You couldn't make it up
Dick Chaney [sic] was fitted with a new defibrillator by Dr. Jonathan Reiner
His cold Nazi heart maintained by German Doktors? Ach ja!
A defibrillator fitted to US vice president Dick Cheney had its wireless functions removed in the factory, in order to ensure hackers – or terrorists – could not kill him by attacking the device. Defibrillators and their close cousins the pacemaker have been fingered as a security risk before. Last year we reported that radio …
"I'm fairly certain that, if "terrorists" had really wanted to kill Cheney, they'd have done it the old-fashioned (and much easier) way"
If terrorists had wanted to seriously damage the USA they would have needed to kill everyone in the chain of command above Cheney and leave him alive.
The design of the ICDs is pretty simple. They use VERY old technology (the one I worked on used CMOS 6502's, and that was 10 years ago), so they really aren't that sophisticated. The price they charge for them (I recall it was around $20k or so) usually includes a laptop for the doctor to communicate with, "thrown in". My understanding was that the communications between the laptop and the implanted device was done by an induction coil, necessitating a VERY close contact (less than an inch).
While it makes for a great story, reality is a bit more far fetched.
The use of "old" technology (around 25 years old) is because they are "medically cleared" and well characterized. They also need to have VERY LOW power requirements which limits their complexity as well. Over half of what is implanted is the battery, and it must last over 3 years!
That would be the "normal" range when using the carefully-designed and highly regulated transducer.
If one didn't care about targeting a specific unit, or EMC and other pesky regulations limiting the broadcast power and bandwidth, one could greatly increase the range.
That's always been the problem with NFC - while the proper transceivers are very short-range because they were carefully designed to be, the ones an attacker could use have several orders of magnitude greater range because (by definition) a black hat is not working to the design brief of "short range and comply with regulations!"
Wasn't that the processor used in the PSION Organiser II? I can't check anymore, I sent mine off to the Computer Museum in Swindon.
I can understand the need for a wireless control function, that's probably better than walking around with a 3.5mm jack or a zip in your chest. However, the absence of even the most basic authentication strikes me as problematic - all you need is a guy who's into DIY and you have a problem.
"A defibrillator fitted to US vice president Dick Cheney had its wireless functions removed in the factory, in order to ensure hackers – or terrorists – could not kill him by attacking the device."
Erm... so instead of either removing the function from the spec sheet of ALL their devices, or disabling and/or properly securing the function for ALL their customers, they just secure the high-profile one. After all, who gives a damn if any of their other customers' hearts are stopped by hackers, as long as Darth Chenious is safe?
Grasshopper, your risk analysis is incomplete.
The danger to any given recipient is (Risk of Compromise) x (risk of evil intent against him) + (risk of requiring adjustment) x (risk of surgery).
For Cheney the left side of the equation is far higher than the right side. For the average person, the right side is far larger than the left side. Therefore the overall risk is minimized for all people. If you are one of those people for whom the (risk of evil intention against him) is high, you will be aware of that and also need to adjust your parameters. And if you are one of those people, you will also likely have the means to adjust them.
"For Cheney the left side of the equation is far higher than the right side. For the average person, the right side is far larger than the left side."
Ignoring the living shit out of script kiddies, who do "evil" for the hell of it.
Well, the upside is, if a script kiddie shut down my father's pacer/defibrillator, they're well within small arms range and would join him.
My father has one that literally uses a form of bluetooth for telemetry. It can also be programmed via the same method, no coils needed today.
He has an telemetry unit on his bedstand to read the unit condition at vendor pre-determined intervals and report back the unit status.
Having an actual plug-and-socket means breaking the skin barrier, which carries a much greater risk of infection.
Given that this has electrodes to the heart, that could be very bad.
There's not really a good solution other than good and published encryption over close-coupled coils - not radio or even NFC per se.
As long as every device has a different key, and the key is appropriately protected, the risk would be very small.
Of course, this almost certainly has no encryption at all and just blindly follows commands sent, because medical devices generally don't consider the possibility.
My Uncle Bob, aged 94, has an implanted pacemaker/defibrillator. It's recharged inductively. That is the only outside "input" connection. The internal computer pretty much takes care of itself, you can't actually reprogram it, but you can read what it it doing ... and external, non-networked, gear can patch meat-wear issues as needed.
He is doing well. That's all I care about.
"Ain't exactly rocket science ... One wonders at the numpties who approved the wireless capability in the first place."
The reason is simple: To program and adjust the device. It beats the hell out of opening up a patient every time they have to adjust the heart rate/shock pattern.
There is no terrorist. It's a figment of your mass-media's government-fueled imagination.
Unless you can actually introduce me to a terrorist, of course. Which you can't. Because they don't actually exist.
Never heard of Nelson Mandela, or what about Martin Mcguinness, Timothy Mcvey... any number of other examples spring to mind... I'm sure you must have heard of at least one of them in your time?
My point is that pigeon holing statistically random acts of violence under a single umbrella allows the .gov of your choice to make the problem seem a hell of a lot bigger than it really is. Couple that with television making said random acts in Bali or Madrid look like they are happening in your living room, and you have the situation we are in now.
I am not trying to say there are no politically, culturally and/or religiously xenophobic nutcases out there, some of whom are willing to kill themselves in the name of whatever cause. I am saying that they are not linked in any meaningful way, shape or form. Hanging the label "terrorist" on all of 'em is a convenient way for the government of your choice to make the problem appear much larger than it really is.
Recently here in the US, I've seen a disturbing trend towards calling schoolyard bullies "school terrorists". Case in point, the shooting in Sparks, NV this morning (thanks for the daft reportage before anyone outside Sparks had half a clue as to what was actually happening, network news). Gangs have been "terrorizing" the East Bay for years.
Last general election, according to Faux news, Jerry Brown was "terrorizing" Meg Whitman ... In a nutshell, in my mind the term "terrorist" has become overloaded to the point of becoming absolutely, totally, utterly, and completely meaningless.
But if you enjoy your .gov scaring you with ghost stories, who am I to quibble?
You appear to be intermixing words containing the noun "terror" up, and using that as an argument for terrorist/terrorism having no meaning.
terrorize/terrorizing has nothing to do with terrorist/terrorism, they just happen to share a noun.
I'll agree with you about "school terrorists" though, but that's the opposite of what you've claimed. That's not part of some government created bogeyman. It's a media sensationalism, they hope utilising the word "terrorist" will get them bigger sales/page counts.
My government doesn't scare me (or many people) with tales of terrorism, the bloody terrorists never scared me with acts of terrorism (and they won't be any time soon). My government might use the word terrorism/terrorist far too much, so that they can try to overplay their hand in the control freak game, that is politics. Most of us however understand that's the game they're in and ignore them though. We're busy getting on with life.
The trouble with using an oversized transmitter is that the receiver still has to handshake with the transmitter. So if the pacemaker has a tiny aerial there is no way for the large transmitter aerial to pick up the miniscule signal from the background radio noise found in a typical domestic environment.
My dad's just had an ICD fitted
the docs programmed it using what looked to me like a bluetooth receiver plugged into a PC
The ICD communicates with a "box" plugged into the phone line at home so it can dial back to the hospital info about how he is.
It also has a radio transmitter so if i "goes off" when hes out and about, the hospital monitoring station are aware and will contact him to see if all is ok
Biting the hand that feeds IT © 1998–2019