Monday, February 27, 2012

The Insidious Dark Side of Cyber "Human" Attacks

As an avid reader of Bloomberg Businessweek, I look forward to their "Innovator" section every week.  Businessweek does a pretty good job identifying innovators who are working hard towards new and novel approaches to make our lives better. So as always, I was expecting to read a positive, upbeat write up in my February 27 - March 4, 2012 issue of  Businessweek.

Well, it turns out that this week I was in for a disturbing shock!

This week's innovator spotlight was on Jay Radcliffe. Last year, the 34-year-old computer network security expert discovered that a best-selling insulin pump used by fellow diabetics was (and still is) vulnerable to hacking. Tinkering with his own pump, Radcliffe noticed that its wireless connection opened a security hole that would allow an attacker to manipulate the amount of insulin pumped, potentially inducing a fatal reaction.

As I mentioned above, I was shocked. It was like I was reading a sci-fi novel in which an attacker with a powerful antenna a mile away from his victim launches a wireless attack that gives him remote control over his victim's insulin pump and kills the victim. In all honesty, I always knew in the back of my mind that this sort of thing might be possible. After all, isn't all science fiction just reality before it's time? But I did not expect to read about this so soon.

After reading the Businessweek article, I spent some time doing more research. It turns out that there is a real threat emerging as more and more life preserving, implantable electronic devices become a part of our daily lives. Consider, for example, the pacemaker, which uses electric pulses to regulate a person's heartbeat. Newer generations of pacemakers also have wireless connections enabling them to transmit information for doctors to analyze. And they can receive signals in turn, enabling doctors to non-invasively alter a treatment regimen. While this sounds great, it has created a vulnerability, which in theory could allow a malicious agent to remotely hack a pacemaker and cause it to deliver a lethal shock. The same goes for other classes of implantable medical devices, from defibrillators to brain stimulators to drug pumps such as the insulin pump discussed earlier above. The alarming fact is that deranged implant hackers could exploit security holes in those, too, causing injury or death.

If you still don't believe that this is much more than just "geek theory" then consider this - The U.S. House Energy and Commerce Committee has also taken an interest in protecting wireless enabled medical devices. In fact, the committee sent a letter to the Government Accountability Office (GAO) asking it to "conduct a review of the Federal Communications Commission's actions in regard to wireless medical devices."

So here's the bottom line - The good news is that to date there have been no publicly known murders by hacking insulin pumps or pacemakers. But is it only a matter of time before we read about the first cyber homicide or assassination? I sincerely hope and pray that we never see this insidious dark side of cyber in action.

No comments:

Post a Comment