back to article US Veep's wireless heart implant disabled to stop TERRORIST HACKERS

A defibrillator fitted to US vice president Dick Cheney had its wireless functions removed in the factory, in order to ensure hackers – or terrorists – could not kill him by attacking the device. Defibrillators and their close cousins the pacemaker have been fingered as a security risk before. Last year we reported that radio …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge

    You couldn't make it up

    Dick Chaney [sic] was fitted with a new defibrillator by Dr. Jonathan Reiner

    His cold Nazi heart maintained by German Doktors? Ach ja!

    1. Great Bu

      Re: You couldn't make it up

      Jewish doctors, I think you will find.......

  2. Gray Ham Bronze badge

    Old ways are often the best ...

    I'm fairly certain that, if "terrorists" had really wanted to kill Cheney, they'd have done it the old-fashioned (and much easier) way, probably while he was out hunting.

    1. Destroy All Monsters Silver badge
      Trollface

      Re: Old ways are often the best ...

      Seeing how a Senator who was hunting with him got a faceful of shot then an earful of insults, it might be more dangerous for them to attempt that.

    2. Anonymous Blowhard

      Re: Old ways are often the best ...

      "I'm fairly certain that, if "terrorists" had really wanted to kill Cheney, they'd have done it the old-fashioned (and much easier) way"

      If terrorists had wanted to seriously damage the USA they would have needed to kill everyone in the chain of command above Cheney and leave him alive.

  3. Herby

    The range is pretty small

    The design of the ICDs is pretty simple. They use VERY old technology (the one I worked on used CMOS 6502's, and that was 10 years ago), so they really aren't that sophisticated. The price they charge for them (I recall it was around $20k or so) usually includes a laptop for the doctor to communicate with, "thrown in". My understanding was that the communications between the laptop and the implanted device was done by an induction coil, necessitating a VERY close contact (less than an inch).

    While it makes for a great story, reality is a bit more far fetched.

    The use of "old" technology (around 25 years old) is because they are "medically cleared" and well characterized. They also need to have VERY LOW power requirements which limits their complexity as well. Over half of what is implanted is the battery, and it must last over 3 years!

    1. Richard 12 Silver badge

      Re: The range is pretty small

      That would be the "normal" range when using the carefully-designed and highly regulated transducer.

      If one didn't care about targeting a specific unit, or EMC and other pesky regulations limiting the broadcast power and bandwidth, one could greatly increase the range.

      That's always been the problem with NFC - while the proper transceivers are very short-range because they were carefully designed to be, the ones an attacker could use have several orders of magnitude greater range because (by definition) a black hat is not working to the design brief of "short range and comply with regulations!"

    2. Anonymous Coward
      Anonymous Coward

      6502?

      Wasn't that the processor used in the PSION Organiser II? I can't check anymore, I sent mine off to the Computer Museum in Swindon.

      I can understand the need for a wireless control function, that's probably better than walking around with a 3.5mm jack or a zip in your chest. However, the absence of even the most basic authentication strikes me as problematic - all you need is a guy who's into DIY and you have a problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: 6502?

        Even mor famously, it was used in BBC mico, Atari's 8-bit, Vic 20, Commodore 64 and Dragon.

    3. James Micallef Silver badge

      Re: The range is pretty small

      "A defibrillator fitted to US vice president Dick Cheney had its wireless functions removed in the factory, in order to ensure hackers – or terrorists – could not kill him by attacking the device."

      Erm... so instead of either removing the function from the spec sheet of ALL their devices, or disabling and/or properly securing the function for ALL their customers, they just secure the high-profile one. After all, who gives a damn if any of their other customers' hearts are stopped by hackers, as long as Darth Chenious is safe?

      1. Tom 13
        FAIL

        Re: removing the function from the spec sheet of ALL their devices

        Grasshopper, your risk analysis is incomplete.

        The danger to any given recipient is (Risk of Compromise) x (risk of evil intent against him) + (risk of requiring adjustment) x (risk of surgery).

        For Cheney the left side of the equation is far higher than the right side. For the average person, the right side is far larger than the left side. Therefore the overall risk is minimized for all people. If you are one of those people for whom the (risk of evil intention against him) is high, you will be aware of that and also need to adjust your parameters. And if you are one of those people, you will also likely have the means to adjust them.

        1. Wzrd1 Silver badge

          Re: removing the function from the spec sheet of ALL their devices

          "For Cheney the left side of the equation is far higher than the right side. For the average person, the right side is far larger than the left side."

          Ignoring the living shit out of script kiddies, who do "evil" for the hell of it.

