March 7, 2016

Wi-Fi Based Computer Health Devices, Cars, Can Be Hacked To Cause Death

[From article]
Researcher Marie Moe woke up after emergency surgery in 2011 with a new pacemaker to correct a heart condition. What she didn't realize at the time was that the lifesaving device in her chest exposed her to a completely different kind of threat.
The pacemaker keeping her alive has wireless connectivity capabilities — a detail her doctors didn't tell her — meaning it could be hacked.
Moe was understandably disturbed that it never occurred to her doctors to tell her that her device had wireless capability, and they had not considered the security implications.
"They really had not thought about the pacemaker security at all," she said.
Vulnerabilities like Moe's are moving quickly from the rare to the extremely common.
[. . .]
Frustrated with her doctors and the manufacturer of her pacemaker, Moe has turned her life's work into finding out more on behalf of all patients.
She has testified in front of the FDA and worked with grassroots organization I Am The Cavalry to develop a Hippocratic Oath for Connected Devices. Her goal is to force transparency into an industry where doctors are uninformed, code is proprietary and third-party access limited.
[. . .]
"It's about time hospitals started worrying about computer viruses, not just ordinary germs," said Moe.
"That's what we have to look at today, to invest in the area to make sure we are solving those problems today, not four years from now when the problem is too heavy to be solved," said Google vice president, security and privacy Gerhard Eschelbeck at the RSA Conference on Tuesday.
[. . .]
Of course, it's not just medical devices that pose a threat. Well-publicized car hacks by researchers have shown just how easy it is for hackers to take remote control of certain car models.
[. . .]
The average GM car has 30 computers, all built by different partners and suppliers. (For example, a car stereo system may be integrated with Apple CarPlay or Android Auto.)
[. . .]
Of course, when weighing the adoption of connected devices, it's important to take into account the risks and potential rewards, said John Stewart, senior vice president, chief security and trust officer at Cisco.
"For the most part, all of this is going to be beneficial more than it's going to be endangering and risky," said Stewart. "This security conference has a tendency to think the whole world's going to melt down by tomorrow. [But] We're still here 20 years after we thought it was going to meltdown 20 years ago."

How the 'Internet of Things' could be fatal
Harriet Taylor | @Harri8t
March 4, 2016

No comments: