Hackers Outsmart Pacemakers, Fitbits: Worried Yet? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Security & Privacy
News
12/12/2013
08:36 AM
David F Carr
David F Carr
Slideshows
Connect Directly
LinkedIn
Google+
Twitter
RSS
E-Mail

Hackers Outsmart Pacemakers, Fitbits: Worried Yet?

Mobile health devices aren't as secure as you might think. Look at how researchers plan to strengthen security for consumer devices and regulated medical devices.
2 of 12

What Cheney Feared
One of the most famous recipients of a cardiac defibrillator, former Vice President Dick Cheney, was concerned enough about the risks of hacking that he and his doctor had the device's wireless capabilities deactivated when it was replaced in 2007.
His concern came to light in a 60 Minutes interview in October, when Cheney and his cardiologist, Dr. Jonathan Reiner, were promoting a book they wrote together. The writers of the Showtime drama Homeland might have caught wind of this. A December 2012 episode featured the assassination of a vice president by hacking his pacemaker and stopping his heart.
By all accounts, such hacks are still limited to fiction and the nightmares of academic cybersecurity researchers, who typically take care to say the benefits of devices like pacemakers far outweigh the risks. Still, Cheney was not necessarily being excessively paranoid. Medical devices are essentially a special case of the embedded systems that have been subject to state-sponsored attacks -- think of the purported use of Stuxnet against Iranian nuclear facilities.
'I absolutely think that's reasonable for the vice president of the most powerful country in the world, because those attacks, while theoretical, are very plausible,' Jay Radcliffe of the Washington security consulting firm InGuardians, who has studied medical device vulnerabilities, told us. 'Just like the VP doesn't get a normal car or a normal cellphone, to me, not having a normal pacemaker is right in line with those other things.' For everyone else, he said, the risk of a malicious attack is minimal.

One of the most famous recipients of a cardiac defibrillator, former Vice President Dick Cheney, was concerned enough about the risks of hacking that he and his doctor had the device's wireless capabilities deactivated when it was replaced in 2007.

His concern came to light in a 60 Minutes interview in October, when Cheney and his cardiologist, Dr. Jonathan Reiner, were promoting a book they wrote together. The writers of the Showtime drama Homeland might have caught wind of this. A December 2012 episode featured the assassination of a vice president by hacking his pacemaker and stopping his heart.

By all accounts, such hacks are still limited to fiction and the nightmares of academic cybersecurity researchers, who typically take care to say the benefits of devices like pacemakers far outweigh the risks. Still, Cheney was not necessarily being excessively paranoid. Medical devices are essentially a special case of the embedded systems that have been subject to state-sponsored attacks -- think of the purported use of Stuxnet against Iranian nuclear facilities.

"I absolutely think that's reasonable for the vice president of the most powerful country in the world, because those attacks, while theoretical, are very plausible," Jay Radcliffe of the Washington security consulting firm InGuardians, who has studied medical device vulnerabilities, told us. "Just like the VP doesn't get a normal car or a normal cellphone, to me, not having a normal pacemaker is right in line with those other things." For everyone else, he said, the risk of a malicious attack is minimal.

2 of 12
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
MedicalQuack
50%
50%
MedicalQuack,
User Rank: Moderator
12/12/2013 | 2:47:38 PM
Privacy too
I'm a privacy advocate and that along with security are two big issues for me.  The data selling epidemic in the US is so bad as you have the likes of Walgreens making about a billion a year selling data and Fitbit's model is built around selling data profiles...have a campaign for the FTC to license and excise tax all data sellers so they can regulate it.  Can't do that until we have an index..that would be a license.

Oh wellness companies owned by insurance companies love to get a hold of data like this and it will end up in some analytics program to fix you in some fasion or another or potentially in time to deny access to something or someone.

http://ducknetweb.blogspot.com/2013/08/ftc-tries-to-bring-strong-case-for.html


I am all over the FTC all the time about this.  There's a new "open" device out there which would allow one to choose their platform to use with it and that in time may be a plus as it would be out there for everyone to jump and fix flaws, security or otherwise. 
Laurianne
100%
0%
Laurianne,
User Rank: Author
12/12/2013 | 1:05:40 PM
No thanks to that network
Human bodies with a network of implanted medical devices? No thank you. I prefer to remain my own network administrator.
David F. Carr
100%
0%
David F. Carr,
User Rank: Author
12/12/2013 | 10:05:18 AM
Sooner or later ...
The cybersecurity researchers are trying to raise enough of an alarm to change things, without being alarmist. Yet I have to wonder how long it will be before a real hack of someone's pacemaker comes to light, or some other life critical incident occurs.

Or is this really too far-fetched? Granted, there are easier ways to kill someone.
RobPreston
50%
50%
RobPreston,
User Rank: Author
12/12/2013 | 9:52:24 AM
Oh my
I'm a tad more worried about hackers messing with pacemakers than with Fitbits. Nonetheless, this is beyond wrong.
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll