rfid as bad as it is would be the only option. surely by now we can make a rfid chip that can only be read within less than a inch or two that can't be intercepted.
In other news
if you can't remember your password, write it down on a post-it note and stick it to your monitor.
Was my first thought when reading this.
> In 2008, researchers demonstrated that heart monitors were susceptible to wireless hacks that caused pacemakers to shut off or leak personal information.
Are there any documented instances of someone actually doing this?
Hacking someone's WiFi is one thing, but killing someone by disabling their pacemaker is another thing entirely.
how about we...
Tattoo security, compatibility, interoperability and web standards on steve ballmer's ass... on second thought, his forehead, i wouldn't want to have to look at his ass to see the standards! and his forehead is a platform better suited for the job, god only knows he's got the real estate for it!
If there going to put the password on the person why not add a barcode/machine readable version of it as well? In addition to the UV light on the interface also have a camera to read the info, the doctor/nurse would then confirm it against the human readable info and be ready to go. Faster, more reliable.
Tux, well, why not?
Just tattoo NUMPTY on this one.
"and/or be replicated in full on the base of the patient's *leftmost* foot - at the arch."
I thought the same
but then thought if you had lost your left foot, then the right foot is the left-most. If you have lost both feet then you are SOL ;-)
If that is the case, maybe you need to carry your foot in your leftmost jacket pocket.
It'd need to be encrypted...
...else you'd be able kidnap someone, read their foot and then use their internal gadgetry in a scene that'd make Criminal Minds write a new episode.
On " the patient's leftmost foot "?
So, unless they've had their left foot amputated, that would be their left foot then?
Let me be the first to say...
...that Schechter should take an aspirin and lie down until this bout of idiocy blows over.
"...on the patients *LEFTMOST* foot"
Are we only talking about doing this to people who can't dance?
I'm always a little leery of folks trumpeting medical ideas when they aren't capable of identifying the most basic physiological details.
General Specifications Are Good
By specifying the 'leftmost' foot, this ensures that people with any number of feet can be dealt with under standard procedures and leads to simpler development of procedures and processes.
Otherwise, people with one foot, or three, four, etc feet would have to be dealt with as an exception. In an emergency, you don't want physicians and para-medics having to make up new procedures on the fly because that would be prone to error.
However (as some of you will have noticed), this does not deal with the case where a patient has no feet. In order to deal with this case, the definition of the word 'foot/feet' must be clarified or replaced and agreed by all. I would suggest "The leftmost lower extremity of the body".
And if you need to have something like a pacemaker but dont want the tattoo or have issues about having tattoos??
What you dont get the life saving treatment?
Typical stupid ideas punted by stupid people who have no idea of thee real world & therefore should really keep their big damned mouths shut!
Why not make all the devices have the same password, but have the device have to have the password encrypted based on something like the patient's retina. Thus, the patient wouldn't have to have anything tattooed onto them, yet the information would be readily available to medical professionals, but not to casual observers.
Retina? You're kidding, right?
If a retina scanner can't reliably recognise a person the day after a 'wet evening' out with his buds, what's the chance it can read it correctly on a person in a coma?
(A lot of medical conditions will affect the eyes)
I was under the impression
... that biometrics can really only be used to verify authentication not to provide reliable salts etc for encryption due to the squishy nature of our various bits.
e.g. retinas can change quite markedly in cases of hypertension (or so I'm told anyway) and a small peice of damage to fingertips changes (albeit temporarily) the fingerprint. Neither of these would yeild a reliable source of encryption fodder.
But in theory, yes - that'd be a much more sensible way of doing it provided there were mutliple encryption forms.
You know what to do.
The modern world....
I find it highly amusing that in this modern technological society, the most reliable and persistant way of communicating information is still considered:
WRITING IT DOWN!
You just coulden't make this **** up!
and could also lead to some amusing coroner's `cause of death` reports:
Patient died due to heart attack & a knot in his shoelace.
What about having the password unencrypted on an RFID chip which is attached to the implanted medical device? You put an RFID reader in all compatible control devices so they can read the RFID chip and robert's your mother's brother.
Did you even read the article?
Cos if you did, the whole point is that RFID is hackable and/or snoopable, therefore not suitable for truly private information, particularly if it can be used as an off-button for your heart.
For pity's sake.....
Wasn't this problem solved decades ago? I seem to recall people with specific medical conditions wearing a bracelet with the required info on it.
I think some people are starting to over complecate things, my suggestion would be have the password in the medical notes!!
Look, if that password is required it is required NOW, also the patient is highly likley to be unconscious.
If you are lucky enough to be unlucky enough to be taken that ill in your home town then maybe, just maybe the A & E department might have some info on you with which they could track down your doctor to get access to your medical notes and access the password.
What happens if you get taken ill in another part of the country? it could take a long time to get hold of your records, even worse if you were taken ill in another country all together!
I know everyone is knocking this because it's Micro$haft so it must be a Fail / joke / insecure / money making scheme etc and we know they will screw it up.
