1 00:00:00,350 --> 00:00:03,999 ♪ preroll music ♪ 2 00:00:03,999 --> 00:00:10,940 Angel: The next talk will start now 3 00:00:10,940 --> 00:00:12,830 and will be 'Unpatchable - 4 00:00:12,830 --> 00:00:15,250 living with a vulnerable implanted device' 5 00:00:15,250 --> 00:00:18,240 by Dr. Marie Moe and Eireann Leverett. 6 00:00:18,240 --> 00:00:22,180 Give them a warm round of applause please. 7 00:00:22,180 --> 00:00:29,040 *applause* 8 00:00:33,300 --> 00:00:38,799 *heart monitor beep sounds start* 9 00:00:38,799 --> 00:00:40,489 So, we are here today 10 00:00:40,489 --> 00:00:41,760 to talk to you about a subject 11 00:00:41,760 --> 00:00:44,530 that is really close to my heart. 12 00:00:44,530 --> 00:00:46,350 I have a medical implant. 13 00:00:46,350 --> 00:00:48,969 A pacemaker, that is generating 14 00:00:48,969 --> 00:00:51,690 every single beat of my heart. 15 00:00:51,690 --> 00:00:56,079 But how can I trust my own heart, 16 00:00:56,079 --> 00:00:58,350 when it's being controlled by a machine, 17 00:00:58,350 --> 00:01:00,329 running a proprietary code, 18 00:01:00,329 --> 00:01:03,530 and there is no transparency? 19 00:01:03,530 --> 00:01:05,570 So I'm a patient, 20 00:01:05,570 --> 00:01:08,630 but I'm also a security researcher. 21 00:01:08,630 --> 00:01:10,860 I'm a hacker, because I like 22 00:01:10,860 --> 00:01:13,390 to figure out how things work. 23 00:01:13,390 --> 00:01:15,009 That's why I started a project 24 00:01:15,009 --> 00:01:16,340 on breaking my own heart, 25 00:01:16,340 --> 00:01:17,299 together with Eireann 26 00:01:17,299 --> 00:01:19,799 and a couple of friends. 27 00:01:19,799 --> 00:01:22,719 Because I really want to know 28 00:01:22,719 --> 00:01:24,270 what protocols are running 29 00:01:24,270 --> 00:01:27,259 in this machine inside my body. 30 00:01:27,259 --> 00:01:29,429 Is the crypto correctly implemented? 31 00:01:29,429 --> 00:01:32,979 Does it even have crypto? 32 00:01:34,939 --> 00:01:38,140 So I'm here to inspire you today. 33 00:01:38,140 --> 00:01:40,880 I want more people to hack to save lives. 34 00:01:40,880 --> 00:01:44,049 Because we are all becoming 35 00:01:44,049 --> 00:01:47,990 more and more dependent on machines. 36 00:01:47,990 --> 00:01:49,999 Maybe some of you in the audience 37 00:01:49,999 --> 00:01:51,929 also have medical implants, 38 00:01:51,929 --> 00:01:52,840 maybe you know someone 39 00:01:52,840 --> 00:01:57,839 that's also depending on medical implants 40 00:01:57,839 --> 00:02:00,119 Imagine that this is your heartbeat 41 00:02:00,119 --> 00:02:04,380 and it's being controlled by a device. 42 00:02:04,380 --> 00:02:06,350 A device, that might fail. 43 00:02:06,350 --> 00:02:09,680 Due to software bugs, 44 00:02:09,680 --> 00:02:11,820 due to hardware failures. 45 00:02:11,820 --> 00:02:14,490 *additional background sound: real heartbeat* 46 00:02:14,490 --> 00:02:17,690 Wouldn't you also like to know 47 00:02:17,690 --> 00:02:21,390 if it has security vulnerabilities? 48 00:02:21,390 --> 00:02:23,680 If it can be trusted? 49 00:02:26,950 --> 00:02:32,110 *sounds stop* *beeeeep* 50 00:02:32,110 --> 00:02:35,940 E: Something to think about, right? 51 00:02:35,940 --> 00:02:37,230 M: Yeah. 52 00:02:37,230 --> 00:02:40,140 E: Marie is an incredibly brave women. 53 00:02:40,140 --> 00:02:42,940 When she asked me to give this talk 54 00:02:42,940 --> 00:02:44,640 it made me nervous, right? 55 00:02:44,640 --> 00:02:46,760 It's such a personal story. 56 00:02:46,760 --> 00:02:48,860 Such a journey as well. 57 00:02:48,860 --> 00:02:49,880 And she's gonna talk to you 58 00:02:49,880 --> 00:02:51,460 about a lot of things, right? 59 00:02:51,460 --> 00:02:53,640 Not just hacking medical devices 60 00:02:53,640 --> 00:02:54,950 from a safety point of view 61 00:02:54,950 --> 00:02:57,510 but also some of the privacy concerns, 62 00:02:57,510 --> 00:02:59,050 some of the transparency concerns, 63 00:02:59,050 --> 00:03:01,280 some of the consent concerns. 64 00:03:01,280 --> 00:03:03,420 So, there's a lot to get trough 65 00:03:03,420 --> 00:03:05,140 in the next hour. 66 00:03:05,140 --> 00:03:07,200 But I think you're gonna enjoy it 67 00:03:07,200 --> 00:03:08,110 quite a lot. 68 00:03:08,110 --> 00:03:10,890 M: So, let me tell you 69 00:03:10,890 --> 00:03:13,110 the story about my heart. 70 00:03:13,110 --> 00:03:14,730 So, 4 years ago 71 00:03:14,730 --> 00:03:17,590 I got my medical implant. 72 00:03:17,590 --> 00:03:21,010 It was a kind of emergency situation 73 00:03:21,010 --> 00:03:22,950 because my heart was starting to beat 74 00:03:22,950 --> 00:03:24,200 really slow, 75 00:03:24,200 --> 00:03:26,110 so i needed to have the pacemaker. 76 00:03:26,110 --> 00:03:28,580 I had no choice. 77 00:03:28,580 --> 00:03:31,180 After I got the implant, 78 00:03:31,180 --> 00:03:32,690 since I was a security researcher, 79 00:03:32,690 --> 00:03:33,630 of course I started to 80 00:03:33,630 --> 00:03:36,520 look up information about how it worked. 81 00:03:36,520 --> 00:03:38,000 And I googled for information. 82 00:03:38,000 --> 00:03:40,440 I found a technical manual 83 00:03:40,440 --> 00:03:41,290 of my pacemaker 84 00:03:41,290 --> 00:03:43,750 and I started to read it. 85 00:03:43,750 --> 00:03:45,930 And i was quite surprised 86 00:03:45,930 --> 00:03:47,520 when I learned that 87 00:03:47,520 --> 00:03:51,580 my pacemaker has 2 wireless interfaces. 88 00:03:51,580 --> 00:03:54,870 There is one interface, that is really 89 00:03:54,870 --> 00:03:56,490 close field communication, 90 00:03:56,490 --> 00:03:58,730 near field communication 91 00:03:58,730 --> 00:04:01,180 that is being used when I'm at checkups 92 00:04:01,180 --> 00:04:03,150 at the hospital, 93 00:04:03,150 --> 00:04:05,550 where the technician, 94 00:04:05,550 --> 00:04:07,510 the pacemaker technician or doctor 95 00:04:07,510 --> 00:04:10,030 uses a programming device 96 00:04:10,030 --> 00:04:11,820 and places it 97 00:04:11,820 --> 00:04:14,410 really close to my pacemaker. 98 00:04:14,410 --> 00:04:16,620 And it's possible to use that 99 00:04:16,620 --> 00:04:19,608 communication to adjust the settings. 100 00:04:19,608 --> 00:04:21,560 But it also has another 101 00:04:21,560 --> 00:04:22,530 wireless interface, 102 00:04:22,530 --> 00:04:24,940 that I was not aware of, 103 00:04:24,940 --> 00:04:28,390 that I was not informed of as a patient. 104 00:04:28,390 --> 00:04:30,810 It has a possibility for remote monitoring 105 00:04:30,810 --> 00:04:31,970 or telemetry, 106 00:04:31,970 --> 00:04:35,880 where you can have an access point in your house 107 00:04:35,880 --> 00:04:37,010 that will communicate 108 00:04:37,010 --> 00:04:39,430 with the pacemaker 109 00:04:39,430 --> 00:04:41,940 at a couple of meters distance. 110 00:04:41,940 --> 00:04:44,320 And it can collect logs from the pacemaker 111 00:04:44,320 --> 00:04:46,160 and send them to a server 112 00:04:46,160 --> 00:04:47,880 at the vendor. 113 00:04:47,880 --> 00:04:48,870 And there is a web interface 114 00:04:48,870 --> 00:04:50,150 where the doctor can log in 115 00:04:50,150 --> 00:04:52,880 and retrieve my information. 116 00:04:52,880 --> 00:04:54,790 And I have no access the data 117 00:04:54,790 --> 00:04:56,260 that is being collected 118 00:04:56,260 --> 00:04:57,970 by my device. 119 00:04:57,970 --> 00:04:59,860 E: So imagine for a moment 120 00:04:59,860 --> 00:05:02,240 that you are buying a new phone 121 00:05:02,240 --> 00:05:03,600 or buying a new laptop. 122 00:05:03,600 --> 00:05:04,860 You would do your homework, right? 123 00:05:04,860 --> 00:05:07,000 You would understand what interfaces where there. 124 00:05:07,000 --> 00:05:09,830 But in Marie's case she's just 125 00:05:09,830 --> 00:05:12,040 given a device, and then later she gets 126 00:05:12,040 --> 00:05:13,950 to go and read the manual, right? 127 00:05:13,950 --> 00:05:16,790 So she's the epitome of a informed consumer 128 00:05:16,790 --> 00:05:17,850 in this space 129 00:05:17,850 --> 00:05:20,070 and we want a lot more informed consumers 130 00:05:20,070 --> 00:05:20,780 in this space, 131 00:05:20,780 --> 00:05:22,360 which is why we are giving this talk. 132 00:05:22,360 --> 00:05:23,830 Now, I don't know about you, 133 00:05:23,830 --> 00:05:25,750 but I'm used to hacking 134 00:05:25,750 --> 00:05:26,790 industrial systems. 135 00:05:26,790 --> 00:05:29,200 I haven't done as much medical research 136 00:05:29,200 --> 00:05:30,060 in the past. 137 00:05:30,060 --> 00:05:31,940 So, when I first started this project 138 00:05:31,940 --> 00:05:33,270 I knew literally nothing 139 00:05:33,270 --> 00:05:35,020 about Marie's heart. 140 00:05:35,020 --> 00:05:35,980 Or even my own. 141 00:05:35,980 --> 00:05:38,750 And she had to teach me how the heart works 142 00:05:38,750 --> 00:05:40,290 and how her pacemaker works. 143 00:05:40,290 --> 00:05:42,660 So, would you mind explaining 144 00:05:42,660 --> 00:05:44,550 some details to the audience that will be relevant 145 00:05:44,550 --> 00:05:45,930 through the rest of the presentation? 146 00:05:45,930 --> 00:05:48,290 M: Actually I think we're going to show you 147 00:05:48,290 --> 00:05:50,100 a video of how the heart works. 148 00:05:50,100 --> 00:05:53,250 So, it's a little bit of biology introduction here 149 00:05:53,250 --> 00:05:57,630 before we start with the technical details. 150 00:05:57,630 --> 00:06:01,070 So, this.. play the video. 151 00:06:01,070 --> 00:06:03,480 Video: A normal heart beat rate 152 00:06:03,480 --> 00:06:07,470 and rhythm is called 'Normal Sinus Rhythm'. 153 00:06:07,470 --> 00:06:09,010 The heart's pumping action 154 00:06:09,010 --> 00:06:11,240 is driven by electrical stimulation 155 00:06:11,240 --> 00:06:13,570 within the heart muscle. 156 00:06:13,570 --> 00:06:15,139 the heart's electrical system 157 00:06:15,139 --> 00:06:17,120 allows it to beat in an 158 00:06:17,120 --> 00:06:20,230 organized, synchronized pattern. 159 00:06:20,230 --> 00:06:21,360 Every normal heart beat 160 00:06:21,360 --> 00:06:23,400 has 4 steps. 161 00:06:23,400 --> 00:06:24,810 Step 1: 162 00:06:24,810 --> 00:06:27,150 As blood flows into the heart 163 00:06:27,150 --> 00:06:28,360 an electrical impulse 164 00:06:28,360 --> 00:06:31,240 from an upper area of the right atrium 165 00:06:31,240 --> 00:06:33,700 also known as the sinus node 166 00:06:33,700 --> 00:06:35,900 causes the atria to contract. 167 00:06:35,900 --> 00:06:38,139 When the atria contract 168 00:06:38,139 --> 00:06:39,460 they squeeze the blood 169 00:06:39,460 --> 00:06:41,930 into the ventricles. 170 00:06:41,930 --> 00:06:43,020 Step 3: 171 00:06:43,020 --> 00:06:45,020 There is a very short pause 172 00:06:45,020 --> 00:06:48,060 only about a fraction of a second. 173 00:06:48,060 --> 00:06:49,200 and Step 4: 174 00:06:49,200 --> 00:06:51,020 The ventricles contract 175 00:06:51,020 --> 00:06:55,590 pumping the blood to the body. 176 00:06:55,590 --> 00:06:56,860 A heart normally beats 177 00:06:56,860 --> 00:07:00,930 between 60-100 times/min. 178 00:07:00,930 --> 00:07:02,120 Electrical signals in your heart 179 00:07:02,120 --> 00:07:04,830 can become blocked or irregular, 180 00:07:04,830 --> 00:07:05,610 causing a disruption 181 00:07:05,610 --> 00:07:08,120 in your hearts normal rhythm. 182 00:07:08,120 --> 00:07:10,070 When the heart's rhythm is too fast, 183 00:07:10,070 --> 00:07:12,900 too slow or out of order, 184 00:07:12,900 --> 00:07:14,490 an arrhythmia, 185 00:07:14,490 --> 00:07:18,520 also called a rhythm disorder occurs. 