The "Just give me the numbers..." counter-argument isn't valid.
Right now, a hacker can kill a specific person, within 30 days, given the following assumptions:
- that person is wearing an insulin pump with the
remote control feature turned ON
- the serial number is 32-bits or less
- the attacker can test 5000 serial numbers per second
for at least 8 hours per day, every day
So, given those assumptions, here's a scary scenario: Let's say a hacker wants to kill you, and knows where you live. He builds a transmitter and plants it next to your house, for example behind your air conditioner. The device is configured to 1) detect when you're there, then 2) try to guess your serial number every second you're within range, then 3) kills you.
If the attacker then retrieves the device (so it doesn't fall into the hands of law enforcement), there would be absolutely no way to prove he killed you.
Obviously, this is an incredibly unlikely sequence of events. Nevertheless it IS possible, which is very irresponsible of the medical industry.
So, given those assumptions, here's a scary scenario: Let's say a hacker wants to kill you, and knows where you live.
Most premeditated murder is perpetrated by someone very familiar with the victims.
The device is configured to 1) detect when you're there, then 2) try to guess your serial number every second you're within range, then 3) kills you.
Better yet, just get the serial number.
If the attacker then retrieves the device (so it doesn't fall into the hands of law enforcement), there would be absolutely no way to prove he killed you.
Put yourselves in the shoes of the prosecutor. How are you going to explain all this to the jury? In how many ways will the defense be able to attack the delicate task of explaining the technical details?
Obviously, this is an incredibly unlikely sequence of events. Nevertheless it IS possible, which is very irresponsible of the medical industry.
The "alibi machine" aspect of this scenario actually makes it more likely.
I disagree. This doesn't give you the alibi, since you have to be there in the same room to drop it. With the wireless mechanism, you could never be in the same room as the victim that day. You might never be within 50 feet of the victim. You might not be spattered with blood, but you might leave physical evidence of your presence at the scene. Logs can be electronically erased, which you can't do with metabolites of poison in the bloodstream.
The police can also look for someone with a motive to kill you, and filter that by who might have the hacking expertise. Do a search of this guy's premises for such a transmitter or equipment to build it, and you have a prime suspect.
I've never encountered a community as poor at cost/benefits analysis as computer security. You see it every time when some new "irresponsible" loophole is gleefully broadcast by some smug cracker. There are far, FAR more economical and efficient ways of getting away with murder. I mean, several orders of magnitude easier.
Excuse me at being unrealistic, but I like to think that I should not be able to kill someone with a GNU Radio setup and a cheap laptop.
I am not actually afraid that people are going to start doing this, however such flaws and failures in security thinking are systemic. Bad security is not limited to insulin pumps, but insulin pumps are a great way of getting the publics attention and (hopefully) getting programmers to consider the impact their laziness could have on the world.
I like to think that I should not be able to kill someone with a GNU Radio setup and a cheap laptop.
If you want to kill someone, there are considerably cheaper options available at your local big-box store's home and garden center.
Seriously, though, I do agree with your concern for systemic problems in security thinking. Given the vastly more concentrated effort required, I don't think it's a problem that one could theoretically kill with GNU Radio and a laptop, versus any of the hundreds of tools more readily repurposed as a murder weapon, but such exploits are best addressed while they are unfeasable.
I've never encountered a community as poor at cost/benefits analysis as computer security.
As the potential cost of attempting murder involves the risk of getting caught, it's entirely reasonable to expect murderers to go to great lengths to conceal their actions, even if in involves highly technical means. If such highly technical means are actually inexpensive and widely available, then this raises the level of concern with regards to the cost/benefit analyses.
In short:
Cost factors "pro" murder through wireless control of medical equipment
- getting caught is very expensive, so obscure and
invisible methods are attractive.
- time and materials costs are low for a suitable expert
- the method enables an alibi
Right now, a hacker can kill a specific person, within 30 days, given the following assumptions:
So, given those assumptions, here's a scary scenario: Let's say a hacker wants to kill you, and knows where you live. He builds a transmitter and plants it next to your house, for example behind your air conditioner. The device is configured to 1) detect when you're there, then 2) try to guess your serial number every second you're within range, then 3) kills you.If the attacker then retrieves the device (so it doesn't fall into the hands of law enforcement), there would be absolutely no way to prove he killed you.
Obviously, this is an incredibly unlikely sequence of events. Nevertheless it IS possible, which is very irresponsible of the medical industry.