back to article Boffins fight pacemaker hacks with ultrasound security

Researchers are looking to ultrasound waves as a way to prevent attacks on radio-controlled pacemakers. The plan - floated by doctors from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control - uses ultrasound waves to determine the precise distance …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    How about using proper security instead

    Public keys? Cryptography? Or anything that actually has been proven to work?

    For f*** sake we are talking people's lives here and they decide to use an ugly hack as a subsitute for security.

  2. Mike Shepherd
    Thumb Down

    Rocket science?

    It's the same problem faced by battery powered gas meters, which must resist fraudulent communication (intended either to alter the stored measurements or to stop measurement by provoking unnecessary communication and hence flattening the battery).

    The solution isn't rocket science and it doesn't need ultrasound or the combined intellect of the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control, unless their staff are especially incompetent.

  3. Anonymous Coward
    FAIL

    point your yagi at the patient drop-off

    And make the doctors work harder.

  4. Al 4
    Grenade

    Read the details

    From the Medical Device Link web site, "Devices more than 10 meters away would have to complete a series of authentication procedures. Other than in emergency situations (in which any device in close proximity would be granted access), devices trying to access personal data or give commands would basically have to be in the same room with the implantable device user."

    10 meters, I'd have issues with authentication farther than 10 mm. 10 meters puts the attacker still two rooms away with full access.

  5. Frozen Ghost
    FAIL

    Power drain?

    "They found the devices were susceptible to ... remote attacks that drained the batteries"

    So with their new solution whenever the device receives a correct rf signal, a microphone has to be used to determine the distance away the reader is - how does this help as it will still drain the battery with constant rf requests?

    Whenever obscurity is used for security rather than good cryptography it almost always fails

  6. Gumby 1
    FAIL

    tune to ....

    104.death FM.... are these bunch of boffins just learning about encryption?

  7. ForthIsNotDead
    Flame

    What?

    WTF is this about? Why all this 'research'?

    I mean, yeah, a trip down to any international airport will reveal legions of would be murderers with laptops packing 'anti-pacemaker' software, won't it? I mean, they're everywhere, aren't they, the murderous bastards. You can usually spot them, since they have a 12 foot antenna poking out of their rucksack.

    Why, I was only walking to the shop the other day to get some varruca powder, when a backwards cap wearing gap toothed yoof jumped out from from behind a lamp post.

    I tell you. He was fuckin' packin' serious heat man. He had an iPhone fully deathed-up with "I pwn u bitch (V1.1)". That wasn't the bad part though. He also had 'UR ASS IZ GRASS V2.0" - fully service packed.

    I nearly shit myself.

    Then I remembered - I don't have a pacemaker. So I told him to fuck off.

    His face. The poor lad.

  8. Pablo
    Dead Vulture

    Somewhat misleading summary

    If you read the linked article, it's still a little confusing, but it's clear that proximity would be an additional safeguard, not the only form of authentication. Except if the device detects the patient is in trouble, then it would grant access to anyone *really* close (about 3 cm, it says). That sounds alot better than the impression I first got from reading this article.

  9. ph3d
    Pint

    ForthIsNotDead

    LOL fuckin genious.

  10. Antidisestablishmentarianist

    @Read the details

    "10 meters, I'd have issues with authentication farther than 10 mm. 10 meters puts the attacker still two rooms away with full access."

    10mm? They have to stick a probe pretty far up your arse to get within 10mm of the device.......

  11. Falanx
    Heart

    Anatomy 101

    Or they could, you know, just REST IT ON YOUR DAMNED RIBCAGE

  12. Simon Harris Silver badge

    @Antidisestablishmentarianist

    "10mm? They have to stick a probe pretty far up your arse to get within 10mm of the device......."

    Now that would be a peculiar way to get there - and even if you were to go all the way up and come out of the other end, you'd probably never get within 10mm. Normally pacemakers are implanted just under the skin below the left collar bone. 10mm sounds about in the right ball-park for a transmitter placed on the skin just above the pacemaker.

    Interesting paper here: http://www.secure-medicine.org/icd-study/icd-study.pdf

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019