import_that: XKCD guy flying with Python (Default)
2014-05-02 10:20 pm
Entry tags:

Software vulnerabilities in medical devices

Last September, there was a fascinating interview with Karen Sandler by Linux Format. Karen Sandler is the Executive Director of the Gnome Foundation, and she spoke about learning just how vulnerable the software controlling medical devices is, and her efforts to be permitted to audit her implanted heart defibrillator's software.

I was so freaked out about this. I kept trying to talk to doctors about it and they wouldn’t listen to me, or they just didn’t know how to handle the conversation with me. I had one electrophysiologist who I talked to who just hung up the phone on me.

You would probably freak out too if you learned that any script kiddie with an iPhone could take control of your pacemaker and deliver a fatal electric shock. But it wasn't until the late, brilliant, Barnaby Jack and University of Massachusetts associative professor Kevin Fu demonstrated how to take remote control over medical implants fitted with wi-fi that people started to take Karen's concerns seriously.

Wireless medical implants that will talk to any device that says hello. What could possibly go wrong?

Karen continues:

I realised that it’s not just my medical device; it’s not just our lives that are relying on this software: it’s our cars, and our voting machines, and our stock markets and now our phones in the way that we communicate with one another. We’re building all this infrastructure, and it’s putting so much trust in the hands of individual corporations, in software that we can’t review and we can’t control. Terrifying.


25% of all medical device recalls in the last few years have been due to software failure.

Karen's argument is that independent, public review of the source code is the best way to guarantee that bugs and security vulnerabilities are found and corrected as quickly as possible. It's not that open source software is necessarily bug-free, but that there is more opportunity for bugs to be found and fixed, and less opportunity for manufacturers to stick their head in the sand and deny there is a problem. Sunlight is the best disinfectant, and openness and transparency are essential for security. Keeping source code secret doesn't make it more secure. If secrecy were all it took, Windows would be free of viruses and malware. In fact, secrecy is often counter-productive:

I used to decry secret security systems as "security by obscurity." I now say it more strongly: "obscurity means insecurity." — Bruce Schneier

When the television series "Homeland" first aired an episode involving a plot to commit assassination by remote-controlling a pacemaker, it was widely derided as being unrealistic. That was until former American Vice-President Dick Chaney publicly acknowledged that the risk of remote exploits was seriously considered when he was fitted for a pacemaker.

Unless we take treat the security of medical devices and other complex systems seriously, it is only a matter of time before somebody is murdered by remote control. In fact, it may even have already happened. No less than former "security czar" Richard Clarke has warned that the death of investigative journalist Michael Hastings mere hours after he wrote to friends that he was going "off the radar" was completely consistent with a remote attack on his car.