186 00:07:18,520 --> 00:07:20,639 When your heart beats out of rhythm, 187 00:07:20,639 --> 00:07:22,180 it may not deliver enough blood 188 00:07:22,180 --> 00:07:24,790 to your body. 189 00:07:24,790 --> 00:07:26,180 Rhythm disorders can be caused 190 00:07:26,180 --> 00:07:27,800 by a number of factors 191 00:07:27,800 --> 00:07:30,710 including disease, heredity, 192 00:07:30,710 --> 00:07:33,590 medications or other factors. 193 00:07:33,590 --> 00:07:37,390 E: So for those of you who are already aware of that, 194 00:07:37,390 --> 00:07:38,130 apologies. 195 00:07:38,130 --> 00:07:39,380 But I needed to learn that. 196 00:07:39,380 --> 00:07:40,280 I needed to learn the basics 197 00:07:40,280 --> 00:07:41,980 before we even got started, right? 198 00:07:41,980 --> 00:07:43,940 So... 199 00:07:43,940 --> 00:07:47,199 M: So this is a diagram of the 200 00:07:47,199 --> 00:07:50,169 electrical system of the heart. 201 00:07:50,169 --> 00:07:52,310 So, as you see, this is the sinus node 202 00:07:52,310 --> 00:07:54,169 that is generating the pulse. 203 00:07:54,169 --> 00:07:56,290 And in my case 204 00:07:56,290 --> 00:07:58,850 I had a problem with the signal 205 00:07:58,850 --> 00:08:01,520 being generated by the sinus node 206 00:08:01,520 --> 00:08:05,090 not reaching the lower heart chamber. 207 00:08:05,090 --> 00:08:10,640 It's something called an AV block or a heart block 208 00:08:10,640 --> 00:08:13,580 So, occasionally this will cause 209 00:08:13,580 --> 00:08:17,080 an arrhythmia that makes the heart pause. 210 00:08:17,080 --> 00:08:18,320 If you don't have a heart beat 211 00:08:18,320 --> 00:08:20,180 for, like ... 8-10 seconds, 212 00:08:20,180 --> 00:08:22,000 you lose your consciousness. 213 00:08:22,000 --> 00:08:24,260 And that was, what happened to me. 214 00:08:24,260 --> 00:08:25,620 I just suddenly found myself 215 00:08:25,620 --> 00:08:27,010 lying on the floor 216 00:08:27,010 --> 00:08:28,910 and I didn't remember how I got there. 217 00:08:28,910 --> 00:08:31,180 And it turned out that it was my heart 218 00:08:31,180 --> 00:08:34,009 that had taken a break. 219 00:08:34,009 --> 00:08:36,899 So that's how I discovered 220 00:08:36,899 --> 00:08:38,519 that I had this issue. 221 00:08:38,519 --> 00:08:40,899 So, this is where the signal is blocked 222 00:08:40,899 --> 00:08:44,279 on the way down to the lower heart chamber 223 00:08:44,279 --> 00:08:45,639 But there's a backup function 224 00:08:45,639 --> 00:08:50,600 in the heart that can make 225 00:08:50,600 --> 00:08:52,110 a so called backup pulse. 226 00:08:52,110 --> 00:08:54,759 And I had that backup pulse 227 00:08:54,759 --> 00:08:57,209 when I went to the emergency room. 228 00:08:57,209 --> 00:08:59,579 So I had a pulse around 30-40 beats/min. 229 00:08:59,579 --> 00:09:03,100 And that's generated by some cells 230 00:09:03,100 --> 00:09:05,449 in the lower heart chamber. 231 00:09:05,449 --> 00:09:08,259 So, after I got the pacemaker 232 00:09:08,259 --> 00:09:09,329 my heart started to become 233 00:09:09,329 --> 00:09:10,449 a little bit more lazy. 234 00:09:10,449 --> 00:09:12,220 So it is not certain, 235 00:09:12,220 --> 00:09:14,040 that I will have this backup pulse 236 00:09:14,040 --> 00:09:16,959 anymore if the pacemaker stops working. 237 00:09:16,959 --> 00:09:17,990 So currently 238 00:09:17,990 --> 00:09:22,490 my heart is 100% running on the pacemaker. 239 00:09:22,490 --> 00:09:27,079 So, let's also look at how the pacemaker works. 240 00:09:27,079 --> 00:09:29,899 I have another video of that. 241 00:09:29,899 --> 00:09:31,670 So, this is my little friend 242 00:09:31,670 --> 00:09:34,449 that is running my heart. 243 00:09:34,449 --> 00:09:38,279 Video: A pacemaker is a miniaturized computer 244 00:09:38,279 --> 00:09:40,990 that is used to treat a slow heart beat. 245 00:09:40,990 --> 00:09:42,699 It is about the size 246 00:09:42,699 --> 00:09:45,449 of a couple of stacked silver dollars 247 00:09:45,449 --> 00:09:49,110 and weights approximately 17-25 grams. 248 00:09:49,110 --> 00:09:52,050 It is usually surgically placed 249 00:09:52,050 --> 00:09:54,449 or implanted just under the skin 250 00:09:54,449 --> 00:09:57,119 in the chest area. 251 00:09:57,119 --> 00:09:59,720 The device sends a tiny electrical pulse 252 00:09:59,720 --> 00:10:01,730 down a thin coated wire, 253 00:10:01,730 --> 00:10:04,699 called a lead, into your heart. 254 00:10:04,699 --> 00:10:07,209 This stimulates the heart to beat. 255 00:10:07,209 --> 00:10:09,490 This impulses are very tiny 256 00:10:09,490 --> 00:10:12,499 and most people do not feel them. 257 00:10:12,499 --> 00:10:13,929 While the device helps your heart 258 00:10:13,929 --> 00:10:15,529 maintain its rhythm, 259 00:10:15,529 --> 00:10:17,009 it also stores information 260 00:10:17,009 --> 00:10:18,369 about your heart that can be 261 00:10:18,369 --> 00:10:20,209 retrieved by your doctor 262 00:10:20,209 --> 00:10:21,990 to program the device. 263 00:10:21,990 --> 00:10:23,629 E: Remember that! 264 00:10:23,629 --> 00:10:26,309 M: Yeah... Did you see 265 00:10:26,309 --> 00:10:28,509 the ones and zeros at the end 266 00:10:28,509 --> 00:10:29,459 of the video? 267 00:10:29,459 --> 00:10:31,240 That's what we want to know more about. 268 00:10:31,240 --> 00:10:33,179 Because this information 269 00:10:33,179 --> 00:10:35,230 that is being collected by the pacemaker, 270 00:10:35,230 --> 00:10:36,629 how it works, 271 00:10:36,629 --> 00:10:38,749 how the code looks like, 272 00:10:38,749 --> 00:10:40,119 it's all closed source, 273 00:10:40,119 --> 00:10:42,119 it's all proprietary information. 274 00:10:42,119 --> 00:10:44,540 And that's why we need more 275 00:10:44,540 --> 00:10:45,579 security researchers, 276 00:10:45,579 --> 00:10:48,579 we need more 3rd party testing, 277 00:10:48,579 --> 00:10:52,209 to be sure that we can trust this code. 278 00:10:52,209 --> 00:10:53,689 E: And you can imagine that 279 00:10:53,689 --> 00:10:56,029 we're doing some of this research as well. 280 00:10:56,029 --> 00:10:58,209 But I'm not gonna break Marie's heart on stage, 281 00:10:58,209 --> 00:10:59,189 I'm not gonna drop 0-day 282 00:10:59,189 --> 00:11:00,600 on some medical devices, 283 00:11:00,600 --> 00:11:02,999 so if you came for that, 284 00:11:02,999 --> 00:11:04,300 it's not worth staying. 285 00:11:04,300 --> 00:11:05,379 The rest of the presentation 286 00:11:05,379 --> 00:11:06,990 will be about some of the things we found 287 00:11:06,990 --> 00:11:07,779 and how this works and 288 00:11:07,779 --> 00:11:09,529 how you might approach this research. 289 00:11:09,529 --> 00:11:11,629 And some of the people who did this research before, 290 00:11:11,629 --> 00:11:12,279 because there's plenty of others, 291 00:11:12,279 --> 00:11:13,429 and we like to give a shout-out 292 00:11:13,429 --> 00:11:16,319 to those who've done great research in advance. 293 00:11:16,319 --> 00:11:18,730 But essentially this point is 294 00:11:18,730 --> 00:11:19,589 very relevant. 295 00:11:19,589 --> 00:11:21,179 That the internet of medical things 296 00:11:21,179 --> 00:11:22,850 is already here. 297 00:11:22,850 --> 00:11:24,899 And Marie is wired into it. 298 00:11:24,899 --> 00:11:27,059 She's a bit younger than the average 299 00:11:27,059 --> 00:11:30,339 pacemaker patient, but, you know, 300 00:11:30,339 --> 00:11:31,759 she was thrust into this situation 301 00:11:31,759 --> 00:11:33,249 where she had to think about things 302 00:11:33,249 --> 00:11:34,269 in a very different way. 303 00:11:34,269 --> 00:11:36,449 Like, you did a Masters, breaking crypto, 304 00:11:36,449 --> 00:11:39,059 and also a PHD in Information Security. 305 00:11:39,059 --> 00:11:40,899 Did you imagine, that things you learned 306 00:11:40,899 --> 00:11:42,709 about SSH and network security 307 00:11:42,709 --> 00:11:46,689 might one day apply to your heart and your own body? 308 00:11:46,689 --> 00:11:49,579 M: No, I never figured out that 309 00:11:49,579 --> 00:11:52,910 my research would eventually end up inside my own body. 310 00:11:52,910 --> 00:11:55,269 That's something I never thought about. 311 00:11:55,269 --> 00:11:57,649 And also, there's a lot of 312 00:11:57,649 --> 00:12:00,110 people that don't think about 313 00:12:00,110 --> 00:12:02,610 how the medical devices actually work. 314 00:12:02,610 --> 00:12:04,860 So, when I asked this question 315 00:12:04,860 --> 00:12:06,470 to health care professionals 316 00:12:06,470 --> 00:12:08,529 they look at me like I'm crazy, 317 00:12:08,529 --> 00:12:11,189 they don't ... they have never thought about this before. 318 00:12:11,189 --> 00:12:14,699 That there's actually code inside my body 319 00:12:14,699 --> 00:12:16,360 and someone has programmed it, 320 00:12:16,360 --> 00:12:18,259 someone has written this code. 321 00:12:18,259 --> 00:12:20,350 And, did they think about, that this 322 00:12:20,350 --> 00:12:23,290 would actually control someone's life, 323 00:12:23,290 --> 00:12:27,389 and be my own personal critical infrastructure? 324 00:12:28,719 --> 00:12:31,009 E: Yeah, personal infrastructure, right? 325 00:12:31,009 --> 00:12:33,189 On a physical level. 326 00:12:33,189 --> 00:12:35,220 And also, I think, it's... 327 00:12:35,220 --> 00:12:37,679 You know, the point that you made is important to reiterate, 328 00:12:37,679 --> 00:12:38,629 that you go and see your doctor 329 00:12:38,629 --> 00:12:40,360 and you ask these questions about 330 00:12:40,360 --> 00:12:42,040 whether anyone can hack into my heart 331 00:12:42,040 --> 00:12:44,050 and they probably look at you and go like 332 00:12:44,050 --> 00:12:46,600 'Don't you worry your pretty little head about that', right? 333 00:12:46,600 --> 00:12:47,589 But Marie used to head up 334 00:12:47,589 --> 00:12:49,949 the Norwegian computer emergency response team 335 00:12:49,949 --> 00:12:50,720 for a couple of years 336 00:12:50,720 --> 00:12:52,610 and knows a lot of hackers 337 00:12:52,610 --> 00:12:54,790 and knows what she's talking about, right? 338 00:12:54,790 --> 00:12:57,199 So, when she asked her doctor these questions, 339 00:12:57,199 --> 00:12:58,819 they're very legitimate questions. 340 00:12:58,819 --> 00:13:01,449 And the doctors probably don't know anything about code, 341 00:13:01,449 --> 00:13:02,970 but they need to move towards a place 342 00:13:02,970 --> 00:13:05,459 where they can answer those questions with some 343 00:13:05,459 --> 00:13:08,079 honesty and certainty and treat them with the dignity 344 00:13:08,079 --> 00:13:10,569 that they deserve. 345 00:13:10,569 --> 00:13:11,670 Should we show them a little bit more 346 00:13:11,670 --> 00:13:13,980 about the total ecosystem of devices 347 00:13:13,980 --> 00:13:16,649 that we are talking about, at least in this particular talk? 348 00:13:16,649 --> 00:13:18,629 M: Yeah. 349 00:13:18,629 --> 00:13:21,929 E: So, this was all new to me. 350 00:13:21,929 --> 00:13:24,970 I mean I've moved around in networks and done some 351 00:13:24,970 --> 00:13:27,519 penetration testing and some stuff in the past, 352 00:13:27,519 --> 00:13:31,540 but I didn't know much about implantable medical devices. 353 00:13:31,540 --> 00:13:34,360 So, we've got a couple of them there. 