Saturday, July 27, 2013

 

Hacker dies days before he was to reveal how to remotely kill pacemaker patients

Security researcher Barnaby Jack has passed away in San Francisco,only days before a scheduled appearance at a Las Vegas hacker conference where he intended to show how an ordinary pacemaker could be compromised in order to kill a man.

Barnaby Jack

Jack, who previously presented hacks involving ATMs and insulin pumps at the annual Black Hat conference in Vegas, was confirmed dead Friday morning by the San Francisco Medical Examiner’s office, Reuters reported. He passed away Thursday this week, but the office declined to offer any more details at this time.

Jack’s death came one week to the day before he was scheduled to detail one of his most recent exploits in a Black Hat talk called “Implantable Medical Devices: Hacking Humans.”

“I was intrigued by the fact that these critical life devices communicate wirelessly. I decided to look at pacemakers and ICDs (implantable cardioverter defibrillators) to see if they communicated securely and if it would be possible for an attacker to remotely control these devices,” Jack told Vice last month.

After around six months of research, Jack said he developed a way to hack one of those devices remotely and send it a high-voltage shock from upwards of 50 feet away.

“If the devices can be accessed remotely, there's always a potential for abuse,” he told Vice tech reporter William Alexander.

In a blog post earlier this year, Jack said he was influenced by a recent episode of the television program "Homeland," in which a terrorist remotely hacked the pacemaker of the United States vice president.

“In my professional opinion, the episode was not too far off the mark,” he wrote.

When Alexander asked Jack if a government official outfitted with a pacemaker would be vulnerable to assassination from a hacker, the researcher remarked, “I wouldn't feel comfortable speculating about such a scenario.”

“Although the threat of a malicious attack to anyone with an implantable device is slim, we want to mitigate these risks no matter how minor,” he wrote on his blog post. At the time, Jack said the vulnerability was being discussed with medical device manufacturers.

“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, told Reuters. “Hundreds of medical devices have been affected, involving dozens of manufacturers.”

At previous Black Hat talks, Jack detailed how he emulated a stunt found in the movie Terminator 2 that allowed him to remotely hack an automatic teller machine. In addition to being able to read credit card numbers and PINs inputted by another user, Jack also showed how a USB drive could be implanted in an ATM which would override the machine’s firmware and allow a hacker to take control.

In another presentation, Jack said he could hack insulin pumps to order the machines to deliver lethal doses to patients, in turn killing them.

“We notified the manufacturer of the vulnerability and it will be fixed with the next insulin pump revision,” he told Vice.

Jack’s most recent employer, security firm IOActive, said in a statement, “Lost but never forgotten our beloved pirate, Barnaby Jack has passed. He was a master hacker and dear friend. Here’s to you Barnes!”

Black Hat is scheduled to begin Wednesday in Las Vegas, with a presentation by NSA Chief Gen. Keith Alexander. It will be immediately followed by the Def Con hacker conference, which will be taking place just down the road. Researchers at Def Con plan to demonstrate various high-profile hacks, including how modern cars can be compromised.
Tags : , , ,

Share

Social

The idea behind the text.
Respect for the truth is almost the basis of all morality.
Nothing can come from nothing.



Follow

Popular Topics

Read

Well, the way they make shows is, they make one show. That show's called a pilot. Then they show that show to the people who make shows, and on the strength of that one show they decide if they're going to make more shows.

Like you, I used to think the world was this great place where everybody lived by the same standards I did, then some kid with a nail showed me I was living in his world, a world where chaos rules not order, a world where righteousness is not rewarded. That's Cesar's world, and if you're not willing to play by his rules, then you're gonna have to pay the price.

You think water moves fast? You should see ice. It moves like it has a mind. Like it knows it killed the world once and got a taste for murder. After the avalanche, it took us a week to climb out. Now, I don't know exactly when we turned on each other, but I know that seven of us survived the slide... and only five made it out. Now we took an oath, that I'm breaking now. We said we'd say it was the snow that killed the other two, but it wasn't. Nature is lethal but it doesn't hold a candle to man.

You see? It's curious. Ted did figure it out - time travel. And when we get back, we gonna tell everyone. How it's possible, how it's done, what the dangers are. But then why fifty years in the future when the spacecraft encounters a black hole does the computer call it an 'unknown entry event'? Why don't they know? If they don't know, that means we never told anyone. And if we never told anyone it means we never made it back. Hence we die down here. Just as a matter of deductive logic.