[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.35,0:00:03.100,Default,,0000,0000,0000,,♪ preroll music ♪
Dialogue: 0,0:00:03.100,0:00:10.94,Default,,0000,0000,0000,,Angel: The next talk will start now
Dialogue: 0,0:00:10.94,0:00:12.83,Default,,0000,0000,0000,,and will be 'Unpatchable -
Dialogue: 0,0:00:12.83,0:00:15.25,Default,,0000,0000,0000,,living with a vulnerable\Nimplanted device'
Dialogue: 0,0:00:15.25,0:00:18.24,Default,,0000,0000,0000,,by Dr. Marie Moe and Eireann Leverett.
Dialogue: 0,0:00:18.24,0:00:22.18,Default,,0000,0000,0000,,Give them a warm round\Nof applause please.
Dialogue: 0,0:00:22.18,0:00:29.04,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:00:33.30,0:00:38.80,Default,,0000,0000,0000,,{\i1}heart monitor beep sounds start{\i0}
Dialogue: 0,0:00:38.80,0:00:40.49,Default,,0000,0000,0000,,So, we are here today
Dialogue: 0,0:00:40.49,0:00:41.76,Default,,0000,0000,0000,,to talk to you about a subject
Dialogue: 0,0:00:41.76,0:00:44.53,Default,,0000,0000,0000,,that is really close to my heart.
Dialogue: 0,0:00:44.53,0:00:46.35,Default,,0000,0000,0000,,I have a medical implant.
Dialogue: 0,0:00:46.35,0:00:48.97,Default,,0000,0000,0000,,A pacemaker, that is generating
Dialogue: 0,0:00:48.97,0:00:51.69,Default,,0000,0000,0000,,every single beat of my heart.
Dialogue: 0,0:00:51.69,0:00:56.08,Default,,0000,0000,0000,,But how can I trust my own heart,
Dialogue: 0,0:00:56.08,0:00:58.35,Default,,0000,0000,0000,,when it's being controlled by a machine,
Dialogue: 0,0:00:58.35,0:01:00.33,Default,,0000,0000,0000,,running a proprietary code,
Dialogue: 0,0:01:00.33,0:01:03.53,Default,,0000,0000,0000,,and there is no transparency?
Dialogue: 0,0:01:03.53,0:01:05.57,Default,,0000,0000,0000,,So I'm a patient,
Dialogue: 0,0:01:05.57,0:01:08.63,Default,,0000,0000,0000,,but I'm also a security researcher.
Dialogue: 0,0:01:08.63,0:01:10.86,Default,,0000,0000,0000,,I'm a hacker, because I like
Dialogue: 0,0:01:10.86,0:01:13.39,Default,,0000,0000,0000,,to figure out how things work.
Dialogue: 0,0:01:13.39,0:01:15.01,Default,,0000,0000,0000,,That's why I started a project
Dialogue: 0,0:01:15.01,0:01:16.34,Default,,0000,0000,0000,,on breaking my own heart,
Dialogue: 0,0:01:16.34,0:01:17.30,Default,,0000,0000,0000,,together with Eireann
Dialogue: 0,0:01:17.30,0:01:19.80,Default,,0000,0000,0000,,and a couple of friends.
Dialogue: 0,0:01:19.80,0:01:22.72,Default,,0000,0000,0000,,Because I really want to know
Dialogue: 0,0:01:22.72,0:01:24.27,Default,,0000,0000,0000,,what protocols are running
Dialogue: 0,0:01:24.27,0:01:27.26,Default,,0000,0000,0000,,in this machine inside my body.
Dialogue: 0,0:01:27.26,0:01:29.43,Default,,0000,0000,0000,,Is the crypto correctly implemented?
Dialogue: 0,0:01:29.43,0:01:32.98,Default,,0000,0000,0000,,Does it even have crypto?
Dialogue: 0,0:01:34.94,0:01:38.14,Default,,0000,0000,0000,,So I'm here to inspire you today.
Dialogue: 0,0:01:38.14,0:01:40.88,Default,,0000,0000,0000,,I want more people\Nto hack to save lives.
Dialogue: 0,0:01:40.88,0:01:44.05,Default,,0000,0000,0000,,Because we are all becoming
Dialogue: 0,0:01:44.05,0:01:47.99,Default,,0000,0000,0000,,more and more dependent on machines.
Dialogue: 0,0:01:47.99,0:01:49.100,Default,,0000,0000,0000,,Maybe some of you in the audience
Dialogue: 0,0:01:49.100,0:01:51.93,Default,,0000,0000,0000,,also have medical implants,
Dialogue: 0,0:01:51.93,0:01:52.84,Default,,0000,0000,0000,,maybe you know someone
Dialogue: 0,0:01:52.84,0:01:57.84,Default,,0000,0000,0000,,that's also depending on\Nmedical implants
Dialogue: 0,0:01:57.84,0:02:00.12,Default,,0000,0000,0000,,Imagine that this is your heartbeat
Dialogue: 0,0:02:00.12,0:02:04.38,Default,,0000,0000,0000,,and it's being controlled by a device.
Dialogue: 0,0:02:04.38,0:02:06.35,Default,,0000,0000,0000,,A device, that might fail.
Dialogue: 0,0:02:06.35,0:02:09.68,Default,,0000,0000,0000,,Due to software bugs,
Dialogue: 0,0:02:09.68,0:02:11.82,Default,,0000,0000,0000,,due to hardware failures.
Dialogue: 0,0:02:11.82,0:02:14.49,Default,,0000,0000,0000,,{\i1}additional background sound:\Nreal heartbeat{\i0}
Dialogue: 0,0:02:14.49,0:02:17.69,Default,,0000,0000,0000,,Wouldn't you also like to know
Dialogue: 0,0:02:17.69,0:02:21.39,Default,,0000,0000,0000,,if it has security vulnerabilities?
Dialogue: 0,0:02:21.39,0:02:23.68,Default,,0000,0000,0000,,If it can be trusted?
Dialogue: 0,0:02:26.95,0:02:32.11,Default,,0000,0000,0000,,{\i1}sounds stop{\i0}\N{\i1}beeeeep{\i0}
Dialogue: 0,0:02:32.11,0:02:35.94,Default,,0000,0000,0000,,E: Something to think about, right?
Dialogue: 0,0:02:35.94,0:02:37.23,Default,,0000,0000,0000,,M: Yeah.
Dialogue: 0,0:02:37.23,0:02:40.14,Default,,0000,0000,0000,,E: Marie is an incredibly\Nbrave women.
Dialogue: 0,0:02:40.14,0:02:42.94,Default,,0000,0000,0000,,When she asked me to give this talk
Dialogue: 0,0:02:42.94,0:02:44.64,Default,,0000,0000,0000,,it made me nervous, right?
Dialogue: 0,0:02:44.64,0:02:46.76,Default,,0000,0000,0000,,It's such a personal story.
Dialogue: 0,0:02:46.76,0:02:48.86,Default,,0000,0000,0000,,Such a journey as well.
Dialogue: 0,0:02:48.86,0:02:49.88,Default,,0000,0000,0000,,And she's gonna talk to you
Dialogue: 0,0:02:49.88,0:02:51.46,Default,,0000,0000,0000,,about a lot of things, right?
Dialogue: 0,0:02:51.46,0:02:53.64,Default,,0000,0000,0000,,Not just hacking medical devices
Dialogue: 0,0:02:53.64,0:02:54.95,Default,,0000,0000,0000,,from a safety point of view
Dialogue: 0,0:02:54.95,0:02:57.51,Default,,0000,0000,0000,,but also some of the\Nprivacy concerns,
Dialogue: 0,0:02:57.51,0:02:59.05,Default,,0000,0000,0000,,some of the transparency concerns,
Dialogue: 0,0:02:59.05,0:03:01.28,Default,,0000,0000,0000,,some of the consent concerns.
Dialogue: 0,0:03:01.28,0:03:03.42,Default,,0000,0000,0000,,So, there's a lot to get trough
Dialogue: 0,0:03:03.42,0:03:05.14,Default,,0000,0000,0000,,in the next hour.
Dialogue: 0,0:03:05.14,0:03:07.20,Default,,0000,0000,0000,,But I think you're gonna enjoy it
Dialogue: 0,0:03:07.20,0:03:08.11,Default,,0000,0000,0000,,quite a lot.
Dialogue: 0,0:03:08.11,0:03:10.89,Default,,0000,0000,0000,,M: So, let me tell you
Dialogue: 0,0:03:10.89,0:03:13.11,Default,,0000,0000,0000,,the story about my heart.
Dialogue: 0,0:03:13.11,0:03:14.73,Default,,0000,0000,0000,,So, 4 years ago
Dialogue: 0,0:03:14.73,0:03:17.59,Default,,0000,0000,0000,,I got my medical implant.
Dialogue: 0,0:03:17.59,0:03:21.01,Default,,0000,0000,0000,,It was a kind of emergency situation
Dialogue: 0,0:03:21.01,0:03:22.95,Default,,0000,0000,0000,,because my heart was starting to beat
Dialogue: 0,0:03:22.95,0:03:24.20,Default,,0000,0000,0000,,really slow,
Dialogue: 0,0:03:24.20,0:03:26.11,Default,,0000,0000,0000,,so i needed to have the pacemaker.
Dialogue: 0,0:03:26.11,0:03:28.58,Default,,0000,0000,0000,,I had no choice.
Dialogue: 0,0:03:28.58,0:03:31.18,Default,,0000,0000,0000,,After I got the implant,
Dialogue: 0,0:03:31.18,0:03:32.69,Default,,0000,0000,0000,,since I was a security researcher,
Dialogue: 0,0:03:32.69,0:03:33.63,Default,,0000,0000,0000,,of course I started to
Dialogue: 0,0:03:33.63,0:03:36.52,Default,,0000,0000,0000,,look up information about how it worked.
Dialogue: 0,0:03:36.52,0:03:38.00,Default,,0000,0000,0000,,And I googled for information.
Dialogue: 0,0:03:38.00,0:03:40.44,Default,,0000,0000,0000,,I found a technical manual
Dialogue: 0,0:03:40.44,0:03:41.29,Default,,0000,0000,0000,,of my pacemaker
Dialogue: 0,0:03:41.29,0:03:43.75,Default,,0000,0000,0000,,and I started to read it.
Dialogue: 0,0:03:43.75,0:03:45.93,Default,,0000,0000,0000,,And i was quite surprised
Dialogue: 0,0:03:45.93,0:03:47.52,Default,,0000,0000,0000,,when I learned that
Dialogue: 0,0:03:47.52,0:03:51.58,Default,,0000,0000,0000,,my pacemaker has 2 wireless interfaces.
Dialogue: 0,0:03:51.58,0:03:54.87,Default,,0000,0000,0000,,There is one interface, that is really
Dialogue: 0,0:03:54.87,0:03:56.49,Default,,0000,0000,0000,,close field communication,
Dialogue: 0,0:03:56.49,0:03:58.73,Default,,0000,0000,0000,,near field communication
Dialogue: 0,0:03:58.73,0:04:01.18,Default,,0000,0000,0000,,that is being used when I'm at checkups
Dialogue: 0,0:04:01.18,0:04:03.15,Default,,0000,0000,0000,,at the hospital,
Dialogue: 0,0:04:03.15,0:04:05.55,Default,,0000,0000,0000,,where the technician,
Dialogue: 0,0:04:05.55,0:04:07.51,Default,,0000,0000,0000,,the pacemaker technician or doctor
Dialogue: 0,0:04:07.51,0:04:10.03,Default,,0000,0000,0000,,uses a programming device
Dialogue: 0,0:04:10.03,0:04:11.82,Default,,0000,0000,0000,,and places it
Dialogue: 0,0:04:11.82,0:04:14.41,Default,,0000,0000,0000,,really close to my pacemaker.
Dialogue: 0,0:04:14.41,0:04:16.62,Default,,0000,0000,0000,,And it's possible to use that
Dialogue: 0,0:04:16.62,0:04:19.61,Default,,0000,0000,0000,,communication to adjust the settings.
Dialogue: 0,0:04:19.61,0:04:21.56,Default,,0000,0000,0000,,But it also has another
Dialogue: 0,0:04:21.56,0:04:22.53,Default,,0000,0000,0000,,wireless interface,
Dialogue: 0,0:04:22.53,0:04:24.94,Default,,0000,0000,0000,,that I was not aware of,
Dialogue: 0,0:04:24.94,0:04:28.39,Default,,0000,0000,0000,,that I was not informed of\Nas a patient.
Dialogue: 0,0:04:28.39,0:04:30.81,Default,,0000,0000,0000,,It has a possibility for remote monitoring
Dialogue: 0,0:04:30.81,0:04:31.97,Default,,0000,0000,0000,,or telemetry,
Dialogue: 0,0:04:31.97,0:04:35.88,Default,,0000,0000,0000,,where you can have an\Naccess point in your house
Dialogue: 0,0:04:35.88,0:04:37.01,Default,,0000,0000,0000,,that will communicate
Dialogue: 0,0:04:37.01,0:04:39.43,Default,,0000,0000,0000,,with the pacemaker
Dialogue: 0,0:04:39.43,0:04:41.94,Default,,0000,0000,0000,,at a couple of meters distance.
Dialogue: 0,0:04:41.94,0:04:44.32,Default,,0000,0000,0000,,And it can collect logs from the pacemaker
Dialogue: 0,0:04:44.32,0:04:46.16,Default,,0000,0000,0000,,and send them to a server
Dialogue: 0,0:04:46.16,0:04:47.88,Default,,0000,0000,0000,,at the vendor.
Dialogue: 0,0:04:47.88,0:04:48.87,Default,,0000,0000,0000,,And there is a web interface
Dialogue: 0,0:04:48.87,0:04:50.15,Default,,0000,0000,0000,,where the doctor can log in
Dialogue: 0,0:04:50.15,0:04:52.88,Default,,0000,0000,0000,,and retrieve my information.
Dialogue: 0,0:04:52.88,0:04:54.79,Default,,0000,0000,0000,,And I have no access the data
Dialogue: 0,0:04:54.79,0:04:56.26,Default,,0000,0000,0000,,that is being collected
Dialogue: 0,0:04:56.26,0:04:57.97,Default,,0000,0000,0000,,by my device.
Dialogue: 0,0:04:57.97,0:04:59.86,Default,,0000,0000,0000,,E: So imagine for a moment
Dialogue: 0,0:04:59.86,0:05:02.24,Default,,0000,0000,0000,,that you are buying a new phone
Dialogue: 0,0:05:02.24,0:05:03.60,Default,,0000,0000,0000,,or buying a new laptop.
Dialogue: 0,0:05:03.60,0:05:04.86,Default,,0000,0000,0000,,You would do your homework, right?
Dialogue: 0,0:05:04.86,0:05:07.00,Default,,0000,0000,0000,,You would understand\Nwhat interfaces where there.
Dialogue: 0,0:05:07.00,0:05:09.83,Default,,0000,0000,0000,,But in Marie's case she's just
Dialogue: 0,0:05:09.83,0:05:12.04,Default,,0000,0000,0000,,given a device,\Nand then later she gets
Dialogue: 0,0:05:12.04,0:05:13.95,Default,,0000,0000,0000,,to go and read the manual, right?
Dialogue: 0,0:05:13.95,0:05:16.79,Default,,0000,0000,0000,,So she's the epitome\Nof a informed consumer
Dialogue: 0,0:05:16.79,0:05:17.85,Default,,0000,0000,0000,,in this space
Dialogue: 0,0:05:17.85,0:05:20.07,Default,,0000,0000,0000,,and we want a lot more\Ninformed consumers
Dialogue: 0,0:05:20.07,0:05:20.78,Default,,0000,0000,0000,,in this space,
Dialogue: 0,0:05:20.78,0:05:22.36,Default,,0000,0000,0000,,which is why we are giving this talk.
Dialogue: 0,0:05:22.36,0:05:23.83,Default,,0000,0000,0000,,Now, I don't know about you,
Dialogue: 0,0:05:23.83,0:05:25.75,Default,,0000,0000,0000,,but I'm used to hacking
Dialogue: 0,0:05:25.75,0:05:26.79,Default,,0000,0000,0000,,industrial systems.
Dialogue: 0,0:05:26.79,0:05:29.20,Default,,0000,0000,0000,,I haven't done as\Nmuch medical research
Dialogue: 0,0:05:29.20,0:05:30.06,Default,,0000,0000,0000,,in the past.
Dialogue: 0,0:05:30.06,0:05:31.94,Default,,0000,0000,0000,,So, when I first\Nstarted this project
Dialogue: 0,0:05:31.94,0:05:33.27,Default,,0000,0000,0000,,I knew literally nothing
Dialogue: 0,0:05:33.27,0:05:35.02,Default,,0000,0000,0000,,about Marie's heart.
Dialogue: 0,0:05:35.02,0:05:35.98,Default,,0000,0000,0000,,Or even my own.
Dialogue: 0,0:05:35.98,0:05:38.75,Default,,0000,0000,0000,,And she had to teach me\Nhow the heart works
Dialogue: 0,0:05:38.75,0:05:40.29,Default,,0000,0000,0000,,and how her pacemaker works.
Dialogue: 0,0:05:40.29,0:05:42.66,Default,,0000,0000,0000,,So, would you mind explaining
Dialogue: 0,0:05:42.66,0:05:44.55,Default,,0000,0000,0000,,some details to the audience\Nthat will be relevant
Dialogue: 0,0:05:44.55,0:05:45.93,Default,,0000,0000,0000,,through the rest of the presentation?
Dialogue: 0,0:05:45.93,0:05:48.29,Default,,0000,0000,0000,,M: Actually I think\Nwe're going to show you
Dialogue: 0,0:05:48.29,0:05:50.10,Default,,0000,0000,0000,,a video of\Nhow the heart works.
Dialogue: 0,0:05:50.10,0:05:53.25,Default,,0000,0000,0000,,So, it's a little bit of\Nbiology introduction here
Dialogue: 0,0:05:53.25,0:05:57.63,Default,,0000,0000,0000,,before we start\Nwith the technical details.
Dialogue: 0,0:05:57.63,0:06:01.07,Default,,0000,0000,0000,,So, this.. play the video.
Dialogue: 0,0:06:01.07,0:06:03.48,Default,,0000,0000,0000,,Video: A normal heart beat rate
Dialogue: 0,0:06:03.48,0:06:07.47,Default,,0000,0000,0000,,and rhythm is called\N'Normal Sinus Rhythm'.
Dialogue: 0,0:06:07.47,0:06:09.01,Default,,0000,0000,0000,,The heart's pumping action
Dialogue: 0,0:06:09.01,0:06:11.24,Default,,0000,0000,0000,,is driven by electrical stimulation
Dialogue: 0,0:06:11.24,0:06:13.57,Default,,0000,0000,0000,,within the heart muscle.
Dialogue: 0,0:06:13.57,0:06:15.14,Default,,0000,0000,0000,,the heart's electrical system
Dialogue: 0,0:06:15.14,0:06:17.12,Default,,0000,0000,0000,,allows it to beat in an
Dialogue: 0,0:06:17.12,0:06:20.23,Default,,0000,0000,0000,,organized, synchronized pattern.