354 00:13:34,360 --> 00:13:38,339 The ICD, which is the in-cardio-defibrillator, 355 00:13:38,339 --> 00:13:40,360 that's some of the work that you saw from Barnaby Jack 356 00:13:40,360 --> 00:13:41,629 which we will mention later, 357 00:13:41,629 --> 00:13:43,170 was on those particular devices, 358 00:13:43,170 --> 00:13:45,299 We've got the pacemakers and of course other devices 359 00:13:45,299 --> 00:13:47,269 could be in this diagram as well. 360 00:13:47,269 --> 00:13:49,079 Like, we could be talking about insulin pumps 361 00:13:49,079 --> 00:13:51,329 or other things in the future. 362 00:13:51,329 --> 00:13:54,619 The device itself speaks to box number 2, 363 00:13:54,619 --> 00:13:56,389 which we will tell you a little bit more about in a moment, 364 00:13:56,389 --> 00:13:59,799 using a protocol, commonly referred to as 'MICS'. 365 00:13:59,799 --> 00:14:02,209 A number of different devices use this 366 00:14:02,209 --> 00:14:06,170 Medical Implant Communication Service. 367 00:14:06,170 --> 00:14:08,649 And Marie shocked me yesterday 368 00:14:08,649 --> 00:14:10,589 when she found a couple devices 369 00:14:10,589 --> 00:14:15,799 that potentially use Bluetooth. *sighing* *laughter* 370 00:14:15,799 --> 00:14:19,610 So, would you like to tell them a little bit more about the access point, 371 00:14:19,610 --> 00:14:20,709 and I'll join in? 372 00:14:20,709 --> 00:14:23,889 M: Yeah, so, the access point is the device 373 00:14:23,889 --> 00:14:27,369 that you can typically have on your bed stand 374 00:14:27,369 --> 00:14:32,209 and that will, depending on your configuration, 375 00:14:32,209 --> 00:14:35,249 contact your pacemaker as regular intervals, 376 00:14:35,249 --> 00:14:37,509 e.g. once during the night. 377 00:14:37,509 --> 00:14:41,499 It will start a communication with the pacemaker, 378 00:14:41,499 --> 00:14:43,209 couple of meters distance, 379 00:14:43,209 --> 00:14:44,249 and will start collecting logs. 380 00:14:44,249 --> 00:14:47,160 And this logs will then be sent, 381 00:14:47,160 --> 00:14:51,999 it can be via SMS or other means, 382 00:14:51,999 --> 00:14:53,730 to a server. 383 00:14:53,730 --> 00:14:58,569 So, there's a lot of my personal information 384 00:14:58,569 --> 00:15:02,049 that can end up different places in this diagram. 385 00:15:02,049 --> 00:15:05,679 So, of course it's in my own device, 386 00:15:05,679 --> 00:15:10,079 it will be then communicated via this access point 387 00:15:10,079 --> 00:15:10,889 and also then 388 00:15:10,889 --> 00:15:14,179 via the cellular network. 389 00:15:14,179 --> 00:15:19,989 And then it will also be stored in the telemetry server. 390 00:15:19,989 --> 00:15:24,519 Potentially when I go for the checkups 391 00:15:24,519 --> 00:15:28,939 my personal information will also end up in my 392 00:15:28,939 --> 00:15:29,730 doctor workstation 393 00:15:29,730 --> 00:15:36,639 or in the electronic patient records. 394 00:15:36,639 --> 00:15:40,049 And there's a lot of things that can go wrong there. 395 00:15:40,049 --> 00:15:42,100 E: Yeah, you can see, it's using 396 00:15:42,100 --> 00:15:46,949 famously secure methods of communication 397 00:15:46,949 --> 00:15:51,639 that have never been backdoored or compromised by anyone ever before, 398 00:15:51,639 --> 00:15:56,139 even here at this conference, probably even this time around. 399 00:15:56,139 --> 00:15:59,850 So these are some things that are concerning. 400 00:15:59,850 --> 00:16:03,439 The data also travels often to other countries 401 00:16:03,439 --> 00:16:05,199 and so there are questions about the jurisdiction 402 00:16:05,199 --> 00:16:09,689 in terms of privacy laws in terms of some of this data. 403 00:16:09,689 --> 00:16:13,049 And some of you can go and look deeper into that as well. 404 00:16:13,049 --> 00:16:15,439 The telemetry store thing I think is important, 405 00:16:15,439 --> 00:16:20,009 some of this is a telemetry store, such as the server at the vendor. 406 00:16:20,009 --> 00:16:21,709 So the vendor owns some machines somewhere 407 00:16:21,709 --> 00:16:23,859 that collect data from Marie's heart. 408 00:16:23,859 --> 00:16:26,910 So you can imagine she goes to see her doctor and the doctor is like: 409 00:16:26,910 --> 00:16:30,649 'Hey, Marie, last weekend, did you, ... run a half marathon or something?' 410 00:16:30,649 --> 00:16:32,839 And she hasn't told him, right? 411 00:16:32,839 --> 00:16:35,410 Like, he just can look at the data and see, 412 00:16:35,410 --> 00:16:38,529 that her heart rate was up for a couple hours. 413 00:16:38,529 --> 00:16:40,609 That's true though, right? You did actually run a half marathon. 414 00:16:40,609 --> 00:16:43,639 M: Yeah, I did run a half marathon. *laughing* 415 00:16:43,639 --> 00:16:46,829 E: So, the telemetry store is one part, 416 00:16:46,829 --> 00:16:48,420 but there's also the doctors work station 417 00:16:48,420 --> 00:16:50,579 which contains a lot of this medical data. 418 00:16:50,579 --> 00:16:54,040 So, from privacy perspective that's part of the attack surface. 419 00:16:54,040 --> 00:16:55,489 But there's also the programmers, right? 420 00:16:55,489 --> 00:16:57,879 There's the device's programmers. 421 00:16:57,879 --> 00:17:00,850 So that's an interesting point, that I hope a lot of you are interested in 422 00:17:00,850 --> 00:17:04,929 already, that there is a programmer 423 00:17:04,929 --> 00:17:06,339 for these devices. 424 00:17:06,339 --> 00:17:10,299 M: So, we actually went shopping on eBay 425 00:17:10,299 --> 00:17:12,189 and we found some of these devices. 426 00:17:12,189 --> 00:17:13,319 E: You can buy them on eBay? 427 00:17:13,319 --> 00:17:14,429 M: Yeah. E: *laughing* 428 00:17:14,429 --> 00:17:16,740 M: So, I found a programmer 429 00:17:16,740 --> 00:17:19,369 that can program my device, on eBay 430 00:17:19,369 --> 00:17:20,599 and I bought it. 431 00:17:20,599 --> 00:17:22,500 And I also found a couple of these access points. 432 00:17:22,500 --> 00:17:26,319 So, that's what we're now starting to look at. 433 00:17:26,319 --> 00:17:29,320 E: We just wanna to give you an overview of this system, 434 00:17:29,320 --> 00:17:31,720 and it's fairly similar across the different device vendors, 435 00:17:31,720 --> 00:17:34,549 and we're not going to talk about individual vendors. 436 00:17:34,549 --> 00:17:36,600 But if you're gonna go and do this kind of research 437 00:17:36,600 --> 00:17:39,789 you can see that some of the research you've already done in the past 438 00:17:39,789 --> 00:17:43,110 applies to different parts of this process. 439 00:17:43,110 --> 00:17:46,730 M: And talking about patient privacy, 440 00:17:46,730 --> 00:17:50,710 when we got the programmer from ebay 441 00:17:50,710 --> 00:17:54,159 it actually contained patient information. 442 00:17:54,159 --> 00:17:56,779 So, that's the really bad thing. 443 00:17:56,779 --> 00:17:58,919 E: So, I found this very odd. 444 00:17:58,919 --> 00:18:01,100 I had a similar reaction to yourselves because 445 00:18:01,100 --> 00:18:03,080 I usually do industrial system stuff. 446 00:18:03,080 --> 00:18:06,299 One of my friends picked up some PLCs recently and 447 00:18:06,299 --> 00:18:09,679 they had data from the nuclear plant, that the PLCs had been used in. 448 00:18:09,679 --> 00:18:13,789 So, decommissioning is a problem in industrial systems 449 00:18:13,789 --> 00:18:18,080 but it turns out also in medical devices, right? 450 00:18:18,080 --> 00:18:20,480 I guess that's a useful point to make as well, 451 00:18:20,480 --> 00:18:22,820 about the costs of doing this kind of research. 452 00:18:22,820 --> 00:18:26,260 It is possible to get some devices, some implants 453 00:18:26,260 --> 00:18:29,000 from people who have sadly passed on, 454 00:18:29,000 --> 00:18:33,429 but that comes with a very high cost of biomedical decontamination. 455 00:18:33,429 --> 00:18:35,549 So that raises the cost of doing this research 456 00:18:35,549 --> 00:18:38,070 on the implants themselves, not necessarily on the rest 457 00:18:38,070 --> 00:18:38,710 of the devices. 458 00:18:38,710 --> 00:18:42,700 M: Yeah, so, also want to say, that in this research 459 00:18:42,700 --> 00:18:44,059 I had not have not tinkered with my own device. 460 00:18:44,059 --> 00:18:46,630 So, that would not be a good thing ... 461 00:18:46,630 --> 00:18:49,679 E: You're not gonna let me, like, SSH into your heart and just ... 462 00:18:49,679 --> 00:18:52,330 M: Um.. No. E: ... just delete some stuff.. No? 463 00:18:52,330 --> 00:18:54,990 M: No. E: I wouldn't do it anyway, 464 00:18:54,990 --> 00:18:56,860 but it's an interesting point, right? 465 00:18:56,860 --> 00:18:59,019 So, like, there are a lot of safety percussions 466 00:18:59,019 --> 00:19:00,960 that we and the rest of the team have to take 467 00:19:00,960 --> 00:19:02,380 when we are doing this research. 468 00:19:02,380 --> 00:19:06,039 And one of them is not pairing Marie's pacemaker 469 00:19:06,039 --> 00:19:09,289 with any of the devices that are under test. 470 00:19:09,289 --> 00:19:13,519 Do you wanna say a bit more about connectivity and vulnerability? 471 00:19:13,519 --> 00:19:15,200 M: Yeah, so... 472 00:19:15,200 --> 00:19:18,620 I was worried when I discovered that 473 00:19:18,620 --> 00:19:23,850 I had this possible connectivity to the medical internet of things. 474 00:19:23,850 --> 00:19:28,830 In my case this is switched off in the configurations 475 00:19:28,830 --> 00:19:29,679 but it's there. 476 00:19:29,679 --> 00:19:32,750 It's possible to turn it on, it's possible for me to be 477 00:19:32,750 --> 00:19:36,970 hooked up to the, this internet of medical things. 478 00:19:36,970 --> 00:19:40,500 And for some patients this is really benefit. 479 00:19:40,500 --> 00:19:43,090 So you always have to make a risk-based decision 480 00:19:43,090 --> 00:19:47,510 on whether or not to make use of this 481 00:19:47,510 --> 00:19:48,529 connectivity. 482 00:19:48,529 --> 00:19:52,490 But I think it's really important that you make an informed decision 483 00:19:52,490 --> 00:19:55,480 about that and that the patient 484 00:19:55,480 --> 00:20:01,919 is informed and has given his or her consent 485 00:20:01,919 --> 00:20:04,120 to have this feature. 486 00:20:04,120 --> 00:20:08,200 The battery lifetime of my pacemaker is around 10 years. 487 00:20:08,200 --> 00:20:10,450 So in 6 years time 488 00:20:10,450 --> 00:20:12,870 I will have to have a replacement surgery 489 00:20:12,870 --> 00:20:16,409 and I'm going to be a really difficult patient *laughing* 490 00:20:16,409 --> 00:20:17,840 *laughter* 491 00:20:17,840 --> 00:20:23,980 So, ... *applause* 492 00:20:23,980 --> 00:20:25,039 E: Right on. 493 00:20:25,039 --> 00:20:27,710 M: I really want to know 494 00:20:27,710 --> 00:20:30,269 how the devices work by then and 495 00:20:30,269 --> 00:20:33,830 I want to make an informed decision on whether or not 496 00:20:33,830 --> 00:20:35,659 to have this connectivity. 497 00:20:35,659 --> 00:20:38,970 But of course for lot of patients the benefit of having this 498 00:20:38,970 --> 00:20:40,850 outweighs the risk. 499 00:20:40,850 --> 00:20:44,630 Because people that had other heart problems than me 500 00:20:44,630 --> 00:20:47,070 they have to go for more frequent checkups. 501 00:20:47,070 --> 00:20:49,759 I only have to go once a year. 502 00:20:49,759 --> 00:20:53,130 So, for patients that need to go frequently for checkups, 503 00:20:53,130 --> 00:20:55,710 it's really good for them to have the possibility 504 00:20:55,710 --> 00:20:58,039 of having telemetry and having connectivity to 505 00:20:58,039 --> 00:21:00,370 have remote patient monitoring. 506 00:21:00,370 --> 00:21:04,059 E: Yeah, imagine you have mobility problems or 507 00:21:04,059 --> 00:21:06,029 you even just live far 508 00:21:06,029 --> 00:21:08,639 from a major city. 509 00:21:08,639 --> 00:21:11,360 And making the journey to the hospital is quite arduous, 510 00:21:11,360 --> 00:21:15,159 then this kind of remote telemetry allows your doctor 511 00:21:15,159 --> 00:21:17,070 to keep track of what's going on. 512 00:21:17,070 --> 00:21:19,570 And that's very important, we don't wanna, like... 513 00:21:19,570 --> 00:21:22,440 have a big scary testosterone filled talk where we, like, 514 00:21:22,440 --> 00:21:23,389 hack some pacemakers. 515 00:21:23,389 --> 00:21:26,720 We wanna talk about how there's a dual use thing 516 00:21:26,720 --> 00:21:28,090 going on here. 517 00:21:28,090 --> 00:21:31,649 And that there is a lot of value in having this devices 518 00:21:31,649 --> 00:21:35,830 but we also want them to be safe and secure and preserve our privacy 519 00:21:35,830 --> 00:21:39,320 and a lot of other things. 520 00:21:39,320 --> 00:21:43,789 So, these are some of the issues. 521 00:21:43,789 --> 00:21:46,139 Of course the last one, the remote assassination scenario, 522 00:21:46,139 --> 00:21:49,340 that' s everyone favorite one to fantasize about 523 00:21:49,340 --> 00:21:53,250 or talk about, or make movies about, but 524 00:21:53,250 --> 00:21:54,980 we think there's a lot of other issues in here 525 00:21:54,980 --> 00:21:56,620 that are more interesting, 526 00:21:56,620 --> 00:21:59,009 some quality issues even, right, 527 00:21:59,009 --> 00:22:02,070 that we'll talk about in a little bit. 528 00:22:02,070 --> 00:22:02,649 Battery exhaustion, 529 00:22:02,649 --> 00:22:06,600 again something many people don't think about. But... 530 00:22:06,600 --> 00:22:09,200 I'm very interested in cyber-physical exploitation 531 00:22:09,200 --> 00:22:12,789 and so some of this elements were interesting to me 532 00:22:12,789 --> 00:22:15,960 that you might use the device in a way that wasn't expected. 533 00:22:15,960 --> 00:22:20,700 M: So personally I'm not afraid of being remotely assassinated. 534 00:22:20,700 --> 00:22:23,370 E: I've actually never known you to be afraid of anything 535 00:22:23,370 --> 00:22:24,549 M: *laughing* 536 00:22:24,549 --> 00:22:29,130 I'm more worried about software bugs in my device, 537 00:22:29,130 --> 00:22:31,759 the things that can malfunction, 538 00:22:31,759 --> 00:22:34,049 E: Is that just theoretical? 539 00:22:34,049 --> 00:22:36,850 M: No, actually software bugs 540 00:22:36,850 --> 00:22:38,940 have killed people. 541 00:22:38,940 --> 00:22:41,340 So, think about that! 542 00:22:41,340 --> 00:22:42,130 People that are not here, 543 00:22:42,130 --> 00:22:44,700 they don't have their voice and they can't really 544 00:22:44,700 --> 00:22:46,340 give there story. 545 00:22:46,340 --> 00:22:51,100 But there are stories about persons depending on medical devices 546 00:22:51,100 --> 00:22:54,240 dying because their device malfunctioned. 547 00:22:54,240 --> 00:22:57,830 E: There's even some great research 548 00:22:57,830 --> 00:23:01,940 from academics about how the user interface design 549 00:23:01,940 --> 00:23:05,100 of medical devices can have an impact on patients safety 550 00:23:05,100 --> 00:23:07,399 and how designing UX 551 00:23:07,399 --> 00:23:10,139 much more clearly and concisely 552 00:23:10,139 --> 00:23:11,840 specifically for the medical profession 553 00:23:11,840 --> 00:23:17,809 might improve the care of patients. 554 00:23:17,809 --> 00:23:19,889 Do you wanna say more about this slide or should we 555 00:23:19,889 --> 00:23:22,370 go on to the previous work, should we... go ahead! 556 00:23:22,370 --> 00:23:25,190 M: Yeah, I think it's really important also to... 557 00:23:25,190 --> 00:23:27,639 the issue of trusting the vendors. 558 00:23:27,639 --> 00:23:31,480 So, as a patient I'm expected to just, you know, 559 00:23:31,480 --> 00:23:34,720 trust, that my device is working correctly, 560 00:23:34,720 --> 00:23:38,860 every security vulnerability has been corrected by the vendor 561 00:23:38,860 --> 00:23:39,650 and it's safe. 562 00:23:39,650 --> 00:23:42,659 But I want to have more third party testing, 563 00:23:42,659 --> 00:23:48,210 I want to have more security research on medical implants. 564 00:23:48,210 --> 00:23:52,379 And as a lot things, like ... history has shown 565 00:23:52,379 --> 00:23:57,580 we can't always trust that the vendors do the right thing. 566 00:23:57,580 --> 00:24:00,179 E: I think this is a good opportunity for us to ask 567 00:24:00,179 --> 00:24:03,279 a very fun question, which is: 568 00:24:03,279 --> 00:24:05,700 Any fans of DMCA in the room? 569 00:24:05,700 --> 00:24:08,330 *laughter* 570 00:24:08,330 --> 00:24:09,379 No? No fans? Alright. 571 00:24:09,379 --> 00:24:12,779 Well, you then you'll really enjoy this. 572 00:24:12,779 --> 00:24:17,129 Marie has some very exciting news about DMCA exemptions. 573 00:24:17,129 --> 00:24:21,350 M: Yeah, so... October, this year 574 00:24:21,350 --> 00:24:27,909 there was a ruling of an DMCA exemption for 575 00:24:27,909 --> 00:24:30,710 security research on medical devices 576 00:24:30,710 --> 00:24:33,529 also for automotive security research. 577 00:24:33,529 --> 00:24:34,860 So, this means, that 578 00:24:34,860 --> 00:24:39,289 as researchers you can 579 00:24:39,289 --> 00:24:41,919 actually do reverse engineering of medical implants 580 00:24:41,919 --> 00:24:46,169 without infringing copyright laws. 581 00:24:46,169 --> 00:24:48,220 It will take effect I think October next year. 582 00:24:48,220 --> 00:24:50,710 E: Yeah. M: That is really a big 583 00:24:50,710 --> 00:24:53,529 step forward in my opinion. 584 00:24:53,529 --> 00:24:56,009 And I hope that this will encourage more research. 585 00:24:56,009 --> 00:24:59,649 And I also want to mention that there are 586 00:24:59,649 --> 00:25:02,720 fellow activist patients like myself 587 00:25:02,720 --> 00:25:06,649 that was behind that proposal of having this exemptions. 588 00:25:06,649 --> 00:25:11,529 So, Jay Radcliff who hacked his own insulin pump, 589 00:25:11,529 --> 00:25:16,299 Karen Sandler, who is a free and open software advocat. 590 00:25:16,299 --> 00:25:21,190 And Hugo Campos, who has an ICD implant, he is very ... 591 00:25:21,190 --> 00:25:24,580 he wants to have access to his own data 592 00:25:24,580 --> 00:25:27,669 for quantified self reasons. 593 00:25:27,669 --> 00:25:31,210 So this patients, they actually 594 00:25:31,210 --> 00:25:36,409 made this happen, that you're allowed to do 595 00:25:36,409 --> 00:25:38,870 security research on medical devices. 596 00:25:38,870 --> 00:25:40,859 I think that's really great. 597 00:25:40,859 --> 00:25:48,029 *applause* 598 00:25:48,029 --> 00:25:51,639 E: Do you wanna say something about Scott Erven's presentation 599 00:25:51,639 --> 00:25:52,419 that you saw at DEF CON? 600 00:25:52,419 --> 00:25:54,419 M: Yeah, that was a really interesting presentation about 601 00:25:54,419 --> 00:25:59,899 how medical devices have really poor security. 602 00:25:59,899 --> 00:26:02,399 And they have, like, hard coded credentials, 603 00:26:02,399 --> 00:26:06,059 and you can find them using Shodan on the internet. 604 00:26:06,059 --> 00:26:09,500 This were not pacemakers, but other types of 605 00:26:09,500 --> 00:26:10,809 different medical devices. 606 00:26:10,809 --> 00:26:17,029 There are, like, hospital networks that are completely open 607 00:26:17,029 --> 00:26:20,799 and you can access the medical equipment 608 00:26:20,799 --> 00:26:26,240 using default passwords that you can find in the manuals. 609 00:26:26,240 --> 00:26:27,240 And the vendors claim that 610 00:26:27,240 --> 00:26:30,159 no, these are not hard coded, these are default, 611 00:26:30,159 --> 00:26:33,809 but then the manuals say: Do not change this password... 612 00:26:33,809 --> 00:26:37,269 E: Because they want to integrate with other stuff, right? So... 613 00:26:37,269 --> 00:26:40,950 I've heard that excuse from SCADA, so I wasn't having it. 614 00:26:40,950 --> 00:26:43,759 M: They also put up some medical device honeypots 615 00:26:43,759 --> 00:26:48,889 to see if there were targeted hacking attempts 616 00:26:48,889 --> 00:26:55,009 but they only picked up regular malware on them, which is also ... 617 00:26:55,009 --> 00:26:57,309 E: Only! M: ... of course of a concern *laughing* 618 00:26:57,309 --> 00:27:01,389 E: Anything else, about prior art, Kevin? 619 00:27:01,389 --> 00:27:04,889 M: I guess we should mention that the academic research 620 00:27:04,889 --> 00:27:08,019 on hacking pacemakers, which was started by 621 00:27:08,019 --> 00:27:11,090 a group led by Kevin Fu 622 00:27:11,090 --> 00:27:13,840 and they had this first paper in 2008 623 00:27:13,840 --> 00:27:15,210 that they also followed up with more academic research 624 00:27:15,210 --> 00:27:17,909 and they showed that it's possible to hack a pacemaker. 625 00:27:17,909 --> 00:27:21,220 They showed that... this was possible on a, like 626 00:27:21,220 --> 00:27:23,460 a couple of centimeters distance only, 627 00:27:23,460 --> 00:27:28,289 so, like, the attack scenario would be, if you have a 628 00:27:28,289 --> 00:27:30,330 device similar to the programmers device 629 00:27:30,330 --> 00:27:33,610 and you attack me with it you can *laughing* 630 00:27:33,610 --> 00:27:34,289 turn off my pacemaker. 631 00:27:34,289 --> 00:27:36,019 That's not really scary, 632 00:27:36,019 --> 00:27:39,840 but then we have the research by Barnaby Jack 633 00:27:39,840 --> 00:27:45,529 where this range of the attack is extended to several meters 634 00:27:45,529 --> 00:27:48,549 so you have someone with an antenna in a room 635 00:27:48,549 --> 00:27:51,360 scanning for pacemakers 636 00:27:51,360 --> 00:27:54,059 and starting to program them. 637 00:27:54,059 --> 00:28:00,210 E: We have a saying at Cambridge about that. 638 00:28:00,210 --> 00:28:01,929 Some of the other people at the university have been doing attacks 639 00:28:01,929 --> 00:28:04,799 a lot longer than I have, and one of the things they say is: 640 00:28:04,799 --> 00:28:07,059 'Attacks only get worse, they never get better.' 641 00:28:07,059 --> 00:28:11,169 So, the range might be short one year, then a couple of years later it's worse. 642 00:28:11,169 --> 00:28:15,889 M: The worst case scenario I think would be remotely, 643 00:28:15,889 --> 00:28:19,549 via the internet being able to hack pacemakers. 644 00:28:19,549 --> 00:28:24,490 but there's no research so far indicating that that's possible. 645 00:28:24,490 --> 00:28:26,970 E: And we don't wanna hype that up. We don't wanna... 646 00:28:26,970 --> 00:28:28,929 M: No. E: ... get that kind of an angle 647 00:28:28,929 --> 00:28:31,720 on this talk. We wanna make the point that hacking can save lives, 648 00:28:31,720 --> 00:28:38,779 that hackers are global citizen's resource to save lives, right? So... 649 00:28:38,779 --> 00:28:45,200 M: Yeah, so, this is the result of hacking of the drug infusion pumps. 650 00:28:45,200 --> 00:28:48,659 Earlier this year 651 00:28:48,659 --> 00:28:55,190 the FDA actually issued the first ever recall of a medical device 652 00:28:55,190 --> 00:28:57,730 based on cyber security concerns. 653 00:28:57,730 --> 00:29:02,190 E: I think that's amazing, right? They've recalled products 654 00:29:02,190 --> 00:29:05,509 because of cyber security concerns. They used to have to wait until someone died. 655 00:29:05,509 --> 00:29:09,840 In fact, they had to show something like 500 deaths 656 00:29:09,840 --> 00:29:13,360 before you could recall a product. So now they can ... 657 00:29:13,360 --> 00:29:16,080 the FDA, at least in the US, they can recall products 658 00:29:16,080 --> 00:29:18,570 just based on security considerations. 659 00:29:18,570 --> 00:29:20,519 M: So, this is also, 660 00:29:20,519 --> 00:29:26,730 I guess the first example of that type of pro-active 661 00:29:26,730 --> 00:29:29,450 security research, where you can 662 00:29:29,450 --> 00:29:33,049 make a proof of concept without killing any patients 663 00:29:33,049 --> 00:29:36,740 and then that closes the security holes. 664 00:29:36,740 --> 00:29:38,240 And that potentially saves lives. 665 00:29:38,240 --> 00:29:41,169 And no one has been hurt in the research. 666 00:29:41,169 --> 00:29:42,110 I think that's great. 667 00:29:42,110 --> 00:29:45,019 E: I'm also really excited because we give a lot of presentations 668 00:29:45,019 --> 00:29:48,610 about security that are filled with doom and gloom and depression, 669 00:29:48,610 --> 00:29:52,190 so it's nice to have two major victories in medical device research 670 00:29:52,190 --> 00:29:54,610 in the last few years. One being the DMCA exemptions 671 00:29:54,610 --> 00:29:57,299 and the other being actual product recalls. 672 00:29:57,299 --> 00:30:01,879 M: Yeah, and the FDA are starting to take these issues seriously and 673 00:30:01,879 --> 00:30:05,700 they are really focusing on the cyber security of medical implants now. 674 00:30:05,700 --> 00:30:09,980 I'm going to go to a workshop arranged by the FDA in January 675 00:30:09,980 --> 00:30:15,639 and participate on a panel discussing cyber security of medical implants. 676 00:30:15,639 --> 00:30:18,789 And it's great to have this type of interaction between 677 00:30:18,789 --> 00:30:23,269 the security committee, medical device vendors and the regulators. 678 00:30:23,269 --> 00:30:24,950 So, things are happening. 679 00:30:24,950 --> 00:30:26,820 E: Yeah. How do you feel as an audience, 680 00:30:26,820 --> 00:30:29,759 are you glad that she's going to be your representative in Washington 681 00:30:29,759 --> 00:30:31,749 for some of these issues? 682 00:30:31,749 --> 00:30:38,679 *applause* 683 00:30:38,679 --> 00:30:41,330 And we want you to get involved as well, right? 684 00:30:41,330 --> 00:30:44,950 This is not just about Marie and myself and the other people 685 00:30:44,950 --> 00:30:47,499 who worked on this project, it's meant say 686 00:30:47,499 --> 00:30:50,200 you too can do this research. And you should be. 687 00:30:50,200 --> 00:30:53,499 You have to be a little sensitive, a little bit precise and articulate 688 00:30:53,499 --> 00:30:55,029 about concerns. 689 00:30:55,029 --> 00:30:58,509 We take some inspiration from the former research around hygiene. 690 00:30:58,509 --> 00:31:01,419 Imagine the first time some scientist went to some other scientist and said 691 00:31:01,419 --> 00:31:04,960 'There is this invisible stuff, and it's on your hands, 692 00:31:04,960 --> 00:31:07,210 and if you don't wash your hands people get infections!' 693 00:31:07,210 --> 00:31:08,240 And everyone thought they were crazy. 694 00:31:08,240 --> 00:31:12,049 Well, it's kind of the same with us talking about industrial systems 695 00:31:12,049 --> 00:31:15,840 or talking about medical devices or talking about hacking in general. 696 00:31:15,840 --> 00:31:18,200 People just didn't, sort of, believe it was possible at first. 697 00:31:18,200 --> 00:31:21,019 And so we have to articulate ourselves very, very carefully. 698 00:31:21,019 --> 00:31:25,200 So, we draw inspiration from that early hygiene movement 699 00:31:25,200 --> 00:31:28,730 where they had a couple simple rules that started to save people's lives 700 00:31:28,730 --> 00:31:31,529 while they explained germ theory to the masses. 701 00:31:31,529 --> 00:31:38,139 M: Yeah, so, this type of research is kind of low hanging fruits 702 00:31:38,139 --> 00:31:41,149 where you just, so... 703 00:31:41,149 --> 00:31:46,320 what we show here is an example, 704 00:31:46,320 --> 00:31:50,440 where there's a lot of medical device networks in hospitals 705 00:31:50,440 --> 00:31:53,720 that are open to the internet and that can get infected 706 00:31:53,720 --> 00:31:59,429 by normal type of malware, like banking trojans or whatever. 707 00:31:59,429 --> 00:32:03,200 And this is potentially a safety issue. 708 00:32:03,200 --> 00:32:08,460 So, if your MR scanner or some other 709 00:32:08,460 --> 00:32:12,970 more life-critical device is being unavailable because of 710 00:32:12,970 --> 00:32:16,919 a virus on it, 711 00:32:16,919 --> 00:32:21,360 that's a real concern for patient security and safety. 712 00:32:21,360 --> 00:32:26,419 So we need to think more about the hygiene also in terms of 713 00:32:26,419 --> 00:32:29,860 computer viruses, not only just normal viruses. 714 00:32:29,860 --> 00:32:33,129 E: Yeah. So, you know, some times people will treat you like 715 00:32:33,129 --> 00:32:35,639 this is an entirely theoretical concern, but 716 00:32:35,639 --> 00:32:39,379 I think this is one of the best illustrations that we've found 717 00:32:39,379 --> 00:32:42,210 of how that should be a concern, 718 00:32:42,210 --> 00:32:43,740 and I think all of you will get it, 719 00:32:43,740 --> 00:32:47,320 but I wanna give you a moment to kind of read what's about to come up on the slides. 720 00:32:47,320 --> 00:32:59,200 So I'll just let you enjoy that for a moment. 721 00:32:59,200 --> 00:33:02,009 So if it's not clear or it's not your first language or something, 722 00:33:02,009 --> 00:33:07,659 this guy basically sharded patient data across a bunch of amazon clusters. 723 00:33:07,659 --> 00:33:11,309 And then it was unavailable. And they were very concerned 724 00:33:11,309 --> 00:33:14,029 about the unavailability of their costumer patient data 725 00:33:14,029 --> 00:33:17,629 sharded across amazon instances. 726 00:33:17,629 --> 00:33:23,289 He was complaining to support, like 'Can I get support to fix this?' *laughing* 727 00:33:23,289 --> 00:33:27,149 M: So, all the data of the ... 728 00:33:27,149 --> 00:33:31,580 ... the monitoring data of the cardiac patients is unavailable to them 729 00:33:31,580 --> 00:33:35,129 because of the service being downed. 730 00:33:35,129 --> 00:33:43,060 And, well, do you want to outsource your patient's safety to the cloud? Really? 731 00:33:43,060 --> 00:33:45,360 I don't want that. Okay. 732 00:33:45,360 --> 00:33:50,039 E: I wanna get into some other details. We have sort of 10 min left if we can ... 733 00:33:50,039 --> 00:33:53,179 so we can have a lot of questions, and I'm sure there will be some. 734 00:33:53,179 --> 00:33:57,990 But I want you to talk to them about this very personal story. 735 00:33:57,990 --> 00:34:00,769 This is... Remember before, when we said, is this stuff theoretical? 736 00:34:00,769 --> 00:34:02,299 I want you to pay a lot of attention to this story. 737 00:34:02,299 --> 00:34:04,299 It really moved me when she first told me. 738 00:34:04,299 --> 00:34:08,650 M: I know how it feels to have my body controlled by a device 739 00:34:08,650 --> 00:34:12,360 that is not working correctly. 740 00:34:12,360 --> 00:34:18,429 So, I think it was around 2 or 3 weeks after I had the surgery. 741 00:34:18,429 --> 00:34:19,480 I felt fine. 742 00:34:19,480 --> 00:34:23,409 But I hadn't really done any exercise yet. 743 00:34:23,409 --> 00:34:28,090 The surgery was pretty easy, I only had 2 weeks sick leave 744 00:34:28,090 --> 00:34:29,730 and then I came back to work 745 00:34:29,730 --> 00:34:30,960 and I went to London 746 00:34:30,960 --> 00:34:35,449 to participate in a course in ethical hacking and 747 00:34:35,449 --> 00:34:39,770 I did take the London Underground together with some of my colleges 748 00:34:39,770 --> 00:34:42,840 and we went of at this station at Covent Garden 749 00:34:42,840 --> 00:34:46,050 And I don't know if you have been there but 750 00:34:46,050 --> 00:34:49,100 that particular station is really low underground. 751 00:34:49,100 --> 00:34:51,980 They have elevators that you can use to get up, 752 00:34:51,980 --> 00:34:55,139 but usually there are, like, long queues to the elevators... 753 00:34:55,139 --> 00:34:57,050 E: You always have to do things the hard way, right? 754 00:34:57,050 --> 00:34:58,120 M: You had to take the stairs, or 755 00:34:58,120 --> 00:35:00,830 they were just heading for the stairs and I was following them and 756 00:35:00,830 --> 00:35:05,700 we were starting to climb the stairs and I didn't read this warning sign, which is: 757 00:35:05,700 --> 00:35:09,850 'Those with luggage, pushchairs & heart conditions, please use the lift' *laughing* 758 00:35:09,850 --> 00:35:11,610 Because I was feeling fine, 759 00:35:11,610 --> 00:35:15,570 and this was the first time that I figured out there's something wrong 760 00:35:15,570 --> 00:35:17,860 with my pacemaker or with my heart. 761 00:35:17,860 --> 00:35:20,330 Because I came like half way up this stairs 762 00:35:20,330 --> 00:35:23,120 and I felt like I was going to die. 763 00:35:23,120 --> 00:35:24,610 It was a really horrible feeling. 764 00:35:24,610 --> 00:35:26,430 I didn't have any more breath left, 765 00:35:26,430 --> 00:35:30,740 I felt like I wasn't able to complete the stairs. 766 00:35:30,740 --> 00:35:33,650 I didn't know what was happening to me, but 767 00:35:33,650 --> 00:35:37,440 somehow I managed to drag myself up the stairs 768 00:35:37,440 --> 00:35:38,700 and my heart was really... 769 00:35:38,700 --> 00:35:40,830 it didn't feel right. 770 00:35:40,830 --> 00:35:45,040 So, first thing when I came back from this course 771 00:35:45,040 --> 00:35:46,250 I went to my doctor 772 00:35:46,250 --> 00:35:49,230 and we started to try debug me, tried to find out 773 00:35:49,230 --> 00:35:51,670 what was wrong with my pacemaker. 774 00:35:51,670 --> 00:35:54,610 And this is how that looks like. E: *laughing* 775 00:35:54,610 --> 00:35:58,370 M: So, there's a stack of different programmers 776 00:35:58,370 --> 00:36:02,410 - this is not me by the way, but it's a very similar situation. 777 00:36:02,410 --> 00:36:04,130 E: And we'll come back to those programmers in a moment. 778 00:36:04,130 --> 00:36:05,180 M: Yeah. E: But the bit I want you 779 00:36:05,180 --> 00:36:08,930 to focus on is, like, they're debugging your pacemaker? 780 00:36:08,930 --> 00:36:11,730 Inside you? M: Yeah, I didn't know 781 00:36:11,730 --> 00:36:12,890 what was happening at the time. 782 00:36:12,890 --> 00:36:15,260 We were just trying to get the settings right 783 00:36:15,260 --> 00:36:19,030 and it took like 2 or 3 months before we figured out what was wrong. 784 00:36:19,030 --> 00:36:23,860 And what happened was, that my operate limit was set to low for me, 785 00:36:23,860 --> 00:36:29,930 for my age. So, the normal pacemaker patient is maybe around 80 years old 786 00:36:29,930 --> 00:36:34,050 and the default operate limit was 160 beats/min. 787 00:36:34,050 --> 00:36:36,750 And that's pretty low for a young person. 788 00:36:36,750 --> 00:36:40,420 E: So, imagine, like, you're younger and you're really fit and you know 789 00:36:40,420 --> 00:36:43,930 how to do something really well, like swimming or skiing or skateboarding 790 00:36:43,930 --> 00:36:47,180 or whatever. You're fantastic at it. And then a couple years go past 791 00:36:47,180 --> 00:36:49,870 and you know, you gain some weight and you're not as good at it, right? 792 00:36:49,870 --> 00:36:53,040 But now imagine that happens in 3 seconds. 793 00:36:53,040 --> 00:36:54,580 While you're walking up a set of stairs. 794 00:36:54,580 --> 00:36:57,470 M: So, what happens is that the pacemaker detects 795 00:36:57,470 --> 00:37:01,570 'Oh, you have a really high pulse'. And there's a safety mechanism 796 00:37:01,570 --> 00:37:04,690 that will cut your pulse in half ... E: In half! 797 00:37:04,690 --> 00:37:07,380 *laughter* M: *laughing* So in my case it went 798 00:37:07,380 --> 00:37:11,050 from 160 beats/min to 80 beats/min. In a second, or less than a second, 799 00:37:11,050 --> 00:37:14,370 and that felt really, really horrible. 800 00:37:14,370 --> 00:37:16,480 And it took a long time to figure out what was wrong. 801 00:37:16,480 --> 00:37:20,890 It wasn't until they put me on an exercise bike and 802 00:37:20,890 --> 00:37:24,520 had me on monitoring that they figured out what was wrong, because 803 00:37:24,520 --> 00:37:31,400 the thing was, that what was displayed on the pacemaker technician's view 804 00:37:31,400 --> 00:37:35,730 was not the same settings that my pacemaker actually had. 805 00:37:35,730 --> 00:37:41,340 There was a software bug in the programmer, that caused this problem. 806 00:37:41,340 --> 00:37:45,610 E: So they thought they had updated her settings to be that of a young person. 807 00:37:45,610 --> 00:37:47,080 They were like 'Oh, we've already changed it'. 808 00:37:47,080 --> 00:37:51,390 But they lost the view. They couldn't see the actual state of the pacemaker. 809 00:37:51,390 --> 00:37:53,980 And the only way to figure that out was to put her on a bike 810 00:37:53,980 --> 00:37:57,190 and let her cycle until her heart rate was high enough. 811 00:37:57,190 --> 00:38:00,230 You know, literally physically debugging her to figure out 812 00:38:00,230 --> 00:38:00,850 what was wrong. 813 00:38:00,850 --> 00:38:04,250 Now stop and think about whether or not you would trust your doctor 814 00:38:04,250 --> 00:38:06,890 to debug software. 815 00:38:06,890 --> 00:38:10,800 *laughter* 816 00:38:10,800 --> 00:38:14,050 So, say a little bit more about those programmers and then we'll move on 817 00:38:14,050 --> 00:38:14,860 towards the future. 818 00:38:14,860 --> 00:38:19,240 M: Yeah, so, we got hold of one of these programmers, as mentioned 819 00:38:19,240 --> 00:38:20,500 and looked inside it. 820 00:38:20,500 --> 00:38:24,160 And, well, we named this talk 'Unpatchable', because 821 00:38:24,160 --> 00:38:29,930 originally my hypothesis was that, if you find a bug in a pacemaker 822 00:38:29,930 --> 00:38:32,630 it will be hard to patch it. 823 00:38:32,630 --> 00:38:34,550 Maybe it would require surgery. 824 00:38:34,550 --> 00:38:37,370 But then when we looked inside the programmer 825 00:38:37,370 --> 00:38:42,520 and we saw that it contained firmware for pacemakers we realized that 826 00:38:42,520 --> 00:38:46,170 it's possible to actually patch the pacemaker via this programmer. 827 00:38:46,170 --> 00:38:49,500 E: One of the other researchers finds these firmware blobs inside 828 00:38:49,500 --> 00:38:53,290 the programmer code and, like, my heart stopped at that point, right? 829 00:38:53,290 --> 00:39:00,160 I was just going 'Really, you can just update the code on someones pacemaker?' 830 00:39:00,160 --> 00:39:01,920 We also wanna say something about standardization. 831 00:39:01,920 --> 00:39:02,840 Look at all those different programmers. 832 00:39:02,840 --> 00:39:05,680 Someone goes into a hospital with one of these devices 833 00:39:05,680 --> 00:39:08,940 they have may different programmers so they have to make an estimation 834 00:39:08,940 --> 00:39:12,730 of which... you know, which programmer for which device. 835 00:39:12,730 --> 00:39:14,000 Like, which one are you running. 836 00:39:14,000 --> 00:39:18,070 And, so, some standardization would be an option *laughing* 837 00:39:18,070 --> 00:39:20,410 perhaps, in this case. M: Yeah. 838 00:39:20,410 --> 00:39:23,110 E: Alright. So, we gonna need to move quickly through 839 00:39:23,110 --> 00:39:25,400 the next few slides to talk to you about the future, 840 00:39:25,400 --> 00:39:28,940 but I hope that drives home that this is a very real issue for real people. 841 00:39:28,940 --> 00:39:32,770 M: So, pacemakers are evolving and they are getting smaller 842 00:39:32,770 --> 00:39:36,060 and this is the type of pacemaker that you can actually implant 843 00:39:36,060 --> 00:39:37,070 inside the heart. 844 00:39:37,070 --> 00:39:42,130 So, the pacemaker I have today is outside the heart and it has 845 00:39:42,130 --> 00:39:44,360 leads that are wired to my heart. 846 00:39:44,360 --> 00:39:50,600 But in future they are getting smaller and more sophisticated and 847 00:39:50,600 --> 00:39:52,730 I think this is exciting! 848 00:39:52,730 --> 00:39:54,950 I think that a lot of you, also in the audience will 849 00:39:54,950 --> 00:39:58,060 benefit from having this type of technology when you grow older 850 00:39:58,060 --> 00:40:02,050 and we can have longer lives and we can live more healthier lives 851 00:40:02,050 --> 00:40:04,680 because of the technology E: And keep in mind, right? 852 00:40:04,680 --> 00:40:06,900 Some of you may already have devices and already have this issues, 853 00:40:06,900 --> 00:40:09,550 but others of you will think 'Ah, that won't happen to me for quite a long time' 854 00:40:09,550 --> 00:40:13,200 But it can be a sudden thing, that, you know, you don't necessarily 855 00:40:13,200 --> 00:40:17,140 have a choice to run code inside your body. 856 00:40:17,140 --> 00:40:21,340 Which OS do you wanna implant? *laughing* 857 00:40:21,340 --> 00:40:25,220 You wanna tell them about the.. 858 00:40:25,220 --> 00:40:27,080 M: This is also a quite exciting 859 00:40:27,080 --> 00:40:29,610 maybe future type of implants that you can have. 860 00:40:29,610 --> 00:40:34,320 So, this is actually a cardiac sock, it's 3D-printed and it's making 861 00:40:34,320 --> 00:40:38,370 a rabbit's heart beat outside the body of the rabbit. 862 00:40:38,370 --> 00:40:41,270 So, there's a lot of technology and sensors and things that 863 00:40:41,270 --> 00:40:44,170 are going to be implanted in our bodies 864 00:40:44,170 --> 00:40:46,840 and I think more of you will become cyborgs like me in the future 865 00:40:46,840 --> 00:40:49,800 E: And there's a lot of work that you could be doing. 866 00:40:49,800 --> 00:40:51,400 You know, 3D-printing this devices, 867 00:40:51,400 --> 00:40:57,110 and open sourcing as much of this as possible. 868 00:40:57,110 --> 00:40:58,860 There's a lot to say here, right? 869 00:40:58,860 --> 00:41:02,860 I think it's time to address the really scary issue. 870 00:41:02,860 --> 00:41:07,550 The informed consent issue around patching, right? 871 00:41:07,550 --> 00:41:09,750 Remember earlier we were talking about the programmers 872 00:41:09,750 --> 00:41:11,980 and we pointed out that there were firmware blobs in there 873 00:41:11,980 --> 00:41:14,280 and that these people, you know, your doctor or nurse 874 00:41:14,280 --> 00:41:18,950 could upgrade the code running on your medical implant. 875 00:41:18,950 --> 00:41:23,760 Now, is there a legal requirement for them to inform you, 876 00:41:23,760 --> 00:41:26,650 before they alter the code that's running inside your body? 877 00:41:26,650 --> 00:41:27,490 As far as we can tell 878 00:41:27,490 --> 00:41:30,480 - and we need to look at a lot of different countries at the same time, 879 00:41:30,480 --> 00:41:32,330 so we gonna ask you to help us - 880 00:41:32,330 --> 00:41:34,690 as far as we can tell there are not laws requiring your doctor 881 00:41:34,690 --> 00:41:40,360 to tell you that they are upgrading the firmware in your device. 882 00:41:40,360 --> 00:41:43,780 M: Yeah, think about that * laughs* 883 00:41:43,780 --> 00:41:44,780 It's a quite scary thing. 884 00:41:44,780 --> 00:41:48,970 I want to know what's happening to my implant, the code, 885 00:41:48,970 --> 00:41:53,070 if someone wants to alter the code inside my body, I would like to know 886 00:41:53,070 --> 00:41:57,250 and I would like to make an informed decision on that 887 00:41:57,250 --> 00:41:59,470 and give my consent before it happens. 888 00:41:59,470 --> 00:42:02,230 E: You might even choose a device where that's possible or not possible 889 00:42:02,230 --> 00:42:05,640 because you're making a risk-based decision and you're an informed consumer 890 00:42:05,640 --> 00:42:07,800 but how do we help people, who don't wanna understand 891 00:42:07,800 --> 00:42:11,190 software and firmware and upgrades make those decisions in the future as well. 892 00:42:11,190 --> 00:42:15,570 Alright. 893 00:42:15,570 --> 00:42:17,320 M: So now, if we're going to go through 894 00:42:17,320 --> 00:42:21,950 all this, but there's a lot of reasons why we're in the situations of having 895 00:42:21,950 --> 00:42:23,870 insecure medical devices. 896 00:42:23,870 --> 00:42:29,040 There's a lot of legacy technology because there's a long lifetime of this devices 897 00:42:29,040 --> 00:42:31,910 and it takes a long time to get them on the market. 898 00:42:31,910 --> 00:42:35,680 And they can be patched, but in some cases 899 00:42:35,680 --> 00:42:40,790 they are not patched or there are no software updates applied to them. 900 00:42:40,790 --> 00:42:48,030 We don't have any third party security testing of the devices, 901 00:42:48,030 --> 00:42:49,490 and that's really needed in my opinion. 902 00:42:49,490 --> 00:42:50,770 E: Right, an underwriters laboratory 903 00:42:50,770 --> 00:42:55,190 or consumer laboratory that's there to check some of these details. 904 00:42:55,190 --> 00:42:58,590 And I don't think that's unreasonable, right? That sort of approach. 905 00:42:58,590 --> 00:43:02,040 M: And there's a lack of regulations, also. So there's a lot of things 906 00:43:02,040 --> 00:43:04,610 that should be worked on. 907 00:43:04,610 --> 00:43:07,270 E: So, there's a lot of ways to solve this 908 00:43:07,270 --> 00:43:09,640 and we're not gonna give you *the* answer, because we're not 909 00:43:09,640 --> 00:43:13,420 geniuses, so we're gonna say that 910 00:43:13,420 --> 00:43:16,370 these are some different approaches that we see all 911 00:43:16,370 --> 00:43:19,700 playing in a solution space. 912 00:43:19,700 --> 00:43:22,270 So, vendor awareness is obviously important, but 913 00:43:22,270 --> 00:43:23,950 that's not the only thing. A lot of the vendors have been 914 00:43:23,950 --> 00:43:27,890 very supportive and very open to discussion, 915 00:43:27,890 --> 00:43:31,750 of transparency, that needs to happen more in the future, right? 916 00:43:31,750 --> 00:43:34,390 Security risk monitoring, I've been working in the field 917 00:43:34,390 --> 00:43:38,600 of cyber insurance, which I'm sure sounds like insanity to the rest of you, 918 00:43:38,600 --> 00:43:42,880 and it is, there are bad days. But that could play a part 919 00:43:42,880 --> 00:43:45,530 in this risk equation in the future. 920 00:43:45,530 --> 00:43:49,710 What about medical incidence response, right? Or medical device forensics. 921 00:43:49,710 --> 00:43:53,660 M: If I suddenly drop dead I really would like to have 922 00:43:53,660 --> 00:43:57,160 a forensic analysis of my pacemaker, to ... 923 00:43:57,160 --> 00:44:00,960 E: Please remember that, all of you! Like, if anything is going to happen 924 00:44:00,960 --> 00:44:04,660 to Marie... everyone asked that, right? Like, 'Aren't you afraid of giving this talk?' 925 00:44:04,660 --> 00:44:06,950 And we thought about it, we talked about it a lot and 926 00:44:06,950 --> 00:44:09,500 she's got a lot of support from her husband and her son 927 00:44:09,500 --> 00:44:12,880 and her family and a bunch of us. If anything happens to this woman 928 00:44:12,880 --> 00:44:15,380 I hope that we will all be doing forensic analysis 929 00:44:15,380 --> 00:44:17,110 of everything. 930 00:44:17,110 --> 00:44:24,580 *applause* 931 00:44:24,580 --> 00:44:32,470 Cool. So, we'll say a little bit about 'I Am The Cavalry' and social contract 932 00:44:32,470 --> 00:44:34,590 and then we'll wrap it up, okay? 933 00:44:34,590 --> 00:44:37,840 So, 'I Am The Cavalry' does a lot of grassroots research 934 00:44:37,840 --> 00:44:41,450 and support and lobbying and tries to articulate these messages. 935 00:44:41,450 --> 00:44:44,230 They have a medical implant arm that has a bunch of 936 00:44:44,230 --> 00:44:46,350 different researchers doing this kind of stuff. 937 00:44:46,350 --> 00:44:48,580 Do you wanna say more about them? 938 00:44:48,580 --> 00:44:52,430 M: Yeah, so we are both part of the Cavalry, 939 00:44:52,430 --> 00:44:56,000 because no one is coming to save us from the future 940 00:44:56,000 --> 00:44:59,840 of being more depended on trusting our lives on machines 941 00:44:59,840 --> 00:45:04,390 so, that's why we need to step up and do the research and 942 00:45:04,390 --> 00:45:06,550 encourage and inspire the research. 943 00:45:06,550 --> 00:45:09,460 So, that's why I joined 'I Am The Cavalry' 944 00:45:09,460 --> 00:45:12,750 and I think it's a good thing to have 945 00:45:12,750 --> 00:45:15,660 a collaboration effort between researchers, between the vendors 946 00:45:15,660 --> 00:45:21,060 and the regulators, as they are, or we are working with. 947 00:45:21,060 --> 00:45:25,010 E: We also think that even if you don't do reverse engineering 948 00:45:25,010 --> 00:45:28,040 or you're not interested in security details or the opcodes 949 00:45:28,040 --> 00:45:30,130 that are inside the firmwares or whatever, 950 00:45:30,130 --> 00:45:33,060 this question is a question that any of you here can talk about 951 00:45:33,060 --> 00:45:36,310 for the rest of the congress and going forward into the future. 952 00:45:36,310 --> 00:45:37,240 Right? 953 00:45:37,240 --> 00:45:39,990 This is Marie's, so go ahead. 954 00:45:39,990 --> 00:45:47,820 M: Yeah, so, I really want to know what code is running inside my body. 955 00:45:47,820 --> 00:45:49,030 And I want to know ... 956 00:45:49,030 --> 00:45:55,390 or I want to have a social contract with my medical doctors and 957 00:45:55,390 --> 00:45:58,780 my physician that is giving me this implants. 958 00:45:58,780 --> 00:46:05,570 It needs to be based on a patient-to-doctor trust relationship. 959 00:46:05,570 --> 00:46:08,620 And also between me and the vendors. 960 00:46:08,620 --> 00:46:13,210 So I really want to know that I can trust this machine inside... 961 00:46:13,210 --> 00:46:15,510 E: And we think many of you will be facing similar questions 962 00:46:15,510 --> 00:46:17,000 to these in the future. 963 00:46:17,000 --> 00:46:20,240 I have questions. Some of my questions are serious, 964 00:46:20,240 --> 00:46:25,260 some of my questions are not serious, like this one: 965 00:46:25,260 --> 00:46:27,770 Is the code on your dress from your pacemaker? 966 00:46:27,770 --> 00:46:31,660 M: No, actually it's from the computer game 'Doom'. 967 00:46:31,660 --> 00:46:33,090 But ... *laughter* 968 00:46:33,090 --> 00:46:36,180 once I have the *laughing* code of my pacemaker 969 00:46:36,180 --> 00:46:38,790 I'm going to make a custom- ordered dress and get it... 970 00:46:38,790 --> 00:46:44,970 E: Which is pretty cool, right? M: ... get it with my own code. 971 00:46:44,970 --> 00:46:48,710 *applause* 972 00:46:48,710 --> 00:46:53,710 So, let's wrap up with... what we want to have of future research. 973 00:46:53,710 --> 00:46:57,190 So, we encourage more research, and these are some things that 974 00:46:57,190 --> 00:46:59,220 could be looked into. 975 00:46:59,220 --> 00:47:02,970 Like open source medical devices, that doesn't really exist, 976 00:47:02,970 --> 00:47:05,320 at least not for pacemakers. 977 00:47:05,320 --> 00:47:09,180 But I think that's one way of going forward. 978 00:47:09,180 --> 00:47:13,710 E: I think it's also an opportunity for us to mention a really scary idea, 979 00:47:13,710 --> 00:47:18,200 which is, you know, should anyone have a golden key to Marie's heart, 980 00:47:18,200 --> 00:47:22,070 should there be backdoored encryption inside of her heart? 981 00:47:22,070 --> 00:47:24,910 We think no *laughing* but that... 982 00:47:24,910 --> 00:47:28,290 M: I don't see any reason why the NSA should be able to 983 00:47:28,290 --> 00:47:31,130 have a back door to my heart, do you? 984 00:47:31,130 --> 00:47:33,890 E: You would be an extremist, that's why you don't want them 985 00:47:33,890 --> 00:47:37,380 to have a back door to your heart. But this is a serious question, right? 986 00:47:37,380 --> 00:47:39,480 If you start backdooring any kind of crypto anywhere, 987 00:47:39,480 --> 00:47:41,320 how do you know, where it's gonna end up. 988 00:47:41,320 --> 00:47:46,550 It might end up in medical devices and we think that's unacceptable. 989 00:47:46,550 --> 00:47:58,410 *applause* 990 00:47:58,410 --> 00:48:05,400 M: And we should also mention that we're not doing this alone, 991 00:48:05,400 --> 00:48:09,280 we have other researchers helping us forward doing this. 992 00:48:09,280 --> 00:48:12,230 Angel: So, thank you very much for this thrilling talk, 993 00:48:12,230 --> 00:48:15,250 we're now doing a little Q&A for 10 min, 994 00:48:15,250 --> 00:48:19,630 and for the Q&A please keep in mind to respect Marie's privacy, so 995 00:48:19,630 --> 00:48:23,340 don't ask for details about 996 00:48:23,340 --> 00:48:24,760 the implant or something like that. 997 00:48:24,760 --> 00:48:26,820 E: Yeah, the brands and stuff. 998 00:48:26,820 --> 00:48:29,530 We're gonna tell you, what OS she's running. 999 00:48:29,530 --> 00:48:35,130 Angel: People, who are now leaving the room, they will not be able 1000 00:48:35,130 --> 00:48:41,440 to come back in, because 1001 00:48:41,440 --> 00:48:43,030 of measures *laughing* *laughter* 1002 00:48:43,030 --> 00:48:48,320 So, let's start with the Q&A! Let's start with this microphone there. 1003 00:48:48,320 --> 00:48:54,100 Q: Hi, first of all thank you very much for a very fascinating talk. 1004 00:48:54,100 --> 00:48:56,640 I'm not going to ask you about specific vendors. 1005 00:48:56,640 --> 00:49:01,340 However, I thought it was very interesting what you said, that 1006 00:49:01,340 --> 00:49:05,720 most vendors were really supportive I would like to know whether 1007 00:49:05,720 --> 00:49:09,100 there have been exceptions to that rule, 1008 00:49:09,100 --> 00:49:13,760 not who it was or anything like that but what kind of arguments 1009 00:49:13,760 --> 00:49:19,270 you may have heard from vendors e. g. have they referred to anything 1010 00:49:19,270 --> 00:49:24,220 such as trade secrets or copyright or any other legal reasons 1011 00:49:24,220 --> 00:49:28,100 why not to give you, or not to give public access 1012 00:49:28,100 --> 00:49:33,210 to information about devices? Thank you. 1013 00:49:33,210 --> 00:49:41,560 E: So, we haven't had any legal issues so far in this research. 1014 00:49:41,560 --> 00:49:44,940 And in general they haven't been concerned about copyright. 1015 00:49:44,940 --> 00:49:47,840 I think they're more concerned about press, bad press, 1016 00:49:47,840 --> 00:49:51,110 and a hype, you know, what they would see as hype. 1017 00:49:51,110 --> 00:49:55,160 they don't wanna see us scaring people away from these things 1018 00:49:55,160 --> 00:49:56,420 with, you know, these stories. 1019 00:49:56,420 --> 00:50:00,290 M: Yeah, that's also something I'm concerned of, of course, 1020 00:50:00,290 --> 00:50:03,230 as a patient. I don't want to scare my fellow patients 1021 00:50:03,230 --> 00:50:06,000 from having life-critical implants in their body. 1022 00:50:06,000 --> 00:50:10,700 Because a lot of people need them, like me, to survive. 1023 00:50:10,700 --> 00:50:15,820 So, the benefit clearly outweighs the risk in my case. 1024 00:50:15,820 --> 00:50:18,810 E: But that seems to be their main concern, like, you know, 1025 00:50:18,810 --> 00:50:19,760 'Don't give us too much bad press' 1026 00:50:19,760 --> 00:50:25,200 Angel: Ok, next question from over there. 1027 00:50:25,200 --> 00:50:31,900 Q: Hello. I wanted to ask you, if you know about any existing initiatives 1028 00:50:31,900 --> 00:50:35,480 on open sourcing the medical devices, 1029 00:50:35,480 --> 00:50:40,250 on mandating the open sourcing of the software and firmware 1030 00:50:40,250 --> 00:50:43,980 through the legal system, in European Union, in United States 1031 00:50:43,980 --> 00:50:47,760 because I think I've read about such initiatives 1032 00:50:47,760 --> 00:50:51,050 about 1 year ago or so, but it was just a glimpse. 1033 00:50:51,050 --> 00:50:56,170 M: So, there are some patients that have reverse engineered their 1034 00:50:56,170 --> 00:50:57,780 *no audio* 1035 00:50:57,780 --> 00:51:04,310 (insu)lin pumps. I know, that there are groups of patients 1036 00:51:04,310 --> 00:51:07,740 like the parents of children with insulin pumps. 1037 00:51:07,740 --> 00:51:10,760 They have created software to be able... 1038 00:51:10,760 --> 00:51:14,180 to have an app on their mobile phone to be able 1039 00:51:14,180 --> 00:51:17,410 to monitor their child's blood sugar levels. 1040 00:51:17,410 --> 00:51:21,390 So that's one way of doing this open source 1041 00:51:21,390 --> 00:51:23,250 and I think that's great. 1042 00:51:23,250 --> 00:51:26,540 Q: But nothing in the legal systems, 1043 00:51:26,540 --> 00:51:32,640 no initiatives to mandate this, e.g. on European level? 1044 00:51:32,640 --> 00:51:34,480 E: Not so far that we've seen, 1045 00:51:34,480 --> 00:51:36,280 but that's something that can be discussed now, right? 1046 00:51:36,280 --> 00:51:38,770 M: I think it's really interesting, you could look into the legal 1047 00:51:38,770 --> 00:51:41,760 aspects and the regulations around this, yeah. 1048 00:51:41,760 --> 00:51:43,050 Q: Thank you. 1049 00:51:43,050 --> 00:51:45,510 Angel: Ok, can we have a question from the internet? 1050 00:51:45,510 --> 00:51:49,250 Q: Yes, from the IRC someone asks: 1051 00:51:49,250 --> 00:51:52,890 'Does your pacemaker have a biofeedback, 1052 00:51:52,890 --> 00:51:56,300 so in case something bad happens it starts to defibrillate? 1053 00:51:56,300 --> 00:52:02,920 M: No, I don't have an ICD, so in my case I'm not getting a shock 1054 00:52:02,920 --> 00:52:06,380 in case my heart stops. Because I have a different condition 1055 00:52:06,380 --> 00:52:08,620 I only need to have my rhythm corrected. 1056 00:52:08,620 --> 00:52:11,230 But there are other types of conditions, 1057 00:52:11,230 --> 00:52:14,420 that require pacemakers that can deliver shocks. 1058 00:52:14,420 --> 00:52:18,130 Angel: Ok, one question from that microphone there. 1059 00:52:18,130 --> 00:52:20,220 Q: Thank you very much. At one point you mentioned 1060 00:52:20,220 --> 00:52:24,870 that the connectivity in you pacemaker is off. For now. 1061 00:52:24,870 --> 00:52:28,900 And, is that something, that patients are asked during the process, 1062 00:52:28,900 --> 00:52:32,170 or is that something, patients have to require? 1063 00:52:32,170 --> 00:52:35,530 And generally: What role do you see for the choice 1064 00:52:35,530 --> 00:52:39,430 not to have any connectivity or any security for that matter, 1065 00:52:39,430 --> 00:52:41,870 that technology would make available to you? 1066 00:52:41,870 --> 00:52:47,120 So, how do you see the possibility to choose a more risky life 1067 00:52:47,120 --> 00:52:49,640 in terms of trading in for privacy, whatever? 1068 00:52:49,640 --> 00:52:52,310 M: Yeah, I think that's really a relevant question. 1069 00:52:52,310 --> 00:52:58,130 As we mentioned in the social contract, 1070 00:52:58,130 --> 00:53:03,640 I really would like, that the doctors informed patients about 1071 00:53:03,640 --> 00:53:07,930 their different wireless interfaces and that there's an informed decision 1072 00:53:07,930 --> 00:53:10,960 whether or not to switch it on. 1073 00:53:10,960 --> 00:53:14,560 So, in my case, I don't have it switched on and ... 1074 00:53:14,560 --> 00:53:17,750 I don't need it, so there's no reason why I need to have it switched on. 1075 00:53:17,750 --> 00:53:21,760 But then, again, why did I get an implant that has this capability? 1076 00:53:21,760 --> 00:53:29,200 I should have had the option of opting out of it, but I didn't get that. 1077 00:53:29,200 --> 00:53:31,980 They didn't ask me, or they didn't inform me of that, 1078 00:53:31,980 --> 00:53:34,720 before I got the implant. It was chosen for me. 1079 00:53:34,720 --> 00:53:40,740 And at that time I hadn't looked into the security of medical devices, 1080 00:53:40,740 --> 00:53:43,470 and I needed to have the implant, 1081 00:53:43,470 --> 00:53:46,200 so I couldn't really make an informed decision. 1082 00:53:46,200 --> 00:53:49,140 A lot of patients that are, like, older and not so... 1083 00:53:49,140 --> 00:53:55,240 that don't really understand the technology, 1084 00:53:55,240 --> 00:54:00,040 they can't make that informed decision, like I can. 1085 00:54:00,040 --> 00:54:02,590 So, it's really a complex issue 1086 00:54:02,590 --> 00:54:06,480 and something that we need to discuss more. 1087 00:54:06,480 --> 00:54:09,270 Angel: Ok, another question from there. 1088 00:54:09,270 --> 00:54:11,490 Q: Yeah, thanks. 1089 00:54:11,490 --> 00:54:14,430 As a hacker, connected personally 1090 00:54:14,430 --> 00:54:19,290 and professionally to the medical world: 1091 00:54:19,290 --> 00:54:25,300 How can I educate doctors, nurses, medical people 1092 00:54:25,300 --> 00:54:30,530 about the security risks presented by connected medical devices? 1093 00:54:30,530 --> 00:54:34,870 What can I tell them? Do you have something 1094 00:54:34,870 --> 00:54:37,670 from your own experience I could somehow ... 1095 00:54:37,670 --> 00:54:42,230 M: Yeah, so, the issue of software bugs in the devices 1096 00:54:42,230 --> 00:54:48,220 I think is a real scenario that can happen and ... 1097 00:54:48,220 --> 00:54:50,380 E: Yeah, if you can repeat that story of debugging her, 1098 00:54:50,380 --> 00:54:53,790 like, I think, that makes the point. And then try in adopt that 1099 00:54:53,790 --> 00:54:56,690 hygiene-metaphor that we had before, where, you know, 1100 00:54:56,690 --> 00:54:59,560 people didn't believe in germs, and these problems before, 1101 00:54:59,560 --> 00:55:01,990 we're in that sort of era, and we're still figuring out 1102 00:55:01,990 --> 00:55:05,170 what the scope of potential security and privacy problems are 1103 00:55:05,170 --> 00:55:07,440 for medical devices. In the meantime 1104 00:55:07,440 --> 00:55:10,290 please be open to new research on this subject, right? 1105 00:55:10,290 --> 00:55:12,330 And that story is a fantastic illustration, 1106 00:55:12,330 --> 00:55:16,980 that we don't need evil hacker typer, you know, bond villain, 1107 00:55:16,980 --> 00:55:22,150 we just need failure to debug programming station, properly, right? 1108 00:55:22,150 --> 00:55:23,580 Q: Thank you very much. 1109 00:55:23,580 --> 00:55:26,150 Angel: Ok, another question from the internet. 1110 00:55:26,150 --> 00:55:28,510 Q: Yes, from the IRC: 1111 00:55:28,510 --> 00:55:34,240 '20 years ago it was common, that a magnet had to be placed 1112 00:55:34,240 --> 00:55:40,300 on the patients chest to activate the pacemakers remote configuration interface. 1113 00:55:40,300 --> 00:55:42,250 Is that no longer the case today?' 1114 00:55:42,250 --> 00:55:45,910 E: It's still the case with some devices, but not with all of them I think. 1115 00:55:45,910 --> 00:55:52,240 M: Yeah, it varies between the devices, how they are programmed and 1116 00:55:52,240 --> 00:55:58,200 how long distance you can be from the device. 1117 00:55:58,200 --> 00:56:02,640 Q: Thank you for the talk. I've some medical devices 1118 00:56:02,640 --> 00:56:10,220 in myself to, an insulin pump and sensors to measure the blood sugar levels, 1119 00:56:10,220 --> 00:56:15,640 I'm busy with hacking that and to write the software for myself, 1120 00:56:15,640 --> 00:56:17,940 because the *** doesn't have the software. 1121 00:56:17,940 --> 00:56:24,790 Have you ever think about it, to write your own software for your pacemaker? 1122 00:56:24,790 --> 00:56:27,190 E: *laughing* M: *laughing* 1123 00:56:27,190 --> 00:56:33,800 M: No, I haven't thought about that until now. No. *laughing* 1124 00:56:33,800 --> 00:56:37,820 E: Fantastic, I think that deserves a round of applause, though, 1125 00:56:37,820 --> 00:56:40,130 because that's exactly what we're talking about. 1126 00:56:40,130 --> 00:56:42,340 *applause* 1127 00:56:42,340 --> 00:56:46,400 Angel: Another question from there. 1128 00:56:46,400 --> 00:56:52,850 Q: First off, I want to say thank you that you gave this talk, because 1129 00:56:52,850 --> 00:56:55,700 once it's quite interesting, but it's not that talk, 1130 00:56:55,700 --> 00:56:59,870 anyone of that is effected could hold, 1131 00:56:59,870 --> 00:57:04,530 so, it takes quiet some courage and 1132 00:57:04,530 --> 00:57:06,740 I want to say thank you. So 1133 00:57:06,740 --> 00:57:12,370 *applause* 1134 00:57:12,370 --> 00:57:15,010 Secondly, thank you for giving me the 1135 00:57:15,010 --> 00:57:18,350 update. I started medical technology but 1136 00:57:18,350 --> 00:57:21,740 I finished ten years ago and I didn't work 1137 00:57:21,740 --> 00:57:22,150 in the area and it's quiet interesting to 1138 00:57:22,150 --> 00:57:24,020 see what happened in the meantime, but 1139 00:57:24,020 --> 00:57:24,800 now for my actual question: 1140 00:57:24,800 --> 00:57:28,300 You said you got devices on ebay, is it 1141 00:57:28,300 --> 00:57:29,720 possible to get the hole 1142 00:57:29,720 --> 00:57:30,980 communication chain? 1143 00:57:30,980 --> 00:57:34,680 So you can make a sandbox test or .. 1144 00:57:34,680 --> 00:57:37,810 M: Yes it's possible to get devices, 1145 00:57:37,810 --> 00:57:40,240 it's not so easy to get the pacemaker 1146 00:57:40,240 --> 00:57:42,080 itself , it's quite expensive. 1147 00:57:42,080 --> 00:57:44,130 E: And even when we get one, 1148 00:57:44,130 --> 00:57:46,310 we have some paring issues and like 1149 00:57:46,310 --> 00:57:48,020 Marie can't be in the same room , when 1150 00:57:48,020 --> 00:57:49,500 we were doing a curtain types of testing 1151 00:57:49,500 --> 00:57:52,910 and right, so that last piece is difficult 1152 00:57:52,910 --> 00:57:54,590 but the rest of the chain is pretty 1153 00:57:54,590 --> 00:57:56,230 available for the research. 1154 00:57:56,230 --> 00:57:57,460 Q: Ok, thank you. 1155 00:57:57,460 --> 00:57:59,690 Angel: So, time is running out, so we, 1156 00:57:59,690 --> 00:58:02,500 only time left for one question and from 1157 00:58:02,500 --> 00:58:03,110 there please. 1158 00:58:03,110 --> 00:58:06,340 Q: Thank you. I'm also involved in 1159 00:58:06,340 --> 00:58:09,620 software quality checks and software qs 1160 00:58:09,620 --> 00:58:13,070 here in Germany also with medical developments 1161 00:58:13,070 --> 00:58:15,900 and as far as I know, it is the most 1162 00:58:15,900 --> 00:58:18,580 restricted area of developing products 1163 00:58:18,580 --> 00:58:21,180 I think in the world, 1164 00:58:21,180 --> 00:58:24,710 it's just easier to manipulate software 1165 00:58:24,710 --> 00:58:27,750 in a car X-source system or breaking guard 1166 00:58:27,750 --> 00:58:29,590 or something like this, where you don't 1167 00:58:29,590 --> 00:58:34,020 have to show any testing certificate or 1168 00:58:34,020 --> 00:58:35,940 something like this, the FDA is a very 1169 00:58:35,940 --> 00:58:37,980 high regulation part there. 1170 00:58:37,980 --> 00:58:41,920 Do you have the feeling that it's a 1171 00:58:41,920 --> 00:58:44,590 general issue that patients do not have 1172 00:58:44,590 --> 00:58:47,670 access to these FDA compliant tests and 1173 00:58:47,670 --> 00:58:48,800 software q-a-systems? 1174 00:58:48,800 --> 00:58:53,330 M: Yeah, I think that we should have 1175 00:58:53,330 --> 00:58:56,160 more openness and more transparency 1176 00:58:56,160 --> 00:58:58,320 about, around this issues , really. 1177 00:58:58,320 --> 00:59:01,680 E: I mean, it's fantastic you do quality 1178 00:59:01,680 --> 00:59:03,060 assurance, i used to be in quality assurance 1179 00:59:03,060 --> 00:59:06,260 at a large cooperation and I got tiered 1180 00:59:06,260 --> 00:59:08,620 and landed in strategy and pen testing and 1181 00:59:08,620 --> 00:59:10,420 then I just thought of myself as paramilitary 1182 00:59:10,420 --> 00:59:11,130 quality assurence , .. 1183 00:59:11,130 --> 00:59:15,870 now I just do it on ever I wanne test, so 1184 00:59:15,870 --> 00:59:17,790 thank you for doing q-a and keep doing it 1185 00:59:17,790 --> 00:59:19,790 and hopefull you don't have to many regulations 1186 00:59:19,790 --> 00:59:21,570 but companies sharing more of this 1187 00:59:21,570 --> 00:59:23,590 information, its really the transparency 1188 00:59:23,590 --> 00:59:25,370 and the discussion, the open dialogue 1189 00:59:25,370 --> 00:59:28,070 with patients and doctor and a vendor is 1190 00:59:28,070 --> 00:59:30,650 really what we wanna focus on and make 1191 00:59:30,650 --> 00:59:32,840 our final note ? M: Yeah. 1192 00:59:32,840 --> 00:59:35,570 M: We see some problems already 1193 00:59:35,570 --> 00:59:37,540 the last year, the MI Undercover Group has 1194 00:59:37,540 --> 00:59:42,040 had some great progress on having good 1195 00:59:42,040 --> 00:59:46,390 discussions with the FDA and also involving 1196 00:59:46,390 --> 00:59:49,090 the medical device vendors in the discussions 1197 00:59:49,090 --> 00:59:51,440 about cyber security of medical devices 1198 00:59:51,440 --> 00:59:52,850 and implants. so thats great and I hope 1199 00:59:52,850 --> 00:59:54,800 that this will be even better the next year. 1200 00:59:54,800 --> 00:59:57,170 E: And I think you wanne to say 1201 00:59:57,170 --> 00:59:59,000 one more thing to congress before we leave 1202 00:59:59,000 --> 00:59:59,490 which is: 1203 00:59:59,490 --> 01:00:01,280 M: Hack to save lives! 1204 01:00:01,280 --> 01:00:04,709 *applaus* 1205 01:00:04,709 --> 01:00:09,428 ♪ postroll music ♪ 1206 01:00:09,428 --> 01:00:16,000 subtitles created by c3subtitles.de Join, and help us!