Web-enabled portable medical device
US Patent 20080091175 A1
"Comprehensive" control? Boy howdy. What's especially bad about this is that every medical device manufacturer says that they're not allowed to provide security patches, per the FDA. That seems not to be true, but they say it anyway (because they don't want to incur the expense of testing the patch).AbstractA portable personal medical device, e.g., a wearable insulin pump, is provided with a web server and is controllable over a network by a browser equipped client, thereby enabling comprehensive and comfortable control, operation and/or configuration of the device.
Explaining it to them in simple terms, web servers need lots of patches or they get pwned.
Someone is going to die from this.
"This business will get out of control. It will get out of control and we'll be lucky to live through it."
ReplyDeleteWho in the devil thought this was a good idea?
Unless its a hard-wired system, and even then, there could be viruses written to search out this exact hardware.
My grandfather has an implanted pace-maker/monitor that uses a form of NFC to download data from the device. In implantable devices, direct connect isn't do-able, but its still pushing the boundary of security. Imagine a very powerful NFC device that reprograms every pacemaker to go into overdrive.
Bluetooth is only meant to have a range of 10m, but there are hacks that allow you to use it from miles away.
Spike, that is the perfect quote for this.
ReplyDeleteAlthough it's never been officially acknowledged, it's a near certainty that at least a few folks with external remote controlled/remote programmable pacemakers, have died because of security compromise.
ReplyDeleteIt's also HIGHLY likely that wirelessly adjustable/monitorable medical devices in hospitals have also killed because of compromise.