Dialogue: 0,0:06:20.23,0:06:21.36,Default,,0000,0000,0000,,Every normal heart beat
Dialogue: 0,0:06:21.36,0:06:23.40,Default,,0000,0000,0000,,has 4 steps.
Dialogue: 0,0:06:23.40,0:06:24.81,Default,,0000,0000,0000,,Step 1:
Dialogue: 0,0:06:24.81,0:06:27.15,Default,,0000,0000,0000,,As blood flows into the heart
Dialogue: 0,0:06:27.15,0:06:28.36,Default,,0000,0000,0000,,an electrical impulse
Dialogue: 0,0:06:28.36,0:06:31.24,Default,,0000,0000,0000,,from an upper area of the right atrium
Dialogue: 0,0:06:31.24,0:06:33.70,Default,,0000,0000,0000,,also known as the sinus node
Dialogue: 0,0:06:33.70,0:06:35.90,Default,,0000,0000,0000,,causes the atria to contract.
Dialogue: 0,0:06:35.90,0:06:38.14,Default,,0000,0000,0000,,When the atria contract
Dialogue: 0,0:06:38.14,0:06:39.46,Default,,0000,0000,0000,,they squeeze the blood
Dialogue: 0,0:06:39.46,0:06:41.93,Default,,0000,0000,0000,,into the ventricles.
Dialogue: 0,0:06:41.93,0:06:43.02,Default,,0000,0000,0000,,Step 3:
Dialogue: 0,0:06:43.02,0:06:45.02,Default,,0000,0000,0000,,There is a very short pause
Dialogue: 0,0:06:45.02,0:06:48.06,Default,,0000,0000,0000,,only about a fraction of a second.
Dialogue: 0,0:06:48.06,0:06:49.20,Default,,0000,0000,0000,,and Step 4:
Dialogue: 0,0:06:49.20,0:06:51.02,Default,,0000,0000,0000,,The ventricles contract
Dialogue: 0,0:06:51.02,0:06:55.59,Default,,0000,0000,0000,,pumping the blood to the body.
Dialogue: 0,0:06:55.59,0:06:56.86,Default,,0000,0000,0000,,A heart normally beats
Dialogue: 0,0:06:56.86,0:07:00.93,Default,,0000,0000,0000,,between 60-100 times/min.
Dialogue: 0,0:07:00.93,0:07:02.12,Default,,0000,0000,0000,,Electrical signals in your heart
Dialogue: 0,0:07:02.12,0:07:04.83,Default,,0000,0000,0000,,can become blocked or irregular,
Dialogue: 0,0:07:04.83,0:07:05.61,Default,,0000,0000,0000,,causing a disruption
Dialogue: 0,0:07:05.61,0:07:08.12,Default,,0000,0000,0000,,in your hearts normal rhythm.
Dialogue: 0,0:07:08.12,0:07:10.07,Default,,0000,0000,0000,,When the heart's rhythm is too fast,
Dialogue: 0,0:07:10.07,0:07:12.90,Default,,0000,0000,0000,,too slow or out of order,
Dialogue: 0,0:07:12.90,0:07:14.49,Default,,0000,0000,0000,,an arrhythmia,
Dialogue: 0,0:07:14.49,0:07:18.52,Default,,0000,0000,0000,,also called a rhythm disorder occurs.
Dialogue: 0,0:07:18.52,0:07:20.64,Default,,0000,0000,0000,,When your heart beats out of rhythm,
Dialogue: 0,0:07:20.64,0:07:22.18,Default,,0000,0000,0000,,it may not deliver enough blood
Dialogue: 0,0:07:22.18,0:07:24.79,Default,,0000,0000,0000,,to your body.
Dialogue: 0,0:07:24.79,0:07:26.18,Default,,0000,0000,0000,,Rhythm disorders can be caused
Dialogue: 0,0:07:26.18,0:07:27.80,Default,,0000,0000,0000,,by a number of factors
Dialogue: 0,0:07:27.80,0:07:30.71,Default,,0000,0000,0000,,including disease, heredity,
Dialogue: 0,0:07:30.71,0:07:33.59,Default,,0000,0000,0000,,medications or other factors.
Dialogue: 0,0:07:33.59,0:07:37.39,Default,,0000,0000,0000,,E: So for those of you\Nwho are already aware of that,
Dialogue: 0,0:07:37.39,0:07:38.13,Default,,0000,0000,0000,,apologies.
Dialogue: 0,0:07:38.13,0:07:39.38,Default,,0000,0000,0000,,But I needed to learn that.
Dialogue: 0,0:07:39.38,0:07:40.28,Default,,0000,0000,0000,,I needed to learn the basics
Dialogue: 0,0:07:40.28,0:07:41.98,Default,,0000,0000,0000,,before we even got started, right?
Dialogue: 0,0:07:41.98,0:07:43.94,Default,,0000,0000,0000,,So...
Dialogue: 0,0:07:43.94,0:07:47.20,Default,,0000,0000,0000,,M: So this is a diagram of the
Dialogue: 0,0:07:47.20,0:07:50.17,Default,,0000,0000,0000,,electrical system of the heart.
Dialogue: 0,0:07:50.17,0:07:52.31,Default,,0000,0000,0000,,So, as you see,\Nthis is the sinus node
Dialogue: 0,0:07:52.31,0:07:54.17,Default,,0000,0000,0000,,that is generating the pulse.
Dialogue: 0,0:07:54.17,0:07:56.29,Default,,0000,0000,0000,,And in my case
Dialogue: 0,0:07:56.29,0:07:58.85,Default,,0000,0000,0000,,I had a problem with the signal
Dialogue: 0,0:07:58.85,0:08:01.52,Default,,0000,0000,0000,,being generated by the sinus node
Dialogue: 0,0:08:01.52,0:08:05.09,Default,,0000,0000,0000,,not reaching the lower\Nheart chamber.
Dialogue: 0,0:08:05.09,0:08:10.64,Default,,0000,0000,0000,,It's something called an AV block\Nor a heart block
Dialogue: 0,0:08:10.64,0:08:13.58,Default,,0000,0000,0000,,So, occasionally this will cause
Dialogue: 0,0:08:13.58,0:08:17.08,Default,,0000,0000,0000,,an arrhythmia that makes\Nthe heart pause.
Dialogue: 0,0:08:17.08,0:08:18.32,Default,,0000,0000,0000,,If you don't have a heart beat
Dialogue: 0,0:08:18.32,0:08:20.18,Default,,0000,0000,0000,,for, like ... 8-10 seconds,
Dialogue: 0,0:08:20.18,0:08:22.00,Default,,0000,0000,0000,,you lose your consciousness.
Dialogue: 0,0:08:22.00,0:08:24.26,Default,,0000,0000,0000,,And that was, what happened to me.
Dialogue: 0,0:08:24.26,0:08:25.62,Default,,0000,0000,0000,,I just suddenly found myself
Dialogue: 0,0:08:25.62,0:08:27.01,Default,,0000,0000,0000,,lying on the floor
Dialogue: 0,0:08:27.01,0:08:28.91,Default,,0000,0000,0000,,and I didn't remember how I got there.
Dialogue: 0,0:08:28.91,0:08:31.18,Default,,0000,0000,0000,,And it turned out that it was my heart
Dialogue: 0,0:08:31.18,0:08:34.01,Default,,0000,0000,0000,,that had taken a break.
Dialogue: 0,0:08:34.01,0:08:36.90,Default,,0000,0000,0000,,So that's how I discovered
Dialogue: 0,0:08:36.90,0:08:38.52,Default,,0000,0000,0000,,that I had this issue.
Dialogue: 0,0:08:38.52,0:08:40.90,Default,,0000,0000,0000,,So, this is where the signal is blocked
Dialogue: 0,0:08:40.90,0:08:44.28,Default,,0000,0000,0000,,on the way down to the lower heart chamber
Dialogue: 0,0:08:44.28,0:08:45.64,Default,,0000,0000,0000,,But there's a backup function
Dialogue: 0,0:08:45.64,0:08:50.60,Default,,0000,0000,0000,,in the heart that can make
Dialogue: 0,0:08:50.60,0:08:52.11,Default,,0000,0000,0000,,a so called backup pulse.
Dialogue: 0,0:08:52.11,0:08:54.76,Default,,0000,0000,0000,,And I had that backup pulse
Dialogue: 0,0:08:54.76,0:08:57.21,Default,,0000,0000,0000,,when I went to the\Nemergency room.
Dialogue: 0,0:08:57.21,0:08:59.58,Default,,0000,0000,0000,,So I had a pulse\Naround 30-40 beats/min.
Dialogue: 0,0:08:59.58,0:09:03.10,Default,,0000,0000,0000,,And that's generated by some cells
Dialogue: 0,0:09:03.10,0:09:05.45,Default,,0000,0000,0000,,in the lower heart chamber.
Dialogue: 0,0:09:05.45,0:09:08.26,Default,,0000,0000,0000,,So, after I got the pacemaker
Dialogue: 0,0:09:08.26,0:09:09.33,Default,,0000,0000,0000,,my heart started to become
Dialogue: 0,0:09:09.33,0:09:10.45,Default,,0000,0000,0000,,a little bit more lazy.
Dialogue: 0,0:09:10.45,0:09:12.22,Default,,0000,0000,0000,,So it is not certain,
Dialogue: 0,0:09:12.22,0:09:14.04,Default,,0000,0000,0000,,that I will have this backup pulse
Dialogue: 0,0:09:14.04,0:09:16.96,Default,,0000,0000,0000,,anymore if the pacemaker\Nstops working.
