March 12, 2008

A Heartless Crime

STEALING THE SOCIAL SECURITY NUMBERAlice is talking to Bob using their cell phones. It is very very tough to 'listen' to what they are saying by simply tuning to the same frequency. It is because, the conversation is 'encrypted'. You have to 'decode' this if you want to eavesdrop on them.

In humans with cardiac implants, particularly automated implantable cardioverter defibrillators (ICD) are vulnerable in this regard that these machines can be intercepted. ICDs are devices that diagnose and treat arrhythmia by giving a 'shock'. Some ICDs send signals to doctors on once-a-day (or so) basis, via a bedside device. The doctor then may/may not 're-program' the ICD remotely, depending on the report the ICD sends. However, the data protocol is unencrypted, and could be easily read and manipulated by 'hackers'.

They may steal the patient's name, medical ID number, date of birth, even the social security number. The hackers may 'reset/change' the above or worst, they could even disable the device.

When a mobile phone sends signals to a tower (cell), it encrypts the data, the receiving tower acknowledges it and they both share a common dialect. Thus snooping on them is quite tough. Compare this with the data flow in land phones. You can very easily listen ('tapping') the data/conversation that flows. Just use a simple electronic circuit, consisting of an inductor, resistor and a transistor (NOT even a power supply); you can hear the sounds of both the parties in an FM radio. You may even record it if you want. Spying on unencrypted wireless handsets is also very easy. Just tune to the same frequency, the rest is easy cake!

Hence it may be time that these devices be made a little bit tougher by using 128 bit or better still, 256 bit encryption. Taking off this 'headache' off the shoulder from the heart patients may better their lifestyle (by cutting down sympathetic discharges).

I found this article that researchers at University of Massachusetts at Amherst has developed a countermeasure to this menace. There will be an alert when someone attempts to interact with their device.

Last modified: Aug 21, 2008
Reference: hyper-links, unless specifically mentioned

No comments: