[nycbug-talk] interesting read (old pacemaker thread)

Isaac (.ike) Levy ike at blackskyresearch.net
Thu Jun 27 10:53:13 EDT 2013


Hi All,

More news notes on a now 8 year old thread, 

>> On Sat, 21 May 2005 alex at pilosoft.com wrote:
>>>> Let's keep in mind that the trustworthiness of a life-critical
>>>> application has everything to do with how that program was written
> 
> http://lists.nycbug.org/pipermail/talk/2005-May/005497.html


The US FDA apparently publishing a vulnerability advisory regarding medical devices, (yes, the Food and Drug Administration),

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01

"Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. According to their report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware."


On Aug 31, 2011, at 1:49 PM, Mark Saad <mark.saad at ymail.com> wrote:
>>>> "Earlier this month, Jay Radcliffe, a computer security professional who is also diabetic, showed how an attacker could remotely control insulin pumps to deliver too much or too little insulin to the individual wearing the device."
>>>> 
>>>> http://www.wired.com/threatlevel/2011/08/medical-device-security/

> My wife who is a diabetic heard about this and first said "why would
> he do that , now nothing will get approved by the FDA" . However she
> was looking into how she could listen to her wireless glucose monitor
> to have a desktop application that would show here count on the
> computer she was working at.  My take on this is that the FDA should
> publish a RFC for wireless device communications and design a nice
> strict protocol for communications . The big issue I see here is each
> dumb pharma company wants to copyright their product to make the most
> money on their work. If they do a crap job no one will know they keep
> all of their work closed and private. With the network they use open
> and well designed and freely licensable  , big pharma can concentrate
> on the nuts and bolts , the the over all quality of the mechanical
> parts in the devices, and the software.


Best,
.ike






More information about the talk mailing list