Our investigation shows that an implantable cardioverter
defibrillator (1) is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry, and (2) may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered. Moreover, standard approaches for security and access control may not always be suitable for IMDs due to tensions between security (e.g., access for pre-authorized parties only) and safety (e.g., access for previously unauthorized parties in emergency circumstances)
Nsa will have e911 equivalent and warrantable backdoor to anything DMV/govt approved, though one would think.
[1] Some physical design limits were cpu and power, plus other operational concerns.
Our investigation shows that an implantable cardioverter defibrillator (1) is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry, and (2) may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered. Moreover, standard approaches for security and access control may not always be suitable for IMDs due to tensions between security (e.g., access for pre-authorized parties only) and safety (e.g., access for previously unauthorized parties in emergency circumstances)
Nsa will have e911 equivalent and warrantable backdoor to anything DMV/govt approved, though one would think.
[1] Some physical design limits were cpu and power, plus other operational concerns.