Dialogue: 0,0:09:16.96,0:09:17.99,Default,,0000,0000,0000,,So currently
Dialogue: 0,0:09:17.99,0:09:22.49,Default,,0000,0000,0000,,my heart is 100% running\Non the pacemaker.
Dialogue: 0,0:09:22.49,0:09:27.08,Default,,0000,0000,0000,,So, let's also look at\Nhow the pacemaker works.
Dialogue: 0,0:09:27.08,0:09:29.90,Default,,0000,0000,0000,,I have another video of that.
Dialogue: 0,0:09:29.90,0:09:31.67,Default,,0000,0000,0000,,So, this is my little friend
Dialogue: 0,0:09:31.67,0:09:34.45,Default,,0000,0000,0000,,that is running my heart.
Dialogue: 0,0:09:34.45,0:09:38.28,Default,,0000,0000,0000,,Video: A pacemaker\Nis a miniaturized computer
Dialogue: 0,0:09:38.28,0:09:40.99,Default,,0000,0000,0000,,that is used to treat\Na slow heart beat.
Dialogue: 0,0:09:40.99,0:09:42.70,Default,,0000,0000,0000,,It is about the size
Dialogue: 0,0:09:42.70,0:09:45.45,Default,,0000,0000,0000,,of a couple of stacked silver dollars
Dialogue: 0,0:09:45.45,0:09:49.11,Default,,0000,0000,0000,,and weights approximately 17-25 grams.
Dialogue: 0,0:09:49.11,0:09:52.05,Default,,0000,0000,0000,,It is usually surgically placed
Dialogue: 0,0:09:52.05,0:09:54.45,Default,,0000,0000,0000,,or implanted just under the skin
Dialogue: 0,0:09:54.45,0:09:57.12,Default,,0000,0000,0000,,in the chest area.
Dialogue: 0,0:09:57.12,0:09:59.72,Default,,0000,0000,0000,,The device sends\Na tiny electrical pulse
Dialogue: 0,0:09:59.72,0:10:01.73,Default,,0000,0000,0000,,down a thin coated wire,
Dialogue: 0,0:10:01.73,0:10:04.70,Default,,0000,0000,0000,,called a lead, into your heart.
Dialogue: 0,0:10:04.70,0:10:07.21,Default,,0000,0000,0000,,This stimulates the heart to beat.
Dialogue: 0,0:10:07.21,0:10:09.49,Default,,0000,0000,0000,,This impulses are very tiny
Dialogue: 0,0:10:09.49,0:10:12.50,Default,,0000,0000,0000,,and most people\Ndo not feel them.
Dialogue: 0,0:10:12.50,0:10:13.93,Default,,0000,0000,0000,,While the device\Nhelps your heart
Dialogue: 0,0:10:13.93,0:10:15.53,Default,,0000,0000,0000,,maintain its rhythm,
Dialogue: 0,0:10:15.53,0:10:17.01,Default,,0000,0000,0000,,it also stores information
Dialogue: 0,0:10:17.01,0:10:18.37,Default,,0000,0000,0000,,about your heart that can be
Dialogue: 0,0:10:18.37,0:10:20.21,Default,,0000,0000,0000,,retrieved by your doctor
Dialogue: 0,0:10:20.21,0:10:21.99,Default,,0000,0000,0000,,to program the device.
Dialogue: 0,0:10:21.99,0:10:23.63,Default,,0000,0000,0000,,E: Remember that!
Dialogue: 0,0:10:23.63,0:10:26.31,Default,,0000,0000,0000,,M: Yeah... Did you see
Dialogue: 0,0:10:26.31,0:10:28.51,Default,,0000,0000,0000,,the ones and zeros at the end
Dialogue: 0,0:10:28.51,0:10:29.46,Default,,0000,0000,0000,,of the video?
Dialogue: 0,0:10:29.46,0:10:31.24,Default,,0000,0000,0000,,That's what we want\Nto know more about.
Dialogue: 0,0:10:31.24,0:10:33.18,Default,,0000,0000,0000,,Because this information
Dialogue: 0,0:10:33.18,0:10:35.23,Default,,0000,0000,0000,,that is being collected\Nby the pacemaker,
Dialogue: 0,0:10:35.23,0:10:36.63,Default,,0000,0000,0000,,how it works,
Dialogue: 0,0:10:36.63,0:10:38.75,Default,,0000,0000,0000,,how the code looks like,
Dialogue: 0,0:10:38.75,0:10:40.12,Default,,0000,0000,0000,,it's all closed source,
Dialogue: 0,0:10:40.12,0:10:42.12,Default,,0000,0000,0000,,it's all proprietary information.
Dialogue: 0,0:10:42.12,0:10:44.54,Default,,0000,0000,0000,,And that's why we need more
Dialogue: 0,0:10:44.54,0:10:45.58,Default,,0000,0000,0000,,security researchers,
Dialogue: 0,0:10:45.58,0:10:48.58,Default,,0000,0000,0000,,we need more 3rd party testing,
Dialogue: 0,0:10:48.58,0:10:52.21,Default,,0000,0000,0000,,to be sure that we can trust this code.
Dialogue: 0,0:10:52.21,0:10:53.69,Default,,0000,0000,0000,,E: And you can imagine that
Dialogue: 0,0:10:53.69,0:10:56.03,Default,,0000,0000,0000,,we're doing some of\Nthis research as well.
Dialogue: 0,0:10:56.03,0:10:58.21,Default,,0000,0000,0000,,But I'm not gonna break\NMarie's heart on stage,
Dialogue: 0,0:10:58.21,0:10:59.19,Default,,0000,0000,0000,,I'm not gonna drop 0-day
Dialogue: 0,0:10:59.19,0:11:00.60,Default,,0000,0000,0000,,on some medical devices,
Dialogue: 0,0:11:00.60,0:11:02.100,Default,,0000,0000,0000,,so if you came for that,
Dialogue: 0,0:11:02.100,0:11:04.30,Default,,0000,0000,0000,,it's not worth staying.
Dialogue: 0,0:11:04.30,0:11:05.38,Default,,0000,0000,0000,,The rest of the presentation
Dialogue: 0,0:11:05.38,0:11:06.99,Default,,0000,0000,0000,,will be about some of\Nthe things we found
Dialogue: 0,0:11:06.99,0:11:07.78,Default,,0000,0000,0000,,and how this works and
Dialogue: 0,0:11:07.78,0:11:09.53,Default,,0000,0000,0000,,how you might approach this research.
Dialogue: 0,0:11:09.53,0:11:11.63,Default,,0000,0000,0000,,And some of the people\Nwho did this research before,
Dialogue: 0,0:11:11.63,0:11:12.28,Default,,0000,0000,0000,,because there's plenty of others,
Dialogue: 0,0:11:12.28,0:11:13.43,Default,,0000,0000,0000,,and we like to give a shout-out
Dialogue: 0,0:11:13.43,0:11:16.32,Default,,0000,0000,0000,,to those who've done\Ngreat research in advance.
Dialogue: 0,0:11:16.32,0:11:18.73,Default,,0000,0000,0000,,But essentially this point is
Dialogue: 0,0:11:18.73,0:11:19.59,Default,,0000,0000,0000,,very relevant.
Dialogue: 0,0:11:19.59,0:11:21.18,Default,,0000,0000,0000,,That the internet\Nof medical things
Dialogue: 0,0:11:21.18,0:11:22.85,Default,,0000,0000,0000,,is already here.
Dialogue: 0,0:11:22.85,0:11:24.90,Default,,0000,0000,0000,,And Marie is wired into it.
Dialogue: 0,0:11:24.90,0:11:27.06,Default,,0000,0000,0000,,She's a bit younger than the average
Dialogue: 0,0:11:27.06,0:11:30.34,Default,,0000,0000,0000,,pacemaker patient, but, you know,
Dialogue: 0,0:11:30.34,0:11:31.76,Default,,0000,0000,0000,,she was thrust into this situation
Dialogue: 0,0:11:31.76,0:11:33.25,Default,,0000,0000,0000,,where she had to think about things
Dialogue: 0,0:11:33.25,0:11:34.27,Default,,0000,0000,0000,,in a very different way.
Dialogue: 0,0:11:34.27,0:11:36.45,Default,,0000,0000,0000,,Like, you did a Masters,\Nbreaking crypto,
Dialogue: 0,0:11:36.45,0:11:39.06,Default,,0000,0000,0000,,and also a PHD in Information Security.
Dialogue: 0,0:11:39.06,0:11:40.90,Default,,0000,0000,0000,,Did you imagine, that\Nthings you learned
Dialogue: 0,0:11:40.90,0:11:42.71,Default,,0000,0000,0000,,about SSH and\Nnetwork security
Dialogue: 0,0:11:42.71,0:11:46.69,Default,,0000,0000,0000,,might one day apply to your\Nheart and your own body?
Dialogue: 0,0:11:46.69,0:11:49.58,Default,,0000,0000,0000,,M: No, I never\Nfigured out that
Dialogue: 0,0:11:49.58,0:11:52.91,Default,,0000,0000,0000,,my research would eventually\Nend up inside my own body.
Dialogue: 0,0:11:52.91,0:11:55.27,Default,,0000,0000,0000,,That's something I never\Nthought about.
Dialogue: 0,0:11:55.27,0:11:57.65,Default,,0000,0000,0000,,And also, there's a lot of
Dialogue: 0,0:11:57.65,0:12:00.11,Default,,0000,0000,0000,,people that don't think about
Dialogue: 0,0:12:00.11,0:12:02.61,Default,,0000,0000,0000,,how the medical devices\Nactually work.
