I stumbled upon this article in CNN, I recall something being mentioned about these issues years ago, but seeing it again got me thinking.. if the unthinkable happened, and a device was maliciously compromised, what evidence ( If any ) would be left?
Who or what could or should be done to provide proof and protection of the user, and obviously there is the ongoing "How do we secure this device, but keep it accessible to emergency crews?"
If someone's insulin pump, or pacemaker, was attacked, would there be any evidence beyond the mis-configured device in the victim to indicate an attack or malfunction?
Is a wireless method the best, or should they consider a "Downgrade" to physical access, such as a jack on the skin?
I didn't see much in a little digging that I did, but it peeked my curiosity enough to throw it out to a group of people that are more experienced than I, and I thought it may be an interesting discussion topic?
Obviously if it's thought this isn't an appropriate topic, lock away )
After reading the documents linked in the CNN article, what are your thoughts?
Personally, I think that a lot of research is being done into ways to protect the devices, and the general issue itself.
The compromise chance at this time is low, as is shown in the linked articles, it requires more specialised knowledge than the average person would normally posses, but it kinda smacks me as the whole thing is currently protected more by obscurity than anything..
Please, correct me if I'm wrong with my understanding of what I've read, but it seems one of the concerns is a lack of standardisation, it's more ( understandably ) that they have been designed for workability first, and the security of the device has come on second?
Please, correct me if I'm wrong with my understanding of what I've read, but it seems one of the concerns is a lack of standardisation, it's more ( understandably ) that they have been designed for workability first, and the security of the device has come on second?
You could say the same about a lot of things. I had a password on BSD Unix for more than a decade before it was required for DOS/Windows. And while the layered architecture of TCP/IP lent itself, fairly well, to security retrofits, those were hardly concerns at the outset.
When I worked with medical devices, before DICOM and the like, I had to reverse engineer the file system and file structure for the data stored in CT and MRI scanners so that we could study the data for research purposes. It was remarkably easy.
The bigger concern, IMHO, especially with devices which can be accessed with wireless technology, is the possibility of accidental manipulation of the operation of these devices. From a practical perspective, you can't count on someone having an insulin pump or pacemaker so it seems a poor thing to rely on for acts of terror (until and unless we all become part machine someday). But I wouldn't want someone playing with their Wii to suddenly send me into fibrillation while they were swatting at Super Mario.