Hacking humans

A security expert Barnaby Jack recently showed  (in a talk aptly called Hacking Humans) that pacemakers can be hacked and instructed to send a 380-volt jolt (link). At another time he managed to hack an insulin pump and control the amount of released insulin (link). In this way, it’s theoretically possible to kill, terrorize or blackmail people and even viruses can spread in such devices.

I don’t say it’s time to panic and come to hate modern medicine, but it’s not bad to stop and think a while. Where are devices with wireless connection? What systems are accessible from internet? What is their security and quality in general? Did anybody evaluated potential risks and consequences of a possible misuse?

It may be good to have your medical condition remotely monitored or yours car breakdown remotely diagnosed, but nothing is free. It would be surely a mistake to give up something useful just because of a theoretical risk – we will never completely get rid of risks. Unfortunately it’s difficult to evaluate the level of security of some device and therefore it’s difficult to correctly compare risks with benefits.

As Barnaby Jack showed, security of medical devices is quite underestimated, although the consequence can be easily fatal. I believe that primary functions of such devices are tested thoroughly, but security is clearly not a priority.

It’s easy to underestimate risks or simply overlook them. And that’s true not only for software we use, directly or indirectly, but also for the one we develop by ourselves. Fortunately, what is at stake are usually not human lives, but even money, intellectual property or personal data have their value too.