          Well, the upside is, if a script kiddie shut down my father's pacer/defibrillator, they're well within small arms range and would join him.

    4. Wzrd1 Silver badge

      Re: The range is pretty small

      My father has one that literally uses a form of bluetooth for telemetry. It can also be programmed via the same method, no coils needed today.

      He has an telemetry unit on his bedstand to read the unit condition at vendor pre-determined intervals and report back the unit status.

  4. jake Silver badge

    Gee, you think?

    Ain't exactly rocket science ... One wonders at the numpties who approved the wireless capability in the first place.

    1. Richard 12 Silver badge

      What is the alternative?

      Having an actual plug-and-socket means breaking the skin barrier, which carries a much greater risk of infection.

      Given that this has electrodes to the heart, that could be very bad.

      There's not really a good solution other than good and published encryption over close-coupled coils - not radio or even NFC per se.

      As long as every device has a different key, and the key is appropriately protected, the risk would be very small.

      Of course, this almost certainly has no encryption at all and just blindly follows commands sent, because medical devices generally don't consider the possibility.

      1. Destroy All Monsters Silver badge

        Re: What is the alternative?

        What kind of airhead votes down Richard's comment?

        Yeah, put a socket into your ribcage, see how it goes.

        1. jake Silver badge

          Re: What is the alternative?

          My Uncle Bob, aged 94, has an implanted pacemaker/defibrillator. It's recharged inductively. That is the only outside "input" connection. The internal computer pretty much takes care of itself, you can't actually reprogram it, but you can read what it it doing ... and external, non-networked, gear can patch meat-wear issues as needed.

          He is doing well. That's all I care about.

          1. Great Bu
            Coat

            Re: What is the alternative?

            So you're saying 'get it implanted, keep it charged and Bob's your uncle'......

            1. jake Silver badge

              @Great Bu (was: Re: What is the alternative?)

              An ElReg commentard who can actually read for content? How refreshing!

              To answer your question: Pretty much, yeah. Gotta problem with that?

        2. James Micallef Silver badge
          Joke

          Re: What is the alternative?

          "Yeah, put a socket into your ribcage, see how it goes."

          Tony Stark seems to manage OK :)

      2. Ed_UK

        Re: What is the alternative?

        "Having an actual plug-and-socket means breaking the skin barrier, which carries a much greater risk of infection."

        May I humbly suggest xkcd?

        http://xkcd.com/644/

        " that could be very bad." - Makes me think you just might be an xkcd reader already.

    2. Wzrd1 Silver badge

      Re: Gee, you think?

      "Ain't exactly rocket science ... One wonders at the numpties who approved the wireless capability in the first place."

      The reason is simple: To program and adjust the device. It beats the hell out of opening up a patient every time they have to adjust the heart rate/shock pattern.

  5. rcorrect

    Somehow I think terrorist have better things to do.

    1. jake Silver badge

      @ rcorrect

      "Somehow I think terrorist have better things to do."

      There is no terrorist. It's a figment of your mass-media's government-fueled imagination.

      Unless you can actually introduce me to a terrorist, of course. Which you can't. Because they don't actually exist.

      1. Anonymous Coward
        Anonymous Coward

        Re: @ rcorrect

        There is no terrorist. It's a figment of your mass-media's government-fueled imagination.

        Unless you can actually introduce me to a terrorist, of course. Which you can't. Because they don't actually exist.

        Never heard of Nelson Mandela, or what about Martin Mcguinness, Timothy Mcvey... any number of other examples spring to mind... I'm sure you must have heard of at least one of them in your time?

        1. jake Silver badge

          @ obnoxiousGit (was: Re: @ rcorrect)

          My point is that pigeon holing statistically random acts of violence under a single umbrella allows the .gov of your choice to make the problem seem a hell of a lot bigger than it really is. Couple that with television making said random acts in Bali or Madrid look like they are happening in your living room, and you have the situation we are in now.

          I am not trying to say there are no politically, culturally and/or religiously xenophobic nutcases out there, some of whom are willing to kill themselves in the name of whatever cause. I am saying that they are not linked in any meaningful way, shape or form. Hanging the label "terrorist" on all of 'em is a convenient way for the government of your choice to make the problem appear much larger than it really is.

          Recently here in the US, I've seen a disturbing trend towards calling schoolyard bullies "school terrorists". Case in point, the shooting in Sparks, NV this morning (thanks for the daft reportage before anyone outside Sparks had half a clue as to what was actually happening, network news). Gangs have been "terrorizing" the East Bay for years.