Dialogue: 0,0:12:02.61,0:12:04.86,Default,,0000,0000,0000,,So, when I asked this question
Dialogue: 0,0:12:04.86,0:12:06.47,Default,,0000,0000,0000,,to health care professionals
Dialogue: 0,0:12:06.47,0:12:08.53,Default,,0000,0000,0000,,they look at me like I'm crazy,
Dialogue: 0,0:12:08.53,0:12:11.19,Default,,0000,0000,0000,,they don't ... they have never\Nthought about this before.
Dialogue: 0,0:12:11.19,0:12:14.70,Default,,0000,0000,0000,,That there's actually code\Ninside my body
Dialogue: 0,0:12:14.70,0:12:16.36,Default,,0000,0000,0000,,and someone has\Nprogrammed it,
Dialogue: 0,0:12:16.36,0:12:18.26,Default,,0000,0000,0000,,someone has\Nwritten this code.
Dialogue: 0,0:12:18.26,0:12:20.35,Default,,0000,0000,0000,,And, did they think\Nabout, that this
Dialogue: 0,0:12:20.35,0:12:23.29,Default,,0000,0000,0000,,would actually control\Nsomeone's life,
Dialogue: 0,0:12:23.29,0:12:27.39,Default,,0000,0000,0000,,and be my own personal\Ncritical infrastructure?
Dialogue: 0,0:12:28.72,0:12:31.01,Default,,0000,0000,0000,,E: Yeah, personal\Ninfrastructure, right?
Dialogue: 0,0:12:31.01,0:12:33.19,Default,,0000,0000,0000,,On a physical level.
Dialogue: 0,0:12:33.19,0:12:35.22,Default,,0000,0000,0000,,And also, I think, it's...
Dialogue: 0,0:12:35.22,0:12:37.68,Default,,0000,0000,0000,,You know, the point that you made\Nis important to reiterate,
Dialogue: 0,0:12:37.68,0:12:38.63,Default,,0000,0000,0000,,that you go and see your doctor
Dialogue: 0,0:12:38.63,0:12:40.36,Default,,0000,0000,0000,,and you ask these questions about
Dialogue: 0,0:12:40.36,0:12:42.04,Default,,0000,0000,0000,,whether anyone can hack into my heart
Dialogue: 0,0:12:42.04,0:12:44.05,Default,,0000,0000,0000,,and they probably look\Nat you and go like
Dialogue: 0,0:12:44.05,0:12:46.60,Default,,0000,0000,0000,,'Don't you worry your pretty\Nlittle head about that', right?
Dialogue: 0,0:12:46.60,0:12:47.59,Default,,0000,0000,0000,,But Marie used to head up
Dialogue: 0,0:12:47.59,0:12:49.95,Default,,0000,0000,0000,,the Norwegian computer\Nemergency response team
Dialogue: 0,0:12:49.95,0:12:50.72,Default,,0000,0000,0000,,for a couple of years
Dialogue: 0,0:12:50.72,0:12:52.61,Default,,0000,0000,0000,,and knows a lot of hackers
Dialogue: 0,0:12:52.61,0:12:54.79,Default,,0000,0000,0000,,and knows what she's\Ntalking about, right?
Dialogue: 0,0:12:54.79,0:12:57.20,Default,,0000,0000,0000,,So, when she asked her doctor\Nthese questions,
Dialogue: 0,0:12:57.20,0:12:58.82,Default,,0000,0000,0000,,they're very legitimate questions.
Dialogue: 0,0:12:58.82,0:13:01.45,Default,,0000,0000,0000,,And the doctors probably\Ndon't know anything about code,
Dialogue: 0,0:13:01.45,0:13:02.97,Default,,0000,0000,0000,,but they need to move\Ntowards a place
Dialogue: 0,0:13:02.97,0:13:05.46,Default,,0000,0000,0000,,where they can answer\Nthose questions with some
Dialogue: 0,0:13:05.46,0:13:08.08,Default,,0000,0000,0000,,honesty and certainty and\Ntreat them with the dignity
Dialogue: 0,0:13:08.08,0:13:10.57,Default,,0000,0000,0000,,that they deserve.
Dialogue: 0,0:13:10.57,0:13:11.67,Default,,0000,0000,0000,,Should we show them\Na little bit more
Dialogue: 0,0:13:11.67,0:13:13.98,Default,,0000,0000,0000,,about the total ecosystem\Nof devices
Dialogue: 0,0:13:13.98,0:13:16.65,Default,,0000,0000,0000,,that we are talking about,\Nat least in this particular talk?
Dialogue: 0,0:13:16.65,0:13:18.63,Default,,0000,0000,0000,,M: Yeah.
Dialogue: 0,0:13:18.63,0:13:21.93,Default,,0000,0000,0000,,E: So, this was\Nall new to me.
Dialogue: 0,0:13:21.93,0:13:24.97,Default,,0000,0000,0000,,I mean I've moved around\Nin networks and done some
Dialogue: 0,0:13:24.97,0:13:27.52,Default,,0000,0000,0000,,penetration testing and\Nsome stuff in the past,
Dialogue: 0,0:13:27.52,0:13:31.54,Default,,0000,0000,0000,,but I didn't know much about\Nimplantable medical devices.
Dialogue: 0,0:13:31.54,0:13:34.36,Default,,0000,0000,0000,,So, we've got a couple\Nof them there.
Dialogue: 0,0:13:34.36,0:13:38.34,Default,,0000,0000,0000,,The ICD, which is the\Nin-cardio-defibrillator,
Dialogue: 0,0:13:38.34,0:13:40.36,Default,,0000,0000,0000,,that's some of the work\Nthat you saw from Barnaby Jack
Dialogue: 0,0:13:40.36,0:13:41.63,Default,,0000,0000,0000,,which we will mention later,
Dialogue: 0,0:13:41.63,0:13:43.17,Default,,0000,0000,0000,,was on those particular devices,
Dialogue: 0,0:13:43.17,0:13:45.30,Default,,0000,0000,0000,,We've got the pacemakers\Nand of course other devices
Dialogue: 0,0:13:45.30,0:13:47.27,Default,,0000,0000,0000,,could be in this diagram as well.
Dialogue: 0,0:13:47.27,0:13:49.08,Default,,0000,0000,0000,,Like, we could be talking\Nabout insulin pumps
Dialogue: 0,0:13:49.08,0:13:51.33,Default,,0000,0000,0000,,or other things in the future.
Dialogue: 0,0:13:51.33,0:13:54.62,Default,,0000,0000,0000,,The device itself speaks\Nto box number 2,
Dialogue: 0,0:13:54.62,0:13:56.39,Default,,0000,0000,0000,,which we will tell you a little bit\Nmore about in a moment,
Dialogue: 0,0:13:56.39,0:13:59.80,Default,,0000,0000,0000,,using a protocol, commonly\Nreferred to as 'MICS'.
Dialogue: 0,0:13:59.80,0:14:02.21,Default,,0000,0000,0000,,A number of different\Ndevices use this
Dialogue: 0,0:14:02.21,0:14:06.17,Default,,0000,0000,0000,,Medical Implant\NCommunication Service.
Dialogue: 0,0:14:06.17,0:14:08.65,Default,,0000,0000,0000,,And Marie shocked me yesterday
Dialogue: 0,0:14:08.65,0:14:10.59,Default,,0000,0000,0000,,when she found\Na couple devices
Dialogue: 0,0:14:10.59,0:14:15.80,Default,,0000,0000,0000,,that potentially use Bluetooth. {\i1}sighing{\i0}\N{\i1}laughter{\i0}
Dialogue: 0,0:14:15.80,0:14:19.61,Default,,0000,0000,0000,,So, would you like to tell them\Na little bit more about the access point,
Dialogue: 0,0:14:19.61,0:14:20.71,Default,,0000,0000,0000,,and I'll join in?
Dialogue: 0,0:14:20.71,0:14:23.89,Default,,0000,0000,0000,,M: Yeah, so, the access\Npoint is the device
Dialogue: 0,0:14:23.89,0:14:27.37,Default,,0000,0000,0000,,that you can typically have\Non your bed stand
Dialogue: 0,0:14:27.37,0:14:32.21,Default,,0000,0000,0000,,and that will, depending\Non your configuration,
Dialogue: 0,0:14:32.21,0:14:35.25,Default,,0000,0000,0000,,contact your pacemaker\Nas regular intervals,
Dialogue: 0,0:14:35.25,0:14:37.51,Default,,0000,0000,0000,,e.g. once during the night.
Dialogue: 0,0:14:37.51,0:14:41.50,Default,,0000,0000,0000,,It will start a communication\Nwith the pacemaker,
Dialogue: 0,0:14:41.50,0:14:43.21,Default,,0000,0000,0000,,couple of meters distance,
Dialogue: 0,0:14:43.21,0:14:44.25,Default,,0000,0000,0000,,and will start\Ncollecting logs.
Dialogue: 0,0:14:44.25,0:14:47.16,Default,,0000,0000,0000,,And this logs will\Nthen be sent,
Dialogue: 0,0:14:47.16,0:14:51.100,Default,,0000,0000,0000,,it can be via SMS\Nor other means,
Dialogue: 0,0:14:51.100,0:14:53.73,Default,,0000,0000,0000,,to a server.
Dialogue: 0,0:14:53.73,0:14:58.57,Default,,0000,0000,0000,,So, there's a lot of my\Npersonal information
Dialogue: 0,0:14:58.57,0:15:02.05,Default,,0000,0000,0000,,that can end up different\Nplaces in this diagram.
