Join 3,512 readers in helping fund MetaFilter (Hide)


Look Out—He’s Got a Phone!
December 20, 2012 11:39 AM   Subscribe

Security experts agree that it’s only a matter of time before smartphones become the smart person’s murder weapon of choice.
posted by stoneweaver (56 comments total) 17 users marked this as a favorite

 
______(pl. n)_________ agree that it's only a matter of time before _______(pl. n)_________ become the ____(a)_______ ______(n)________'s ______(n)______ of choice.
posted by carsonb at 11:44 AM on December 20, 2012 [19 favorites]


a method that one can imagine providing a sensational plot twist in an episode of Homeland...Jack’s work concerned pacemakers and implantable cardioverter-defibrillators

Yeah, I guess I can imagine Homeland using that.
posted by Drinky Die at 11:46 AM on December 20, 2012 [2 favorites]


Well, the article has lots of research not just quotes from people speculating. It's quite interesting, which is why I posted it.
posted by stoneweaver at 11:49 AM on December 20, 2012 [2 favorites]


He had a point: a few years ago, anonymous vandals inserted flashing animated images into an Epilepsy Foundation online forum, triggering migraines and seizure-like reactions in some unfortunate people who came across them.

I'm a horrible person. I laughed at this. Just a little.
posted by Etrigan at 11:53 AM on December 20, 2012 [7 favorites]


Well, really bits everything being on a network. You know, like terrible 90s movies about hackers. Only now phones are on a network too.
posted by Artw at 11:55 AM on December 20, 2012


Thanks for posting, stoneweaver. Snark and dismissals aside, it's an interesting problem which I'm not sure is even solvable.

In an elegant world, there would be a universal set of tools for any device with an embedded computer that spoke to the outside world that provided security. I suspect such code would need to the foundation of any and all applications, not an add-on, like such stuff often is today.

Also, 100,000,000 lines of code sounds like sloppy programming, not needed complexity, but please don't look at my own source, I'm probably as guilty as the next guy.
posted by maxwelton at 11:57 AM on December 20, 2012 [1 favorite]


If you really want to be all OH NOES PHONES! then not-so-smart phones, particularly Nokia bricks, are the trigger of choice for improvised explosives these days, both timed and remote detonated. No KILLER INTERWEBZ required.
posted by Artw at 11:58 AM on December 20, 2012


Medical informatics 101, day 1 itinerary:

9:00 AM: Roll call
9:03 AM: Definition of terms
9:12 AM: Theoretical discussion of implications of patient privacy
9:34 AM: NEVER EXPOSE MEDICAL DEVICES TO THE INTERNET, YOU FESTERING PILES OF WHALE EXCREMENT, I WON'T EVEN BUY THAT GARAGE DOOR OPENER THAT ADVERTISES AN IPHONE APP, WHAT IN THE HELL EVER MADE YOU THINK THIS WAS A GOOD IDEA
9:37 AM: Donuts and coffee
posted by Mayor West at 11:58 AM on December 20, 2012 [60 favorites]


Thanks, this is scary and interesting. It's one thing knowing that your car's computer can be hacked remotely. It's another thing to know that anyone who wants to can remotely connect to and control your pacemaker or insulin pump.

Here's to hoping that the medical device makers start taking security at least somewhat seriously.
posted by alms at 11:59 AM on December 20, 2012 [2 favorites]


If it works with those Brookstone toy helicopters then sure, why not control a drone with your smartphone?
posted by ceribus peribus at 11:59 AM on December 20, 2012


You're not killing anyone with that first generation iPhone in the stock photo. Can't even install a to-do app.
posted by stltony at 12:00 PM on December 20, 2012 [2 favorites]


Instructed by the counterfeit signal, the I.C.D. suddenly spat out 830 volts—an instantly lethal zap.

So really this is about someone's disregard for the textbook example of death-by-computer.
posted by Nonsteroidal Anti-Inflammatory Drug at 12:00 PM on December 20, 2012 [8 favorites]


The article raises valid and scary points about new and upcoming security threats in just about everything we own, but it has little to do with smart phones.
posted by callmejay at 12:03 PM on December 20, 2012 [1 favorite]


You think more people will be saved by medical devices that can be adjusted remotely at a moment's notice, much faster than some can be rushed to a doctor, or murdered via pacemakers in high-tech sci-fi movie plots?

There's a big difference between this being possible and popular, and it's a bit disingenuous to compare it to website vandalism, which plenty of teenage kids do because they think its funny, and murder, which has a lot smaller audience for laughs. Will political leaders be assassinated via pacemaker viruses? Maybe. Will people be killed like this in the street because crackheads want their phones? Probably not so much.
posted by tylerkaraszewski at 12:05 PM on December 20, 2012 [1 favorite]


Yeah, I know a couple Type 1 diabetes people that hate this researcher guy and have argued with him to death. Apparently his "deploy enough insulin to kill someone via phone" demo last year was rigged to the point of being nearly if not totally impossible to do (according to friends) and has since changed/halted the approval of new devices for diabetes monitoring, stuff they were patiently waiting to come out (they both use a 10+ year old device that exports only to a Palm Pilot!). So this article might be more about making mountains out of molehills.
posted by mathowie at 12:07 PM on December 20, 2012 [10 favorites]


You could beat someone to death with the new iPhone, perhaps without even damaging that glorious bezel.
posted by Burhanistan at 12:09 PM on December 20, 2012


Nah, the 5 doesn't have the mass - its like a feather.
posted by Artw at 12:10 PM on December 20, 2012 [1 favorite]


I had an ICD fitted back in August. I received what's called an 'inappropriate' shock from it a month later. ('Inappropriate' doesn't really cover the experience of several hundred volts up your jacksie while you're wide awake, by the way). I did some research and found this very interesting talk by Karen Sandler of the GNOME foundation about software standards and auditability in the ICD industry, or the lack thereof. That was disturbing enough, until my sweet natured Homeland-watching nephew innocently enquired whether I knew the serial number for my device. I'm watching that boy very closely.
posted by punilux at 12:11 PM on December 20, 2012 [16 favorites]


Instructed by the counterfeit signal, the I.C.D. suddenly spat out 830 volts—an instantly lethal zap.

So really this is about someone's disregard for the textbook example of death-by-computer.


The official articles and papers published about the Therac-25 were required reading for the introductory programming class at Berkeley for a CS degree. They should be required reading for anyone even contemplating a job programming anything that interacts with the physical world. Period.
posted by spitefulcrow at 12:11 PM on December 20, 2012 [5 favorites]


Go for the temples and collarbones!
posted by Burhanistan at 12:11 PM on December 20, 2012 [1 favorite]


Again, I feel the Nokia 3310 is going to be your KILLER PHONE of choice if you're just going to put it in a sock and beat someone with it.
posted by Artw at 12:14 PM on December 20, 2012


Funny how this comes after this thread from yesterday. Life, meet art.
posted by redyaky at 12:17 PM on December 20, 2012 [1 favorite]


Ace Levy: Sir, I don't understand. Who needs a phone in a nuke fight anyway? All you gotta do is push a button, sir.
Career Sergeant Zim: Cease fire. Put your hand on that wall trooper. PUT YOUR HAND ON THAT WALL!
[Zim throws a Nokia 3310 and hits Ace's hand, smashing all the bones]
Career Sergeant Zim: The enemy can not push a button... if you disable his hand. Medic!
posted by Artw at 12:18 PM on December 20, 2012 [2 favorites]


I wear an insulin pump that communicates wirelessly with my testing meter. It uses that information to calculate a bolus of insulin to give myself. Actually administering the insulin requires a few button pushes on my end.

The amount of insulin the pump recommends is determined by a rate that is also programmed into the pump. Remotely changing that rate, and automating my physical steps, would surely seem within the realm of possibility.

Scary stuff.
posted by Benny Andajetz at 12:19 PM on December 20, 2012


NEVER EXPOSE MEDICAL DEVICES TO THE INTERNET, YOU FESTERING PILES OF WHALE EXCREMENT...

But, how will the off-shored med techs in Mumbai be able to run the mri machine I'm sitting in, in Muncie?
posted by Thorzdad at 12:19 PM on December 20, 2012 [1 favorite]


My dad has a ICD. I just witnessed last week what I thought was full blown cardiac arrest. He went into agonal breathing patterns (found out it was severe orthostatic hypotension brought on by his meds).

Messing with people's implanted medical devices for fun, hacking, curiosity, or intentional harm is disgusting. I was beyond horrified by what I witnessed with his episode and hope I never see it again.

But the author is right. Next level of hacking. Think if the President had a ICD. First line priority for hackers.
posted by stormpooper at 12:24 PM on December 20, 2012


So something that I still don't understand, and as a programmer I'm a little embarrassed to ask this, but are there any general principles to finding this kind of exploit? I mean, I can understand what goes into, say, reverse engineering an undocumented protocol, but is the rest of it just trial and error plugging at every input field/modality you can until you find the one that lets you cause a buffer overflow or inject malicious code? It just always seems to me like every new thing Sally Hacker butts her head against is essentially going to offer her a completely novel set of challenges.
posted by invitapriore at 12:28 PM on December 20, 2012


So first I have to induce a doctor to put a defibrilator in? What a method for killing.
posted by Ironmouth at 12:32 PM on December 20, 2012


Didn't Law and Order use this premise a couple of times? One with something about a hacked diabetes monitor, and another one about maliciously targeting patients at a hospital that used a computerized dispensary?
posted by ceribus peribus at 12:32 PM on December 20, 2012 [1 favorite]


If you really want to be all OH NOES PHONES! then not-so-smart phones, particularly Nokia bricks, are the trigger of choice for improvised explosives these days, both timed and remote detonated. No KILLER INTERWEBZ required.

