Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Hacker Barnaby Jack unexpectedly dies ahead of hacking conference
Hacker Barnaby Jack has died in San Francisco, a week before he was due to show off techniques for attacking implanted heart devices that he said could kill a man from 30 feet away.
It was not immediately clear what had happened. The San Francisco Medical Examiner's office said that Jack had died in the city on Thursday, but declined to elaborate.
http://www.reuters.com/article/2013/07/26/us-hacker-death-idUSBRE96P0K120130726
8 replies
= new reply since forum marked as read
= new reply since forum marked as read
VICE: Hi Barnaby. So, why did you decide to reverse engineer the pacemaker?
Barnaby Jack: I was intrigued by the fact that these critical life devices communicate wirelessly. I decided to look at pacemakers and ICDs (implantable cardioverter defibrillators) to see if they communicated securely and if it would be possible for an attacker to remotely control these devices.
And you found it was possible?
Yeah, the software I developed allows the shutting off of the pacemaker or ICD, reading and writing to the memory of the device and, in the case of ICDs, it allows the delivering of a high voltage shock of up to 830 volts. I wanted to look at these devices with the aim of demonstrating and raising awareness of the issues I found, then hopefully spark the manufacturers into implementing a more secure design.
Is it difficult to hack into these devices?
It does take a specialised skill, but with more and more security researchers concentrating on embedded devices, the skill set required is becoming more common. It probably took me around six months, from reverse engineering and finding the flaws through to developing software to exploit the vulnerabilities.
If, say, a government official used a pacemaker, would they be vulnerable to assassination from hackers, like in that episode of Homeland? Or do they use better defended devices?
I wouldn't feel comfortable speculating about such a scenario, but as far as I'm aware there are no differences in the implantable devices issued to officials as there are to the general public.
Barnaby Jack: I was intrigued by the fact that these critical life devices communicate wirelessly. I decided to look at pacemakers and ICDs (implantable cardioverter defibrillators) to see if they communicated securely and if it would be possible for an attacker to remotely control these devices.
And you found it was possible?
Yeah, the software I developed allows the shutting off of the pacemaker or ICD, reading and writing to the memory of the device and, in the case of ICDs, it allows the delivering of a high voltage shock of up to 830 volts. I wanted to look at these devices with the aim of demonstrating and raising awareness of the issues I found, then hopefully spark the manufacturers into implementing a more secure design.
Is it difficult to hack into these devices?
It does take a specialised skill, but with more and more security researchers concentrating on embedded devices, the skill set required is becoming more common. It probably took me around six months, from reverse engineering and finding the flaws through to developing software to exploit the vulnerabilities.
If, say, a government official used a pacemaker, would they be vulnerable to assassination from hackers, like in that episode of Homeland? Or do they use better defended devices?
I wouldn't feel comfortable speculating about such a scenario, but as far as I'm aware there are no differences in the implantable devices issued to officials as there are to the general public.
http://www.vice.com/en_uk/read/i-worked-out-how-to-remotely-weaponise-a-pacemaker