Dialogue: 0,0:15:02.05,0:15:05.68,Default,,0000,0000,0000,,So, of course it's\Nin my own device,
Dialogue: 0,0:15:05.68,0:15:10.08,Default,,0000,0000,0000,,it will be then communicated\Nvia this access point
Dialogue: 0,0:15:10.08,0:15:10.89,Default,,0000,0000,0000,,and also then
Dialogue: 0,0:15:10.89,0:15:14.18,Default,,0000,0000,0000,,via the cellular network.
Dialogue: 0,0:15:14.18,0:15:19.99,Default,,0000,0000,0000,,And then it will also be stored\Nin the telemetry server.
Dialogue: 0,0:15:19.99,0:15:24.52,Default,,0000,0000,0000,,Potentially when I go\Nfor the checkups
Dialogue: 0,0:15:24.52,0:15:28.94,Default,,0000,0000,0000,,my personal information will\Nalso end up in my
Dialogue: 0,0:15:28.94,0:15:29.73,Default,,0000,0000,0000,,doctor workstation
Dialogue: 0,0:15:29.73,0:15:36.64,Default,,0000,0000,0000,,or in the electronic\Npatient records.
Dialogue: 0,0:15:36.64,0:15:40.05,Default,,0000,0000,0000,,And there's a lot of things\Nthat can go wrong there.
Dialogue: 0,0:15:40.05,0:15:42.10,Default,,0000,0000,0000,,E: Yeah, you\Ncan see, it's using
Dialogue: 0,0:15:42.10,0:15:46.95,Default,,0000,0000,0000,,famously secure methods\Nof communication
Dialogue: 0,0:15:46.95,0:15:51.64,Default,,0000,0000,0000,,that have never been backdoored or\Ncompromised by anyone ever before,
Dialogue: 0,0:15:51.64,0:15:56.14,Default,,0000,0000,0000,,even here at this conference,\Nprobably even this time around.
Dialogue: 0,0:15:56.14,0:15:59.85,Default,,0000,0000,0000,,So these are some things\Nthat are concerning.
Dialogue: 0,0:15:59.85,0:16:03.44,Default,,0000,0000,0000,,The data also travels often\Nto other countries
Dialogue: 0,0:16:03.44,0:16:05.20,Default,,0000,0000,0000,,and so there are questions\Nabout the jurisdiction
Dialogue: 0,0:16:05.20,0:16:09.69,Default,,0000,0000,0000,,in terms of privacy laws\Nin terms of some of this data.
Dialogue: 0,0:16:09.69,0:16:13.05,Default,,0000,0000,0000,,And some of you can go and\Nlook deeper into that as well.
Dialogue: 0,0:16:13.05,0:16:15.44,Default,,0000,0000,0000,,The telemetry store thing\NI think is important,
Dialogue: 0,0:16:15.44,0:16:20.01,Default,,0000,0000,0000,,some of this is a telemetry store,\Nsuch as the server at the vendor.
Dialogue: 0,0:16:20.01,0:16:21.71,Default,,0000,0000,0000,,So the vendor owns some\Nmachines somewhere
Dialogue: 0,0:16:21.71,0:16:23.86,Default,,0000,0000,0000,,that collect data\Nfrom Marie's heart.
Dialogue: 0,0:16:23.86,0:16:26.91,Default,,0000,0000,0000,,So you can imagine she goes to see her\Ndoctor and the doctor is like:
Dialogue: 0,0:16:26.91,0:16:30.65,Default,,0000,0000,0000,,'Hey, Marie, last weekend, did you, ...\Nrun a half marathon or something?'
Dialogue: 0,0:16:30.65,0:16:32.84,Default,,0000,0000,0000,,And she hasn't told him, right?
Dialogue: 0,0:16:32.84,0:16:35.41,Default,,0000,0000,0000,,Like, he just can look\Nat the data and see,
Dialogue: 0,0:16:35.41,0:16:38.53,Default,,0000,0000,0000,,that her heart rate was up\Nfor a couple hours.
Dialogue: 0,0:16:38.53,0:16:40.61,Default,,0000,0000,0000,,That's true though, right? You\Ndid actually run a half marathon.
Dialogue: 0,0:16:40.61,0:16:43.64,Default,,0000,0000,0000,,M: Yeah, I did run a half marathon.\N{\i1}laughing{\i0}
Dialogue: 0,0:16:43.64,0:16:46.83,Default,,0000,0000,0000,,E: So, the telemetry\Nstore is one part,
Dialogue: 0,0:16:46.83,0:16:48.42,Default,,0000,0000,0000,,but there's also the\Ndoctors work station
Dialogue: 0,0:16:48.42,0:16:50.58,Default,,0000,0000,0000,,which contains a lot of\Nthis medical data.
Dialogue: 0,0:16:50.58,0:16:54.04,Default,,0000,0000,0000,,So, from privacy perspective\Nthat's part of the attack surface.
Dialogue: 0,0:16:54.04,0:16:55.49,Default,,0000,0000,0000,,But there's also the programmers, right?
Dialogue: 0,0:16:55.49,0:16:57.88,Default,,0000,0000,0000,,There's the device's programmers.
Dialogue: 0,0:16:57.88,0:17:00.85,Default,,0000,0000,0000,,So that's an interesting point, that\NI hope a lot of you are interested in
Dialogue: 0,0:17:00.85,0:17:04.93,Default,,0000,0000,0000,,already, that there\Nis a programmer
Dialogue: 0,0:17:04.93,0:17:06.34,Default,,0000,0000,0000,,for these devices.
Dialogue: 0,0:17:06.34,0:17:10.30,Default,,0000,0000,0000,,M: So, we actually\Nwent shopping on eBay
Dialogue: 0,0:17:10.30,0:17:12.19,Default,,0000,0000,0000,,and we found some\Nof these devices.
Dialogue: 0,0:17:12.19,0:17:13.32,Default,,0000,0000,0000,,E: You can buy them on eBay?
Dialogue: 0,0:17:13.32,0:17:14.43,Default,,0000,0000,0000,,M: Yeah.\NE: {\i1}laughing{\i0}
Dialogue: 0,0:17:14.43,0:17:16.74,Default,,0000,0000,0000,,M: So, I found\Na programmer
Dialogue: 0,0:17:16.74,0:17:19.37,Default,,0000,0000,0000,,that can program\Nmy device, on eBay
Dialogue: 0,0:17:19.37,0:17:20.60,Default,,0000,0000,0000,,and I bought it.
Dialogue: 0,0:17:20.60,0:17:22.50,Default,,0000,0000,0000,,And I also found a couple of\Nthese access points.
Dialogue: 0,0:17:22.50,0:17:26.32,Default,,0000,0000,0000,,So, that's what we're\Nnow starting to look at.
Dialogue: 0,0:17:26.32,0:17:29.32,Default,,0000,0000,0000,,E: We just wanna to give\Nyou an overview of this system,
Dialogue: 0,0:17:29.32,0:17:31.72,Default,,0000,0000,0000,,and it's fairly similar across the\Ndifferent device vendors,
Dialogue: 0,0:17:31.72,0:17:34.55,Default,,0000,0000,0000,,and we're not going to talk\Nabout individual vendors.
Dialogue: 0,0:17:34.55,0:17:36.60,Default,,0000,0000,0000,,But if you're gonna go and\Ndo this kind of research
Dialogue: 0,0:17:36.60,0:17:39.79,Default,,0000,0000,0000,,you can see that some of the research\Nyou've already done in the past
Dialogue: 0,0:17:39.79,0:17:43.11,Default,,0000,0000,0000,,applies to different parts\Nof this process.
Dialogue: 0,0:17:43.11,0:17:46.73,Default,,0000,0000,0000,,M: And talking about\Npatient privacy,
Dialogue: 0,0:17:46.73,0:17:50.71,Default,,0000,0000,0000,,when we got the\Nprogrammer from ebay
Dialogue: 0,0:17:50.71,0:17:54.16,Default,,0000,0000,0000,,it actually contained\Npatient information.
Dialogue: 0,0:17:54.16,0:17:56.78,Default,,0000,0000,0000,,So, that's the\Nreally bad thing.
Dialogue: 0,0:17:56.78,0:17:58.92,Default,,0000,0000,0000,,E: So, I found\Nthis very odd.
Dialogue: 0,0:17:58.92,0:18:01.10,Default,,0000,0000,0000,,I had a similar reaction\Nto yourselves because
Dialogue: 0,0:18:01.10,0:18:03.08,Default,,0000,0000,0000,,I usually do industrial\Nsystem stuff.
Dialogue: 0,0:18:03.08,0:18:06.30,Default,,0000,0000,0000,,One of my friends picked up\Nsome PLCs recently and
Dialogue: 0,0:18:06.30,0:18:09.68,Default,,0000,0000,0000,,they had data from the nuclear plant,\Nthat the PLCs had been used in.
Dialogue: 0,0:18:09.68,0:18:13.79,Default,,0000,0000,0000,,So, decommissioning is a problem\Nin industrial systems
Dialogue: 0,0:18:13.79,0:18:18.08,Default,,0000,0000,0000,,but it turns out also\Nin medical devices, right?
Dialogue: 0,0:18:18.08,0:18:20.48,Default,,0000,0000,0000,,I guess that's a useful point\Nto make as well,
Dialogue: 0,0:18:20.48,0:18:22.82,Default,,0000,0000,0000,,about the costs of doing\Nthis kind of research.
Dialogue: 0,0:18:22.82,0:18:26.26,Default,,0000,0000,0000,,It is possible to get some\Ndevices, some implants
Dialogue: 0,0:18:26.26,0:18:29.00,Default,,0000,0000,0000,,from people who have sadly\Npassed on,
Dialogue: 0,0:18:29.00,0:18:33.43,Default,,0000,0000,0000,,but that comes with a very high\Ncost of biomedical decontamination.
Dialogue: 0,0:18:33.43,0:18:35.55,Default,,0000,0000,0000,,So that raises the cost\Nof doing this research
Dialogue: 0,0:18:35.55,0:18:38.07,Default,,0000,0000,0000,,on the implants themselves,\Nnot necessarily on the rest
Dialogue: 0,0:18:38.07,0:18:38.71,Default,,0000,0000,0000,,of the devices.
Dialogue: 0,0:18:38.71,0:18:42.70,Default,,0000,0000,0000,,M: Yeah, so, also want\Nto say, that in this research
Dialogue: 0,0:18:42.70,0:18:44.06,Default,,0000,0000,0000,,I had not have not tinkered\Nwith my own device.
Dialogue: 0,0:18:44.06,0:18:46.63,Default,,0000,0000,0000,,So, that would not be a good thing ...
Dialogue: 0,0:18:46.63,0:18:49.68,Default,,0000,0000,0000,,E: You're not gonna let me,\Nlike, SSH into your heart and just ...
Dialogue: 0,0:18:49.68,0:18:52.33,Default,,0000,0000,0000,,M: Um.. No.\NE: ... just delete some stuff.. No?
Dialogue: 0,0:18:52.33,0:18:54.99,Default,,0000,0000,0000,,M: No.\NE: I wouldn't do it anyway,
Dialogue: 0,0:18:54.99,0:18:56.86,Default,,0000,0000,0000,,but it's an interesting point, right?
Dialogue: 0,0:18:56.86,0:18:59.02,Default,,0000,0000,0000,,So, like, there are a lot of\Nsafety percussions
Dialogue: 0,0:18:59.02,0:19:00.96,Default,,0000,0000,0000,,that we and the rest\Nof the team have to take
Dialogue: 0,0:19:00.96,0:19:02.38,Default,,0000,0000,0000,,when we are doing this research.
Dialogue: 0,0:19:02.38,0:19:06.04,Default,,0000,0000,0000,,And one of them is\Nnot pairing Marie's pacemaker
Dialogue: 0,0:19:06.04,0:19:09.29,Default,,0000,0000,0000,,with any of the devices\Nthat are under test.
Dialogue: 0,0:19:09.29,0:19:13.52,Default,,0000,0000,0000,,Do you wanna say a bit more\Nabout connectivity and vulnerability?
Dialogue: 0,0:19:13.52,0:19:15.20,Default,,0000,0000,0000,,M: Yeah, so...
Dialogue: 0,0:19:15.20,0:19:18.62,Default,,0000,0000,0000,,I was worried\Nwhen I discovered that
Dialogue: 0,0:19:18.62,0:19:23.85,Default,,0000,0000,0000,,I had this possible connectivity\Nto the medical internet of things.
Dialogue: 0,0:19:23.85,0:19:28.83,Default,,0000,0000,0000,,In my case this is switched off\Nin the configurations
Dialogue: 0,0:19:28.83,0:19:29.68,Default,,0000,0000,0000,,but it's there.
Dialogue: 0,0:19:29.68,0:19:32.75,Default,,0000,0000,0000,,It's possible to turn it on,\Nit's possible for me to be
Dialogue: 0,0:19:32.75,0:19:36.97,Default,,0000,0000,0000,,hooked up to the,\Nthis internet of medical things.
Dialogue: 0,0:19:36.97,0:19:40.50,Default,,0000,0000,0000,,And for some patients\Nthis is really benefit.
Dialogue: 0,0:19:40.50,0:19:43.09,Default,,0000,0000,0000,,So you always have to make\Na risk-based decision
Dialogue: 0,0:19:43.09,0:19:47.51,Default,,0000,0000,0000,,on whether or not to\Nmake use of this
Dialogue: 0,0:19:47.51,0:19:48.53,Default,,0000,0000,0000,,connectivity.
Dialogue: 0,0:19:48.53,0:19:52.49,Default,,0000,0000,0000,,But I think it's really important\Nthat you make an informed decision
Dialogue: 0,0:19:52.49,0:19:55.48,Default,,0000,0000,0000,,about that and that the patient
Dialogue: 0,0:19:55.48,0:20:01.92,Default,,0000,0000,0000,,is informed and has given\Nhis or her consent
Dialogue: 0,0:20:01.92,0:20:04.12,Default,,0000,0000,0000,,to have this feature.
Dialogue: 0,0:20:04.12,0:20:08.20,Default,,0000,0000,0000,,The battery lifetime of my pacemaker\Nis around 10 years.
Dialogue: 0,0:20:08.20,0:20:10.45,Default,,0000,0000,0000,,So in 6 years time
Dialogue: 0,0:20:10.45,0:20:12.87,Default,,0000,0000,0000,,I will have to have a\Nreplacement surgery
Dialogue: 0,0:20:12.87,0:20:16.41,Default,,0000,0000,0000,,and I'm going to be\Na really difficult patient {\i1}laughing{\i0}
Dialogue: 0,0:20:16.41,0:20:17.84,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:20:17.84,0:20:23.98,Default,,0000,0000,0000,,So, ...\N{\i1}applause{\i0}
Dialogue: 0,0:20:23.98,0:20:25.04,Default,,0000,0000,0000,,E: Right on.
Dialogue: 0,0:20:25.04,0:20:27.71,Default,,0000,0000,0000,,M: I really want to know
Dialogue: 0,0:20:27.71,0:20:30.27,Default,,0000,0000,0000,,how the devices work\Nby then and
Dialogue: 0,0:20:30.27,0:20:33.83,Default,,0000,0000,0000,,I want to make an informed\Ndecision on whether or not
Dialogue: 0,0:20:33.83,0:20:35.66,Default,,0000,0000,0000,,to have this connectivity.
Dialogue: 0,0:20:35.66,0:20:38.97,Default,,0000,0000,0000,,But of course for lot of patients\Nthe benefit of having this
Dialogue: 0,0:20:38.97,0:20:40.85,Default,,0000,0000,0000,,outweighs the risk.
Dialogue: 0,0:20:40.85,0:20:44.63,Default,,0000,0000,0000,,Because people that had other\Nheart problems than me
Dialogue: 0,0:20:44.63,0:20:47.07,Default,,0000,0000,0000,,they have to go for more\Nfrequent checkups.
Dialogue: 0,0:20:47.07,0:20:49.76,Default,,0000,0000,0000,,I only have to go once a year.
Dialogue: 0,0:20:49.76,0:20:53.13,Default,,0000,0000,0000,,So, for patients that need to go\Nfrequently for checkups,
Dialogue: 0,0:20:53.13,0:20:55.71,Default,,0000,0000,0000,,it's really good for them\Nto have the possibility
Dialogue: 0,0:20:55.71,0:20:58.04,Default,,0000,0000,0000,,of having telemetry and\Nhaving connectivity to
Dialogue: 0,0:20:58.04,0:21:00.37,Default,,0000,0000,0000,,have remote patient monitoring.
Dialogue: 0,0:21:00.37,0:21:04.06,Default,,0000,0000,0000,,E: Yeah, imagine you\Nhave mobility problems or
Dialogue: 0,0:21:04.06,0:21:06.03,Default,,0000,0000,0000,,you even just live far
Dialogue: 0,0:21:06.03,0:21:08.64,Default,,0000,0000,0000,,from a major city.
Dialogue: 0,0:21:08.64,0:21:11.36,Default,,0000,0000,0000,,And making the journey\Nto the hospital is quite arduous,
Dialogue: 0,0:21:11.36,0:21:15.16,Default,,0000,0000,0000,,then this kind of remote\Ntelemetry allows your doctor
Dialogue: 0,0:21:15.16,0:21:17.07,Default,,0000,0000,0000,,to keep track of\Nwhat's going on.
Dialogue: 0,0:21:17.07,0:21:19.57,Default,,0000,0000,0000,,And that's very important,\Nwe don't wanna, like...
Dialogue: 0,0:21:19.57,0:21:22.44,Default,,0000,0000,0000,,have a big scary testosterone\Nfilled talk where we, like,
Dialogue: 0,0:21:22.44,0:21:23.39,Default,,0000,0000,0000,,hack some pacemakers.
Dialogue: 0,0:21:23.39,0:21:26.72,Default,,0000,0000,0000,,We wanna talk about\Nhow there's a dual use thing
Dialogue: 0,0:21:26.72,0:21:28.09,Default,,0000,0000,0000,,going on here.
Dialogue: 0,0:21:28.09,0:21:31.65,Default,,0000,0000,0000,,And that there is a lot of value\Nin having this devices
Dialogue: 0,0:21:31.65,0:21:35.83,Default,,0000,0000,0000,,but we also want them to be safe\Nand secure and preserve our privacy
Dialogue: 0,0:21:35.83,0:21:39.32,Default,,0000,0000,0000,,and a lot of other things.
Dialogue: 0,0:21:39.32,0:21:43.79,Default,,0000,0000,0000,,So, these are some\Nof the issues.
Dialogue: 0,0:21:43.79,0:21:46.14,Default,,0000,0000,0000,,Of course the last one,\Nthe remote assassination scenario,
Dialogue: 0,0:21:46.14,0:21:49.34,Default,,0000,0000,0000,,that' s everyone favorite one\Nto fantasize about
Dialogue: 0,0:21:49.34,0:21:53.25,Default,,0000,0000,0000,,or talk about, or make\Nmovies about, but
Dialogue: 0,0:21:53.25,0:21:54.98,Default,,0000,0000,0000,,we think there's a lot of\Nother issues in here
Dialogue: 0,0:21:54.98,0:21:56.62,Default,,0000,0000,0000,,that are more interesting,
Dialogue: 0,0:21:56.62,0:21:59.01,Default,,0000,0000,0000,,some quality issues even, right,
Dialogue: 0,0:21:59.01,0:22:02.07,Default,,0000,0000,0000,,that we'll talk about\Nin a little bit.
