Mike is Appalled

[firstfrost]

A conversation at lunch:

mjperson: Let me tell you about the stupidest idea I ever heard. I was watching NCIS, and someone died, and they were investgating it, and he died of tachycardia, which was weird because he had a pacemaker for low heart rate. And it turned out that someone hacked into his pacemaker. How stupid an idea is that, pacemakers being just accessible via your wireless and remote hacking? Bah."
Me: "... well, pacemakers probably don't have IP addresses, but you know that the ones controlled by wireless don't really have any security, right?"
Mike: That can't be right. They have to be encrypted, you can't just let people hack in and control your pacemaker.
Me: (google google google) "Well, here's an ABC News article. Okay, look, they say it's not a problem, because the number of attackers in wireless range of you is pretty small. "Within wireless distance of you, the number of attackers is necessarily pretty small," Kaminsky said. "It's not to say the devices can't be attacked. They can be. ... It is something for the implant device [user] to think about it."
Mike: ARGH! What do they mean, it's something for the user to think about? Why is it not something for the implant device *maker* to think about? How could they not worry about that? Just stick in a private key...!
Me: Welcome to the real future. It's not as smart as the science fiction future.

Comments

[desireearmfeldt]

And yet, someone *did* it, which I'd say makes Mike right: this is a problem someone ought to be worrying about... :)

[firstfrost.livejournal.com]

Argh! No, Mike doesn't get to be right by asserting that real life couldn't possibly be that stupid, when real life *is* that stupid! Regardless of whether it is stupid or not. :)

[desireearmfeldt]

Sure, but he's right to be appalled, no?

(There's nothing in your telling of the story that conflicts with the reading that he's appalled by reality, as opposed to doubting its reality. :) )

[firstfrost.livejournal.com]

Oh, sure, he's right to be appalled. But the thing we were actually disagreeing about during most of the conversation was whether it was reality or not. :)

[kirisutogomen.livejournal.com]

There has to be some sort of credit awarded for such irrational unwarranted hopefulness.

[chenoameg.livejournal.com]

Clearly Mike is not reading his tech reviews magazines, or he would already know about this problem (I'm pretty sure that's where I read about it.)

[mathhobbit.livejournal.com]

You read those? Want mine? And R's?

What do they mean when they say "the number of attackers in wireless range of you is pretty small"? Because my home town is pretty densely packed! I bet my neighbors could hack into my pacemaker while I sleep...

[ricedog.livejournal.com]

That might be this article (http://web.mit.edu/newsoffice/2011/protecting-medical-implants-0613.html).

[dcltdw]

+1 on "yeah, I recently read about people researching ways to mess with medical devices". I could dig through my RSS reader if you wanted links, but I'm currently too lazy to do so unless poked. :)

[shaggy-man.livejournal.com]

Does all of this say "massive wrongful death suit" to anybody else?

[arcanology.livejournal.com]

You get the pacemaker, I'll hack it, and we'll be bazillionaires!

[nakor.livejournal.com]

It's not that easy. Public key crypto eats silly amounts of power... So much that if you add it, an attacker can still turn off your pacemaker by spamming requests.

Availability is a major goal of these; even if it's just the comms battery that dies, not the pacemaker itself, it still takes major surgery to replace it.