People have mentioned Medicalert bracelets and that's a good idea but not everyone (who should) wears them, they could also be lost / stolen.
The idea is sound, everyone here hates it because it's Micro$oft, and I’m guessing if it was a Google idea then people would be queuing up asking where they could get their tattoo!
Tattoo: Great Idea!
I don't currently have a pacemaker, but it might be worth it to get a tattoo of my router's WEP key just for convenience. It would be cool thing, in a geeky way, to show off at the beach! If they increase the key length down the road, I can just add extra hex digits at the end.
The wording is anatomically ambiguous. If they're thinking of the top of the foot, it might work. But it sounds like they're talking about the sole. Not only would this hurt like hell, it would also wear off and have to be repeated regularly.
Have they considered miscreants...
...who simply pose as doctors or, even worse, really ARE doctors? AFAIK, such people would be capable of defeating every security technique that could be conceived for such a scenario.
While some pumps can be controlled by RF, you will always need physical access. You need to frequently refill an insulin pump with insulin solution. But, if you know any different, please say.
I'm surprised at The Register
Tut tut nobody's so far mentioned the big disadvantage that the hospitals are going to be full on the second Tuesday of every month... with all these patients having their security updates downloaded...
Ain't gonna happen.
"In 2008, researchers demonstrated that heart monitors were susceptible to wireless hacks that caused pacemakers to shut off or leak personal information"
I seriously doubt this would happen in Real Life - going on malware trends, it is no longer trendy to destroy anything with malware, it's much more likely they want money. So unless that "personal information" is going to lead to the user's wallets, it ain't gonna happen.
Making malware pay
"That's a nice pacemaker you have there. It'd be a shame if anything happened to it. We've got your password nice and safe here, but it's gonna cost ya £2000 for "safekeeping". Capiche?"
Here's an idea
Instead of asking people to tattoo their password onto their body, why don't the spend their time developing a half decent OS?
The one they've foisted on us is frankly a load of guff. The only reason it's still going seems to be that brain-dead managers continue to buy it because "it's what we've always used". The masses then get it at home because "it's what I have at work".
Frankly, if I was continually rodgered at work by a man using a spiky stick, I wouldn't want to upgrade to "spiky stick 2.0". I'd want it to stop! I certainly wouldn't invite him home with me!
Why stop there?
Tattoo your all your pin numbers and passwords on the bottom of you foot.
0wnz j00!! H4xx0r3d j00r h34rt, b1tch!!!
(p.s. do hackers still talk l33t?)
What is truely sad ...
What is sad about all this is nobody posting has bothered to note WHY we need
such measures. Take note of the state of humanity that you have people out there
SO FUKIN sick as to mess with a person using a life giving device.
So sick as to get their pathetic jollies off by doing so.
I see lots of silly boy outrage directed at those trying to prevent said abuse but where
is the silly boy outrage directed at the total ass-wipes that DO SUCH ACTS?
Course this begs the question is there a documented case of such happening?
THAT would be interesting.
To all you silly boys, sorry but I find your outrage just a bunch of Nancy activity.
Go fark yourselves.
Yours truly, an enraged Texan.
Re: Enraged Texan
I agree with you. As the vast majority of attacks are automated, the computer itself is not getting its jollies off of targeting a life saving device. All the scripts do is see a new address, attempt to break in, and then run through some pre-ordained movements that might get money information from a normal computer, but also might shut down an implant.
The victim just has the unfortunate luck to get too close to a wifi hotspot and boom... what happens anyway? Does this just make the device a carrier of the virus? Does the patient need to get their heart de-wormed?!
The sad issue here are people this apathetic, to create these fire and forget these systems, hoping that enough is stolen to get them the latest LCD TV or designer shoes for themselves.
Put it on the medicAlert tag a pacemaker wearer will already be wearing if they have an implanted device. Idiots.
Nice security idea from the 'security' capital of the world... REDMOND?
Tattoo on the bottom of the foot, the password to control your heart pacemaker...
That means you can no longer go to the beach, trust anyone in bed, enjoy an afternoon in the sun by the pool...
And if people are really out to get you, they would know how, by just taking your socks off...
Then, if you didn't have Atrial Fibrillation before, you will until they get what they want
That is even more fun than having software written in Active X!!
And you thought Microsoft knew nothing about security...
If you did think they did... this proves you wrong.
Did you miss the bit about it being tattooed using UV ink? You need the UV light for it to be visible.
If someone is out to get you they can just kill you in a multitude of 'standard' ways. Also a lot of people with pacemakers are unlikely to die immediately if they are turned off so forcing someone to give up the password then turning the pacemaker off is a pretty rubbish way of targetting a specific individual.
This system is designed to stop someone using it to turn the pacemakers off of everyone they pass walking down the street.
Wind Farmer (see above) had it right. "Leftmost" is short-hand for "on the left foot by preference, but if the left foot is missing, then on the right foot."
Every job has its own jargon to allow for shortcuts in conversation (I remember a rather funny skit about two hi-fi repairman doing their job without using hi-fi-specific jargon like "woofer", "amp", etc). This is just one example of it.