          Last general election, according to Faux news, Jerry Brown was "terrorizing" Meg Whitman ... In a nutshell, in my mind the term "terrorist" has become overloaded to the point of becoming absolutely, totally, utterly, and completely meaningless.

          But if you enjoy your .gov scaring you with ghost stories, who am I to quibble?

          1. Anonymous Coward
            Anonymous Coward

            Re: @ jake (was: @ rcorrect)

            You appear to be intermixing words containing the noun "terror" up, and using that as an argument for terrorist/terrorism having no meaning.

            terrorize/terrorizing has nothing to do with terrorist/terrorism, they just happen to share a noun.

            I'll agree with you about "school terrorists" though, but that's the opposite of what you've claimed. That's not part of some government created bogeyman. It's a media sensationalism, they hope utilising the word "terrorist" will get them bigger sales/page counts.

            My government doesn't scare me (or many people) with tales of terrorism, the bloody terrorists never scared me with acts of terrorism (and they won't be any time soon). My government might use the word terrorism/terrorist far too much, so that they can try to overplay their hand in the control freak game, that is politics. Most of us however understand that's the game they're in and ignore them though. We're busy getting on with life.

      2. Graham Dawson Silver badge

        Re: @ rcorrect

        So those sods that blew up Manchester in 96 were just my imagination? Wow. I'd better stop thinking. I'm bloody dangerous.

      3. rcorrect
        Facepalm

        Re: @ rcorrect

        There is no terrorist. It's a figment of your mass-media's government-fueled imagination.

        Unless you can actually introduce me to a terrorist, of course. Which you can't. Because they don't actually exist.

        Are you responding to what I actually said or what you imagined I said?

        1. Graham Dawson Silver badge

          Re: @ rcorrect

          Just about everything Jake has ever stated comes entirely from his apparently very fertile imagination.

          1. rcorrect
            Thumb Up

            Re: @ rcorrect

            Apparently that remark got you a down vote so have an up vote on me!

  6. John Smith 19 Gold badge
    Unhappy

    So Cheyney had a heart after all.

    Who knew?

    1. Parax

      Re: So Cheyney had a heart after all.

      Yeah, but it was broken.

    2. Anonymous Coward
      Anonymous Coward

      Re: So Cheyney had a heart after all.

      Curse you John Smith--you stole my line!

      1. John Smith 19 Gold badge
        Unhappy

        Re: So Cheyney had a heart after all.

        "Curse you John Smith--you stole my line!"

        So it goes.

        Next time I dear say you get in ahead of me.

  7. Stuart Halliday

    The trouble with using an oversized transmitter is that the receiver still has to handshake with the transmitter. So if the pacemaker has a tiny aerial there is no way for the large transmitter aerial to pick up the miniscule signal from the background radio noise found in a typical domestic environment.

    Still Sci-fi.

    1. druck Silver badge

      And yet we can pick up factions of a billionth of a watt coming a space probe billions of miles away, in a typically noisy interstellar environment.

  8. Anonymous Coward
    Go

    Poetic justice....

    Would be Cheney getting his implant stopped using an SSL hack developed by the NSA, who Cheney probably views as timid Constitution-huggers.

  9. Gordon 10
    Joke

    What about another attack vector?

    Some implanted medical devices have known weaknesses with digital music being played in their vicinity.

    Its known as a midi in the man attack.

    1. Anonymous Coward
      Anonymous Coward

      Re: What about another attack vector?

      That was a stretch, but you got an upvote for chutzpa.

  10. Sir Adam-All

    My Dad

    My dad's just had an ICD fitted

    the docs programmed it using what looked to me like a bluetooth receiver plugged into a PC

    The ICD communicates with a "box" plugged into the phone line at home so it can dial back to the hospital info about how he is.

    It also has a radio transmitter so if i "goes off" when hes out and about, the hospital monitoring station are aware and will contact him to see if all is ok

  11. i like crisps
    Big Brother

    " KILL SWITCH "

    Future generations will have a 'Nano' version of this implanted at birth....

  12. Don Jefe

    This was kind of a pointless security measure on the part of the doctor. As long as there are orphans, foundlings and aborted fetuses for the Cheney to feed on, nothing can kill it.

  13. Anonymous Coward
    Anonymous Coward

    Could be worse

    If it used cell freq's his pacemakers roaming charges would be considerable.

    Enough to put him in hospital I bet.

  14. crayon

    @druck

    Have you seen the size of the dishes that are used to pick up these "factions [sic] of a billionth of a watt coming a space probe billions of miles away"?

This topic is closed for new posts.

Other stories you might like