[conspire] Something completely different
Rick Moen
rick at linuxmafia.com
Sat Mar 30 01:38:01 PDT 2019
Paul, I'm deliberately breaking threading because this topic that you
created actually has nothing to do with the 'That costs extra' thread,
as you inadvertently suggested to people's mail software when you
created this topic by responding to your 'That cost's extra' posting and
only changing the Subject header. FWIW, it's better to just start a new
thread. Or, if you want to save time by replying to an existing thread,
please delete the In-Reply-To header. Thanks.
Quoting Paul Zander (paulz at ieee.org):
> Medtronics defibrillators are vulnerable to hacking. Who would have guessed?
>
> http://www.gizmodo.co.uk/2019/03/hundreds-of-thousands-of-medtronic-defibrillators-could-be-vulnerable-to-hacking-due-to-flaw/
> https://science.slashdot.org/story/19/03/22/0045255/750000-medtronic-defibrillators-vulnerable-to-hacking
This is really _very_ not new. Karen Sandler and co-authors at the
Software Freedom Law Center called attention in 2010 to computer
security risks, potentially deadly ones, caused by the use of crummy
proprietary code in medical devices -- pointing a finger at Medtronic
and its defibrillator devices in particular.
http://www.softwarefreedom.org/resources/2010/transparent-medical-devices.pdf
https://www.youtube.com/watch?v=5XDTQLa3NjE
Sandler was then (in addition to her SFLC post) Executive Director of
GNOME Foundation -- and also a cardiac patient, who had a Medtronic
defibrillator device installed to compensate for her condition, but got
stonewalled when she inquired about its software, and after many
evasions finally got an honest albeit unofficial 'We won't tell you
anything'.
Sandler managed to mitigate the security risks in her case by having
doctors install an _older_ model that communicates using magnetic
coupling rather than WiFi, but of course that mitigation is no longer
feasible. Meanwhile, Sandler showed during her initial examination of
the problem (back around 2010) that the Medtronic devices were known to
be hackable.
The YouTube link is of Sandler's keynote address on this subject at LCA
in 2012, and worth your 55 minutes of viewing time.
More information about the conspire
mailing list