That's because a Nokia will survive the explosion and you can reuse it.
posted by jason_steakums at 12:36 PM on December 20, 2012 [4 favorites]


That's because a Nokia will survive the explosion and you can reuse it.

It's the cockroach of phones.
posted by Sparx at 1:45 PM on December 20, 2012 [1 favorite]


Dick Cheney before he dicks you.
posted by slogger at 1:51 PM on December 20, 2012


damn right, spitefulcrow. formal methods is a thing for a reason. see also: ariane, mars climate...

I work with some mobile devs - and I gotta tell ya - it's the fucking wild west. those guys have the least rigor of any software field I know. total shoot-from-the-hip-then-deliver-we'll-fix-it-later. (if you are the rare skilled software engineer in mobile, this obviously isn't pointed at you. but you ARE an outlier.)
posted by j_curiouser at 2:00 PM on December 20, 2012 [2 favorites]


So something that I still don't understand, and as a programmer I'm a little embarrassed to ask this, but are there any general principles to finding this kind of exploit? I mean, I can understand what goes into, say, reverse engineering an undocumented protocol, but is the rest of it just trial and error plugging at every input field/modality you can until you find the one that lets you cause a buffer overflow or inject malicious code? It just always seems to me like every new thing Sally Hacker butts her head against is essentially going to offer her a completely novel set of challenges.

Often they'll use custom written fuzzers which will generate data which is almost what the device expects but deviates in some way. In other cases, the protocol is completely unauthenticated and you can just modify the data to convince the device to do something perverse.
posted by atrazine at 2:09 PM on December 20, 2012


It's the cockroach of phones.

While this makes sense in terms of its resilience, the venerable Nokia shouldn't be referred to as vermin. Save that for the Motorola Razr.
posted by Burhanistan at 2:23 PM on December 20, 2012 [1 favorite]


software standards and auditability in the ICD industry, or the lack thereof

As far as I can tell, this lack of standards or even minimal ethics is uniform across all aspects of the health-care industry. I was just reading on The Daily WTF about the music headsets that are made for MRI machines, which cost thousands of dollars, and thousands of dollars more to repair or replace, the big technical-looking power supply for one of which was just a box with four different cheap-o power supplies hot-glued inside, which the company offered to repair for fifteen hundred bucks.

My own limited experience is with CPAP machines and the companies that sell them. When I saw my doc with a possible sleep disorder, he barely glanced at me before he pulled out a stack of brochures and started running down the prices (starting at $1500) but explaining that "insurance will pay for all of it". I got the powerful impression that he owned stock in the company. Then he sent me to their offices to get tested, where the testing equipment and the actual CPAP machines themselves were just the most godawful pieces of poorly-assembled crap you could imagine, with parts that didn't fit properly and gimcrack straps holding things together, especially for that price. I knew I was in trouble when the demonstrator kept referring to the nine-pin D-shell serial connector as "the USB hub".

I lost weight instead, and the problem went away, so there was no insurance billing.

I think America's system of insurance practically guarantees rip-offs like this. Obviously ICDs and insulin pumps are more serious business, but it sounds like the standards are just as low. Make a killing with substandard junk, insurance pays, users never see the cost (except that we have by far the most expensive health care in the world).
posted by Fnarf at 2:26 PM on December 20, 2012 [6 favorites]


As far as I can tell, this lack of standards or even minimal ethics is uniform across all aspects of the health-care industry ... the most godawful pieces of poorly-assembled crap you could imagine, with parts that didn't fit properly and gimcrack straps holding things together...
For a time I developed firmware and software as a sub-contractor for large and well-known medical equipment manufacturer. I wish I could say there was something about that experience that contradicted your impressions. But I cannot.
posted by Western Infidels at 3:01 PM on December 20, 2012 [3 favorites]


There is of course one general solution; make certain human-critical devices physically incapable of operating outside their design parameters (c.f "hardware lock" on previous versions of the Therac-25). This of course negates the promise of the digital revolution, which is to drive manufacturing costs down by creating multi-function devices controlled by software or firmware. That's too bad.

