Hacking the Heart of the Matter

by

The issue of hacking in today’s society has gotten as serious as a heart attack – literally!

In what seems like something that should be relegated to a bad action movie or the sinister deeds of some cartoon villain, researchers have demonstrated that hackers have the capability to send radio signals that could reprogram implantable medical devices, such as pacemakers or insulin pumps. Fortunately, there have been no actual cases of fiends roaming the streets striking dead people dependent upon pacemakers, but the mere fact that it is a possibility is frightening.

I honestly do not think that in his worst nightmare, Wilson Greatbach, the inventor of the implantable pacemaker, who passed away September 28 at the ripe old age of 92, could have envisioned someone using an external signal to disrupt the heart-regulating device or drain its battery causing the person’s heart to stop beating. However, in the sad reality that is modern society, where hackers need no reason to ply their dastardly deeds beyond, “I’m bored, what can I mess with?” it almost stands to reason – no matter how morbid that reasoning may be – that, when developing current generations of pacemakers, scientists need to consider how they can be hacked.

Don’t Go Breaking (Into) My Heart

If it can be done in a lab it can be done in real life, so while the above scenario sounds frightening there is hope. Researchers at MIT and the University of Massachusetts are currently developing external radio-frequency jamming equipment that today's pacemaker users can wear to protect themselves. Scientists are also working on embedding such equipment into future generations of pacemakers.

This brings up a good question, though – what else remains from previous generations in these medical devices that may be vulnerable to modern technology?

Improving on technology usually means not having to recreate the wheel. With all of the technology that goes into one of these devices, they cannot possibly be “re-invented” every time a new version is built or an improvement added. This means that legacy software abounds in these devices and code that may or may not have been vulnerable to breach years or even decades ago may now represent a weak link in the device.

Straight from the Heart

As science continues to build upon these devices and add improvements, one hopes that they are focusing on not only what’s new, but also what is old in them. The problem that exists there, of course, is that there are so many lines of code that need to be assessed. Add to that code that is written in antiquated languages, lines of code that do not need to be included or no longer meet up with current standards and device manufacturers cannot depend upon manual assessments, which would be grossly inefficient at uncovering possible issues with code that regulates, controls and monitors these devices.

Much as it does identifying issues with enterprise applications – the life’s blood of today’s business – automating analysis of the software that runs the device would certainly be a more efficient tool in identifying issues with embedded legacy applications in medical devices and ensuring the structural quality of the software that runs them.

By using automated analysis and measurement to identify issues with code embedded in medical devices, companies can get to the heart of the matter and keep unauthorized hacking of implanted medical devices something found only in the lab or the silver screen.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom Writer, Blogger & PR Consultant
Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. In his free time, Jon enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|