Tuesday, May 26, 2020

Murder by hackable implants no longer a perfect crime

Must read

Was the Nemtsov asassination an act of Islamic terrorism?

One of the six men authorities believe were involved in the assassination of Russian opposition leader Boris Nemtsov was cornered by police at his...

Murder by hackable implants no longer a perfect crime

Medical implants such as pacemakers can be tampered with to kill – without leaving a trace. But the race is on to find ways...

Colorado Theater Attack Lawyers Argue Fingerprints

Crime analysts testified Monday about how they matched fingerprint evidence in the Colorado theater shooting investigation but provided little new information about the 2012...

The Work of a Crime Scene Photographer

The popularity of TV shows like Dexter and CSI has made forensic science cool; Not only do shows like Law and Order and the CSI...
Michael Whyte
Crime Scene Officer and Fingerprint Expert with over 7 years experience in Crime Scene Investigation and Latent Print Analysis. The opinions or assertions contained on this site are the private views of the author and are not to be construed as those of any professional organisation or policing body.
- Forensic Podcast -

Medical implants such as pacemakers can be tampered with to kill – without leaving a trace. But the race is on to find ways to spot the crime

IT’S the perfect murder: hack someone’s pacemaker wirelessly just long enough to stop it working. Once the deed is done, the killer radio signals are long gone and any suspicions over the cause of death are exceptionally hard to prove.

It sounds like the stuff of Hollywood – and was even used to kill off a fictional vice-president in the TV drama Homeland. But wireless hacking of cardiac implants is a genuine concern. Just last month, it was revealed that the US Department of Homeland Security (DHS) is investigating more than 20 medical devices – including implants – for security flaws that could be exploited to do harm.

Now a team of forensic medicine specialists, working with their colleagues in digital security, are working on software that would prove a lethal implant hack has been carried out. The warning from the DHS applies to a range of devices, such as implanted cardiac pacemakers and defibrillators, bedside intravenous fluid and anaesthesia pumps, medical imaging systems and hospital networks.

It comes on top of an alert from the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in June 2013 in which 300 medical devices made by 40 firms were found to have unchangeable passwords that, once guessed, could allow someone to alter critical settings. ICS-CERT is now working with the devices’ manufacturers and the US Food And Drug Administration, which certifies them, to patch the gadgets.

Even though a real US vice-president, Dick Cheney, had wireless reprogramming disabled in his implanted defibrillator as an anti-hacking precaution in 2007, it is not known if anyone has ever been injured or killed due to an implant hack.

To find out, cryptographer Noureddine Boudriga at the University of Carthage in Tunisia and forensic medic Mohamed Allouche at the University of Tunis El Manar are developing software that can tell a pathologist conducting a post-mortem if a cardiac implant has been interfered with prior to death. If it is flagged as suspicious, then an investigation could begin, when previously the attack would have gone unnoticed.

To create the software, the team first asked a pathologist to draw up the sequence of medical events that could lead to the death of a person with an implanted defibrillator, a device that shocks a chaotically beating heart back to normal rhythm. They then worked out all the potential lethal scenarios it is possible for the device to perform and added those in, too. These included sending a series of short shocks to the defibrillator to accelerate a patient’s heartbeat and cause a fatal arrhythmia, or changing the threshold at which it kicks in so the device doesn’t operate and save a life when called upon. All of these events leave digital traces in the logs stored on the defibrillator.

Then, in a post mortem, the software will automatically look at the logs to see if the device carried out a series of actions that suggest a lethal attack. If so, the death is deemed suspect. The software can be customised for use on any medical device (arxiv.org/abs/1410.4303). In addition, the team also propose a new class of implants in which data logs are protected, to prevent an attacker hiding their actions. “That would be proof against everything but a malicious pathologist,” says Boudriga, who now hopes to interest forensics equipment makers in the technology.

Kevin Fu, director of the Ann Arbor Research Center for Medical Device Security at the University of Michigan, sees merit in looking for signs of implant hacking. “Medical device forensics is an important and necessary area,” he says. Sujeet Shenoi, a computer security engineer at the University of Tulsa in Oklahoma, who trains US government agencies in digital security measures, says hacking implants is now on the US government’s radar. “The problem is that there has to be a way to access these very small, simple devices to reconfigure them, change their settings and patch the software – and that means there are any number of ways to compromise them and their firmware.” “The medical device manufacturers are now working hard behind the scenes to stop this happening,” says Shenoi.

Source: New Scientist

- Advertisement -

More articles

- Advertisement -

Latest article

Using the NCIC Bayesian Network to improve your AFIS searches

This National Crime Information Centre (NCIC) Bayesian network is based on the statistical data of general patterns of fingerprints on the hands...

DNA decontamination of fingerprint brushes

Using fingerprint brushes across multiple crime scenes yields a high risk of DNA cross-contamination. Thankfully an Australian study has discovered a quick and easy way to safely decontaminate fingerprint brushes to prevent this contamination risk and allows the brushes to be safely reused even after multiple cleaning cycles.

Detection of latent fingerprint hidden beneath adhesive tape by optical coherence tomography

Adhesive tape is a common item which can be encountered in criminal cases involving rape, murder, kidnapping and explosives. It is often the case...

Presenting Fingerprint Comparisons in Court using Forensic Comparison Software

This video gives the fingerprint technician some ideas on how to present a Fingerprint Comparison result to the court that looks professional. To accomplish this...

New modified fingerprint chemical that fluoresces touch DNA on clothing

In sexual assault and burglary investigations, the recovery of DNA from items that have been handled by the suspect is very important....