It's ok if my TV remote can be reprogrammed to operate the garage door. It would not be okay if my life depended on it.
posted by Xoebe at 3:24 PM on December 20, 2012


I'm trying to figure out WHY an implanted device is even capable of delivering, say, a lethal shock.
posted by maxwelton at 3:51 PM on December 20, 2012


Fortunately those Google computer-driven cars will be completely hack-proof.
posted by straight at 4:00 PM on December 20, 2012


As far as I can tell, this lack of standards or even minimal ethics is uniform across all aspects of the health-care industry ... the most godawful pieces of poorly-assembled crap you could imagine, with parts that didn't fit properly and gimcrack straps holding things together...
For a time I developed firmware and software as a sub-contractor for large and well-known medical equipment manufacturer. I wish I could say there was something about that experience that contradicted your impressions. But I cannot.


Years ago, I knew someone who worked at Guidant, in a support role to their pacemaker or implantable defibrillator development group. After the stories I heard, I never want to have one of those things within 10 feet of me or anyone I care about. The stuff about how they tried to manage the FDA was the creepiest.
posted by cosmic.osmo at 4:56 PM on December 20, 2012 [2 favorites]


Here's to hoping that the medical device makers start taking security at least somewhat seriously.

Not until people start dying and they get hit with lawsuits, I imagine. They're certainly not going to invest any money they aren't forced to.
posted by fifteen schnitzengruben is my limit at 5:03 PM on December 20, 2012


I'm waiting for the hack that over loads some component of the phone and causes the device's to explode in a small fireball.
posted by humanfont at 5:48 PM on December 20, 2012


I'm trying to figure out WHY an implanted device is even capable of delivering, say, a lethal shock.

It doesn't sound unreasonable that a fibrillating heart requires a jolt stronger than a normally-beating heart could withstand. Or that different people have different tolerances for the shock, and the device must be capable of working on the least-sensitive patient.
posted by phliar at 6:20 PM on December 20, 2012


Back in the day there were stories that a computer virus could conceivably cause your CRT to explode by driving it at a particular frequency. I've never seen it happen (I've tried).
posted by deo rei at 6:44 PM on December 20, 2012


are there any general principles to finding this kind of exploit? I mean, I can understand what goes into, say, reverse engineering an undocumented protocol, but is the rest of it just trial and error plugging at every input field/modality you can until you find the one that lets you cause a buffer overflow or inject malicious code?

Yes. In addition to j_curiouser's comment about formal methods, program analysis is a thing. And has been for a while, like, since back when computer science was a sub-field of math. Back when I was an undergrad and merely minoring in computer science, we had to read Peter G. Neumann's Computer-Related Risks for one of the (required) classes; not required but strongly encouraged by some of our faculty (eg. read at weekly group meeting) was a book on statistical methods in AI. Nowadays probabilistic methods crop up all over the place in algorithms, so a quick google search isn't bringing up the book I'm looking for, but it focused on the idea that programs were getting sufficiently complex that static program verification was no longer possible, and introduced some ideas from statistics to use to analyze how programs work, to help find bugs and vulnerabilities, as well as to benchmark how well programs work. I don't know the details, but there are standards for designing sample data sets/inputs to test programs with when doing this sort of dynamic program verification.

(Grumble grumble standards of computer science degrees these days. See also: lawns, and the getting off thereof....)
posted by eviemath at 7:10 PM on December 20, 2012 [3 favorites]


cause your CRT to explode by driving it at a particular frequency

Engineering school was a trip!

Whenever the technology developed way back when is marketed, this idea of driving the frequency/finding-the-carrier-material's-resonant-frequency could quite feasibly blow people's heads up. I think. Maybe. Whoah. Or at the very least, as the developers mention in the link:

"We realize that having unwanted sound information arriving directly into the user's brain would resemble technological schizophrenia, therefore maximum control is essential."
posted by riverlife at 9:59 PM on December 20, 2012


eviemath, I'm familiar with both formal verification and (what reads to me from your description as) integration and unit testing, but those imply access to source code, which is a big assumption to make.

I also dispute the implication that CS degrees have universally suffered a loss in rigor, but that's an argument for a different day.
posted by invitapriore at 10:34 PM on December 20, 2012


Ah, lack of access to source code was not the situation I was thinking of; but the statistical testing methods would work in that situation as well. Really wish I could find a link to that book... aha! Empirical Methods for Artificial Intelligence. It's just a start; I'd expect/hope that there are more resources nowadays dealing with, for example, designing/randomly generating sample data/input to give a program to test its full range of possible behaviors. I seem to recall that friends doing machine learning type stuff have though about this issue of how to systematically test complex computer programs/systems, so I suspect there's a literature around it somewhere. But if not, that's the sort of thing that statisticians do research into. (I'm not a statistician, but I work with a few, and the sub-field of experimental design is maybe, possibly, the relevant one?)

