DefCon highlights weaknesses in life-saving tech.
Hackers and “killing spree” aren’t usually used in the same sentence, but that correlation is exactly what biomedical researchers and cybersecurity experts came together to discuss at the recent DefCon event. It’s no secret that IoT and connected medical implants have had more than their fair share of security flaws, and that’s something the industry is finally ready to take seriously.
One of the chief issues in the medical security space is the hush-hush proprietary nature of the research. Extreme competition, largely driven by companies’ profit margins, has meant no one wants to have serious discussions about all the ways their very expensive decades of research could go wrong, which is where DefCon proved very useful. It gave the medical community and the cybersecurity community an opportunity to come together to investigate just how serious an issue this is.
Wide open to hackers
The irony is this: the function of Wi-Fi-connected biomedical implants like insulin pumps, glucose meters, and pacemakers is actually to give doctors better information about their patients, whether it’s over time or at the touch of a button. It was actually supposed to improve patient care and wellness outcomes, but instead left the door wide open to a hacker who can flood the patient’s body with insulin, stop the pacemaker (and therefore, the heart), or even just provide false information to a doctor who then acts on that data.
Ticking time bombs
While hackers infiltrating a Silicon Valley CEO’s pacemaker is certainly great material for a Hollywood blockbuster (probably starring Tom Cruise), the reality is far more bleak. Researchers are more concerned about the potential for ransomware, as in, hackers alerting a major hospital network that hundreds of their patients are now ticking time bombs thanks to a takeover of their biomed devices. Failure to pay up will result in the immediate death of anyone with a vulnerable implant.
Innovation and security
Of course, conferences like DefCon only served to illustrate a timeless problem whenever innovation and profits intersect: the manufacturers don’t want to disclose or discuss for fear of lawsuits, lost revenue, and stock devaluation, even while the researchers are shoving clear evidence in front of them. Perhaps the ongoing conversation will move both innovation and security along hand-in-hand.