uh! your pacemaker may be at risk

[icecream-guy]

why, why, why ?  do people do these things, technology isn't the end all - be all.  it's nice to have remote heart rate monitoring, but given that a hacker can hack your implant and change settings,  not worth it.   now it's off to the hospital for a patch install, which may or may not work.

http://www.zdnet.com/article/fda-forces-st-jude-pacemaker-recall-to-patch-security-vulnerabilities/

[NetworkGroover]

A whitehat who I can't remember the name showed companies why this was a bad idea yeaaaaaaars ago.  Not everything should have remote connectivity.  Unfortunately thanks to jerks, we can't have nice things.

[deanwebb]

I remember posting stuff about this yeaaaaaaaaaaaaaaars ago, as well. It's really frightening when you consider how systems interoperate and how they can produce compromises in each other. Put hackers aside and consider what happens when there's a bad patch release.

This is why medical devices get qualified once and then never, ever changed. As static devices without connections, this is usually zero problem or close to zero problem, so long as the manufacturer is observing proper safety, testing, and QC processes. (Note I made those qualifications...) But with software changes, we enter into some very dangerous ground. How do we know that *all* medical devices of a particular class will upgrade in the same way? We know, in fact, that they won't. So, how do we detect errors? How do we determine the difference between an upgrade issue and a wear and tear issue? And so on... software upgrades introduce a hellacious variable into these equations.