Re: lack of universality - I am certainly willing to believe that. As well, my original comment may be entirely unfounded and based on confirmation bias and other totally subjective measures, in the first place.
posted by eviemath at 1:00 AM on December 21, 2012


from the article:
Just around the corner, according to tech analysts, are refrigerators that alert families when they’ve run out of milk
Hasn't this been the quintessential "just around the corner" white elephant for about 20 years now?
posted by We had a deal, Kyle at 1:51 AM on December 21, 2012 [4 favorites]


So first I have to induce a doctor to put a defibrilator in? What a method for killing.

If your target has any issues related to heart rate, this is not a major hurdle. I had two cardiologists telling me there was a pacemaker in my future, before my Web searching turned up a procedure that cured my fibrillation and turned their Coumadin cash cow out to pasture. Both of those respected physicians knew of the procedure. There are doctors who pay more attention to their bottom line than their patients' quality of life.
posted by Kirth Gerson at 4:57 AM on December 21, 2012


Well, the article has lots of research not just quotes from people speculating. It's quite interesting, which is why I posted it.
Sure, but killing someone with a computer requires that their life depends on wirelessly hackable implants. Certainly, most implants may be hackable today - but most people don't have them. So it wouldn't work very well now. And in the future, the software may be well designed. It is possible to write code that is mathematically proven secure. It's just not done now because the cost of the hack will probably be less than the cost of the effort
NEVER EXPOSE MEDICAL DEVICES TO THE INTERNET, YOU FESTERING PILES OF WHALE EXCREMENT, I WON'T EVEN BUY THAT GARAGE DOOR OPENER THAT ADVERTISES AN IPHONE APP, WHAT IN THE HELL EVER MADE YOU THINK THIS WAS A GOOD IDEA
They don't have to be on the internet, just wirelessly accessible. And if they're not wirelessly accessible, then you would need to perform surgery every time they're updated, unless you do something like have IO ports protruding from the body.
I think America's system of insurance practically guarantees rip-offs like this. Obviously ICDs and insulin pumps are more serious business, but it sounds like the standards are just as low. Make a killing with substandard junk, insurance pays, users never see the cost (except that we have by far the most expensive health care in the world).
Just an example of how the US healthcare system's incentive structures are completely screwed up. There's no incentive for individuals, either doctors or patients to save money - indeed, most people will want "the best" healthcare they can get.
You would think insurance companies would want to keep prices down, and it would be good for them in the short term, but in the long term higher costs mean higher premiums, which means larger nominal dollar profits at the same profit margins, and ultimately a larger portion of GDP passing through their fingers as middle men.
There is of course one general solution; make certain human-critical devices physically incapable of operating outside their design parameters (c.f "hardware lock" on previous versions of the Therac-25).
That may not be possible. I'm not a doctor, but I would imagine that an insulin pump would have to be able to not pump insulin if blood sugar was too low. Simply telling the pump not to ever pump could be lethal. A pacemaker might need to be able to deliver large voltages to restart a stopped heart that might be able to kill a running heart.
Hasn't this been the quintessential "just around the corner" white elephant for about 20 years now?
At this point, we'll probably get flying cars first.
posted by delmoi at 6:16 AM on December 21, 2012


Sure, but killing someone with a computer requires that their life depends on wirelessly hackable implants.

Unless you were to, say, read the article and note that it also talks extensively about how the new tire sensors allow you to bring a car to a halt from 30 feet away. Killing someone requires that they be driving a newer car at highway speeds. Rather not limited to medical devices.
posted by stoneweaver at 6:52 AM on December 21, 2012


Clearly it's not true or someone in China would have turned off Dick Cheney.
posted by Mcable at 12:19 PM on December 21, 2012




He had a point: a few years ago, anonymous vandals inserted flashing animated images into an Epilepsy Foundation online forum, triggering migraines and seizure-like reactions in some unfortunate people who came across them.

I'm a horrible person. I laughed at this. Just a little.


I'm glad my medical condition is amusing to you, Etrigan.
posted by HypotheticalWoman at 12:41 PM on December 21, 2012 [1 favorite]


Well, I'm not glad. Hence my saying I'm a horrible person. I wasn't taking credit for it.
posted by Etrigan at 1:43 PM on December 21, 2012


« Older The Ghosts of Christmas...  |  They were local bodybuilders w... Newer »


This thread has been archived and is closed to new comments