Monday, August 11, 2008

Thanks a Lot, Hackers



The Defcon conference is the wild and woolly version of Black Hat for the unwashed masses of hackers. It always has its share of unusual hacks. The oddest so far is a collaborative academic effort where medical device security researchers have figured out how to turn off someone’s pacemaker via remote control.

I understand that it's cool to tinker, and fiddle, and figure things out. It's fun. But couldn't you guys have figured out how make diamonds with a Sears trash compactor instead?

I do, by the way, have a pacemaker. And I'm not really concerned that some kid, inspired by these guys, is going to write a kill program for my pacemaker. What I am concerned about is that some kid will write a program to make the pacer stutter, or to steal information from the device, but, whoops, writes a bad line of code and instead sends the pacer into defib mode and all of the sudden, some guy who was just strolling down the boardwalk ends up jolted to the top of the popcorn machine.

The researchers are thinking they're doing everyone a favor by forcing the device makers to use encryption, except for: wrong. You can't use encryption when every emergency room and heart Dr's office needs to be able to access the device, quickly, at a moments notice. You think the emergency room has time to hunt down the key? And not everyone uses their dog's name as a password or encryption key generator. "Give him another amp of epinephrine and find out his dog's name. Stat!"

You just can't make the programming secure and still have it accessible to those who need to access it. And anyone trying to figure it out is putting old farts at risk. I mean, this isn't the kind of thing you could test on little sis's computer. You want to see if it's working, you have to go out and find a device.... and most of them are attached to old guys in Bermuda shorts.

But, really, why I posted..... Look at the graphic on that pacemaker. Why do you think it's there? The thing spends just a little time under the surgical teams eyes and then it's gone, under skin for a few years - next stop: trash can. But they put a fair amount of effort into making it look impressive. OK, so it's cool looking. But you need a pocket knife to show it to anybody. And who's going to be impressed by that anyway?

0 comments:

fighting101s.jpg