Feeds

Boffins find 'scary radio attack'* against pacemakers

*Attack is actually 'very difficult in real world'

SANS - Survey on application security programs

It's a little difficult to credit as a discovery the fact that analogue receivers – whether they be on a bluetooth device or a pacemaker – are vulnerable to radio interference.

That, however, is what's going to be presented at an IEEE conference later this week. Here's an excerpt of a story from America's Institution of Engineering and Technology's E&T Magazine:

“The researchers tested cardiac defibrillators and pacemakers in open air to determine which radio waveforms could cause interference.

“Then they exposed the medical devices to those waveforms in a both a saline bath and a patient simulator.”

The video below gives this explanation at about 1:07:

“The researchers found that they could use radio interference to send false heartbeat signals to the devices in controlled lab conditions. Theoretically, a false signal could inhibit needed pacing, or cause unnecessary defibrillation shocks.

“Experiments show that this would be very difficult to do in real world conditions, however.” (Emphasis added).

Watch Video

This would be unexceptional, except that pretty much every outlet to cover the story runs with a long boilerplate generalising the “hacker threat” we all live under before finally admitting that right now, an exploit would be a bit of a challenge.

Since the pacemaker exists inside the body, it inherits a degree of shielding which means, as the researchers note, that the attacker would have to bring a malicious device within a few centimetres of the body.

Which is, of course, why phone makers like Apple have recommended for years that people with pacemakers exercise sensible caution. This Apple document, now six years old, is a handy example.

The researchers suggest "solutions to help the sensors ensure that the signals they're receiving are authentic. Software could 'ping' the cardiac tissue to determine whether the previous pulse came from the heart or from interference. If the source was not the heart, the software could raise a red flag."

This, at least is sensible, even without drawing a picture of an evil hacker on the wall. Since interference is well-known, if a pacemaker or defibrillator can filter out false alarms with a kind of feedback loop, that's a good thing.

The researchers also suggest shielding consumer devices against RFI because some signals can have odd effects – such as turning on microphones or sending false signals through the analogue interfaces. ®

3 Big data security analytics techniques

More from The Register

next story
Most Americans doubt Big Bang, not too sure about evolution, climate change – survey
Science no match for religion, politics, business interests
So, just how do you say 'the mutt's nuts' in French?
Vital linguistic question interrupts LOHAN spaceplane mission
95 floors in 43 SECONDS: Hitachi's new ultra-high-speed lift
Guangzhou skyscraper denizens to hold on to hats
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
LOHAN and the amazing technicolor spaceplane
Our Vulture 2 livery is wrapped, and it's les noix du mutt
Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS
SpaceX snaps smartly into one-second launch window
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.