Week 2 - Hacking Wireless Implantable Medical Devices

Implantable Medical devices (IMDs) are not only important in today’s technologically advanced medical world to help extend the human life, they are now a normal part of our life in general. IMDs consist of important medical devices like pacemakers, defibrillators, and even insulin pumps (Homeland Security News Wire, 2015). What would happen if IMDs were able to be hacked? What would be the toll on humans if these devices were vulnerable to attacks? Well, “Roughly 300,000 Americans receive IMDs a year, with 2.5 million people relying on them to treat a wide variety of illnesses and conditions like diabetes and Parkinson’s disease. A 2012 study by the Freedonia Group estimated that demand for IMDs will increase about 7.7 percent annually. The industry is expected to grow to $52 billion by 2015” (Homeland Security News Wire, 2015). These numbers sound alarming. The amount of people that could potentially be affected by these types of attacks makes me think we should be concerned.

Interestingly enough, “The Department of Homeland Security (DHS) has issued an alert, warning medical facilities that more than 300 different devices from forty separate manufacturers had vulnerabilities which could be exploited by a malicious hacker or group. This warning follows incidents in which computers have been targeted by computer viruses such as the Stuxnet, credit card cryptographic algorithms have been reversed engineered, smart phones have been infected with malware, and Iraqi insurgents hacked the video feed of U.S. Department of Defense (DOD) Predator drone aircraft” (Homeland Security News Wire, 2015). Obviously, there could be some real potential for attackers to exploit any vulnerabilities on these devices.

There is a serious issue at hand here. What could happen to the world if anyone could change your medications or dosage amounts whenever they wanted? How about the issue of hacking someone’s medical device to do fatal harm to them? “At a 2011 hacker conference, a known hacker who goes by the alias ‘Barnaby Jack’ demonstrated how he could compromise of an insulin pump at a distance of a 300 feet. He could alter the insulin amount remotely, which would result in death should someone have been implanted with the device. For the first time in the history of humanity, the human body has become subject to cyber-attacks. The more we implant tiny computers inside ourselves to monitor and improve our health, the more we create opportunities for others to hack into our bodies and subvert these machines for any number of criminal offenses, with homicide being the most obvious concern” (Homeland Security News Wire, 2015).

These are still early issues at this point in time but these are issues that must be understood. As technology increases, so too does the sophistication of crime. It is important that these issues be understood, studied, and resolved. We can’t just give up our new innovations in the medical world because of malicious attacks. As Information Security professionals, we must monitor, understand, and address all malicious issues that come up in everything we do. Information Security is an outstanding field. It is up to us to continue keeping our world secure. I look forward to reading more on these issues as they develop.

For more information on sources that I feel are credible in the Information Security world please see my list below. Typically governmental organizations (like the Department of Defense, FBI, and the NSA) usually have reliable information on threats, vulnerabilities, and security news. When it comes to conflicting sources of information, the best approach is to do your own research so that you can decide who has all the facts and who does not. This can be tricky but if you further investigate you should be able to accomplish this task.

Good sources:

Security Week http://www.securityweek.com/

Symantec http://www.symantec.com/security_response/

Information Week Dark Reading http://www.darkreading.com/

Homeland Security News Wire http://www.homelandsecuritynewswire.com/topics/cybersecurity

NSA https://www.nsa.gov/

DOD http://www.defense.gov/today/

FBI http://www.fbi.gov/

References

Homeland Security News Wire. (2015, March 19). Wireless Implantable Medical Devices Vulnerable to Hacking. Retrieved from Homeland Security News Wire: http://www.homelandsecuritynewswire.com/dr20150319-wireless-implantable-medical-devices-vulnerable-to-hacking

Can Apple Pay Be Hacked?

The new Apple Pay sounds very cool. It even has my attention because I like trying new technologies plus I have been trying out the new iPhone plus. However, my question is are there any potential security risks that the public should be aware of before taking the plunge and fully using Apple Pay for all their basic needs? “While Apple Pay has yet to be put to a real-world test, some security experts--despite generally praising Apple's move as a step in the right direction--have already identified some potential risks inherent in the system” (Thompson, 2014). This might be concerning to some people in the population. It definitely concerns me. Moreover, "If correctly implemented it could add security benefits, but there could also be some gaping security flaws” (Thompson, 2014).

Some important considerations for security with Apple Pay include using Tokenization instead of storing user financial data. The actual credit card number is not stored instead another account number is generated to each specific Apple device that is stored on an encrypted chip in the iPhone 6 and iPhone 6 Plus. (Thompson, 2014) This makes the Apple Pay option sound fairly secure. There are many considerations to consider but at this point it is too soon to determine if Apple Pay will have considerable weaknesses or not. I look forward to finding out more about this matter in the near future. I wouldn’t mind seeing what those vulnerabilities are, if they do end up existing.

References

Thompson, C. (2014, September 11). How hackers could still get around Apple Pay security . Retrieved from CNBC: http://www.cnbc.com/id/101992749#.