Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Pacemaker hacker says worm could possibly 'commit mass murder'

Darlene Storm | Oct. 18, 2012
Barnaby Jack showed how an attacker with a laptop, located up to 50 feet from a victim, could remotely hack a pacemaker and deliver an 830-volt shock.

"I find this mind-boggling," said embedded medical device security guru Kevin Fu. Running an old OS, perhaps as old as Windows 95 to protect critical medical apps, may be the reason why these systems can be infected by worms that are 5 – 10 years old, but manufacturers are also a big part of the problem. Fu told Technology Review, "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."

Here’s a scary thought gleaned from the same article, considering a system “new” when it’s been upgraded to be “based on Windows XP.” One expert said it would take “more than 200 firewalls” to protect a hospital’s software-controlled equipment. For starters, it seems like the medical equipment could be taken off the Internet, such as was done after the “Conficker worm caused problems with a Philips obstetrical care workstation, a GE radiology workstation, and nuclear medical applications that ‘could not be patched due to [regulatory] restrictions’.”

The FDA put out guidelines in 2009, but malware problems are “rarely reported to state or federal regulators.” When talking about the 664 pieces of medical equipment running on old OS at Beth Israel Deaconess Medical Center in Boston, FDA deputy director Brian Fitzgerald said it is a common problem. The FDA is reviewing the “regulatory stance on software,” but Fitzgerald said it would be a “gradual process.”

More than a year ago, security researcher Jay Radcliffe showed how “an attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim.” Then there was a jammer developed to protect pacemakers from lethal hacks via wireless attacks. When the feds were pressed to protect wireless medical devices from hackers, we wondered if a person could be killed by code. It’s a bit of sick continuing saga when sloppy code allows each wireless hack of medical devices to potentially murder more people at one time. Add in the medical equipment infected with malware and it's just flipping peachy.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.

10 tech trends you don’t have to worry about (2018 edition)

10 tech trends you don’t have to worry about (2018 edition)

How Axiata’s ‘Asia gateway’ strengthens Malaysia’s Digital Hub strategy

Is fake news dangerous? Security pros say yes

GECommunity summit to attract international entrepreneurship experts to Malaysia

Black Friday bargain hunting to benefit more than just retailers

Leveraging Cloud for High Availability, Backup and Disaster Recovery

Black Friday bargain hunting to benefit more than just retailers

Are You Losing Customers to Poor Security?

Transforming Transportation: Turning IoT Data into Automated Action

How Axiata’s ‘Asia gateway’ strengthens Malaysia’s Digital Hub strategy

GECommunity summit to attract international entrepreneurship experts to Malaysia

Malaysia’s Inland Revenue warns of new wave of phishing scams

Why CyberSecurity Malaysia was in Azerbaijan

Cyber bullying: Nationwide Malaysian quest to design stronger strategies