Dialogue: 0,0:22:02.07,0:22:02.65,Default,,0000,0000,0000,,Battery exhaustion,
Dialogue: 0,0:22:02.65,0:22:06.60,Default,,0000,0000,0000,,again something many people\Ndon't think about. But...
Dialogue: 0,0:22:06.60,0:22:09.20,Default,,0000,0000,0000,,I'm very interested in\Ncyber-physical exploitation
Dialogue: 0,0:22:09.20,0:22:12.79,Default,,0000,0000,0000,,and so some of this elements\Nwere interesting to me
Dialogue: 0,0:22:12.79,0:22:15.96,Default,,0000,0000,0000,,that you might use the device\Nin a way that wasn't expected.
Dialogue: 0,0:22:15.96,0:22:20.70,Default,,0000,0000,0000,,M: So personally I'm not afraid\Nof being remotely assassinated.
Dialogue: 0,0:22:20.70,0:22:23.37,Default,,0000,0000,0000,,E: I've actually never known\Nyou to be afraid of anything
Dialogue: 0,0:22:23.37,0:22:24.55,Default,,0000,0000,0000,,M: {\i1}laughing{\i0}
Dialogue: 0,0:22:24.55,0:22:29.13,Default,,0000,0000,0000,,I'm more worried about\Nsoftware bugs in my device,
Dialogue: 0,0:22:29.13,0:22:31.76,Default,,0000,0000,0000,,the things that can malfunction,
Dialogue: 0,0:22:31.76,0:22:34.05,Default,,0000,0000,0000,,E: Is that just theoretical?
Dialogue: 0,0:22:34.05,0:22:36.85,Default,,0000,0000,0000,,M: No, actually software bugs
Dialogue: 0,0:22:36.85,0:22:38.94,Default,,0000,0000,0000,,have killed people.
Dialogue: 0,0:22:38.94,0:22:41.34,Default,,0000,0000,0000,,So, think about that!
Dialogue: 0,0:22:41.34,0:22:42.13,Default,,0000,0000,0000,,People that are not here,
Dialogue: 0,0:22:42.13,0:22:44.70,Default,,0000,0000,0000,,they don't have their voice\Nand they can't really
Dialogue: 0,0:22:44.70,0:22:46.34,Default,,0000,0000,0000,,give there story.
Dialogue: 0,0:22:46.34,0:22:51.10,Default,,0000,0000,0000,,But there are stories about persons\Ndepending on medical devices
Dialogue: 0,0:22:51.10,0:22:54.24,Default,,0000,0000,0000,,dying because their\Ndevice malfunctioned.
Dialogue: 0,0:22:54.24,0:22:57.83,Default,,0000,0000,0000,,E: There's even some\Ngreat research
Dialogue: 0,0:22:57.83,0:23:01.94,Default,,0000,0000,0000,,from academics about\Nhow the user interface design
Dialogue: 0,0:23:01.94,0:23:05.10,Default,,0000,0000,0000,,of medical devices can have\Nan impact on patients safety
Dialogue: 0,0:23:05.10,0:23:07.40,Default,,0000,0000,0000,,and how designing UX
Dialogue: 0,0:23:07.40,0:23:10.14,Default,,0000,0000,0000,,much more clearly\Nand concisely
Dialogue: 0,0:23:10.14,0:23:11.84,Default,,0000,0000,0000,,specifically for the\Nmedical profession
Dialogue: 0,0:23:11.84,0:23:17.81,Default,,0000,0000,0000,,might improve\Nthe care of patients.
Dialogue: 0,0:23:17.81,0:23:19.89,Default,,0000,0000,0000,,Do you wanna say more\Nabout this slide or should we
Dialogue: 0,0:23:19.89,0:23:22.37,Default,,0000,0000,0000,,go on to the previous work,\Nshould we... go ahead!
Dialogue: 0,0:23:22.37,0:23:25.19,Default,,0000,0000,0000,,M: Yeah, I think it's really\Nimportant also to...
Dialogue: 0,0:23:25.19,0:23:27.64,Default,,0000,0000,0000,,the issue of trusting the vendors.
Dialogue: 0,0:23:27.64,0:23:31.48,Default,,0000,0000,0000,,So, as a patient I'm\Nexpected to just, you know,
Dialogue: 0,0:23:31.48,0:23:34.72,Default,,0000,0000,0000,,trust, that my device\Nis working correctly,
Dialogue: 0,0:23:34.72,0:23:38.86,Default,,0000,0000,0000,,every security vulnerability\Nhas been corrected by the vendor
Dialogue: 0,0:23:38.86,0:23:39.65,Default,,0000,0000,0000,,and it's safe.
Dialogue: 0,0:23:39.65,0:23:42.66,Default,,0000,0000,0000,,But I want to have more\Nthird party testing,
Dialogue: 0,0:23:42.66,0:23:48.21,Default,,0000,0000,0000,,I want to have more security\Nresearch on medical implants.
Dialogue: 0,0:23:48.21,0:23:52.38,Default,,0000,0000,0000,,And as a lot things, like ...\Nhistory has shown
Dialogue: 0,0:23:52.38,0:23:57.58,Default,,0000,0000,0000,,we can't always trust that\Nthe vendors do the right thing.
Dialogue: 0,0:23:57.58,0:24:00.18,Default,,0000,0000,0000,,E: I think this is a good\Nopportunity for us to ask
Dialogue: 0,0:24:00.18,0:24:03.28,Default,,0000,0000,0000,,a very fun question, which is:
Dialogue: 0,0:24:03.28,0:24:05.70,Default,,0000,0000,0000,,Any fans of DMCA in the room?
Dialogue: 0,0:24:05.70,0:24:08.33,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:24:08.33,0:24:09.38,Default,,0000,0000,0000,,No? No fans? Alright.
Dialogue: 0,0:24:09.38,0:24:12.78,Default,,0000,0000,0000,,Well, you then you'll really enjoy this.
Dialogue: 0,0:24:12.78,0:24:17.13,Default,,0000,0000,0000,,Marie has some very exciting news\Nabout DMCA exemptions.
Dialogue: 0,0:24:17.13,0:24:21.35,Default,,0000,0000,0000,,M: Yeah, so... October, this year
Dialogue: 0,0:24:21.35,0:24:27.91,Default,,0000,0000,0000,,there was a ruling of\Nan DMCA exemption for
Dialogue: 0,0:24:27.91,0:24:30.71,Default,,0000,0000,0000,,security research\Non medical devices
Dialogue: 0,0:24:30.71,0:24:33.53,Default,,0000,0000,0000,,also for automotive security research.
Dialogue: 0,0:24:33.53,0:24:34.86,Default,,0000,0000,0000,,So, this means, that
Dialogue: 0,0:24:34.86,0:24:39.29,Default,,0000,0000,0000,,as researchers you can
Dialogue: 0,0:24:39.29,0:24:41.92,Default,,0000,0000,0000,,actually do reverse engineering\Nof medical implants
Dialogue: 0,0:24:41.92,0:24:46.17,Default,,0000,0000,0000,,without infringing copyright laws.
Dialogue: 0,0:24:46.17,0:24:48.22,Default,,0000,0000,0000,,It will take effect\NI think October next year.
Dialogue: 0,0:24:48.22,0:24:50.71,Default,,0000,0000,0000,,E: Yeah.\NM: That is really a big
Dialogue: 0,0:24:50.71,0:24:53.53,Default,,0000,0000,0000,,step forward in my opinion.
Dialogue: 0,0:24:53.53,0:24:56.01,Default,,0000,0000,0000,,And I hope that this will\Nencourage more research.
Dialogue: 0,0:24:56.01,0:24:59.65,Default,,0000,0000,0000,,And I also want to mention\Nthat there are
Dialogue: 0,0:24:59.65,0:25:02.72,Default,,0000,0000,0000,,fellow activist patients\Nlike myself
Dialogue: 0,0:25:02.72,0:25:06.65,Default,,0000,0000,0000,,that was behind that proposal\Nof having this exemptions.
Dialogue: 0,0:25:06.65,0:25:11.53,Default,,0000,0000,0000,,So, Jay Radcliff who hacked\Nhis own insulin pump,
Dialogue: 0,0:25:11.53,0:25:16.30,Default,,0000,0000,0000,,Karen Sandler, who is a free and\Nopen software advocat.
Dialogue: 0,0:25:16.30,0:25:21.19,Default,,0000,0000,0000,,And Hugo Campos, who has\Nan ICD implant, he is very ...
Dialogue: 0,0:25:21.19,0:25:24.58,Default,,0000,0000,0000,,he wants to have access\Nto his own data
Dialogue: 0,0:25:24.58,0:25:27.67,Default,,0000,0000,0000,,for quantified self reasons.
Dialogue: 0,0:25:27.67,0:25:31.21,Default,,0000,0000,0000,,So this patients,\Nthey actually
Dialogue: 0,0:25:31.21,0:25:36.41,Default,,0000,0000,0000,,made this happen,\Nthat you're allowed to do
Dialogue: 0,0:25:36.41,0:25:38.87,Default,,0000,0000,0000,,security research\Non medical devices.
Dialogue: 0,0:25:38.87,0:25:40.86,Default,,0000,0000,0000,,I think that's really great.
Dialogue: 0,0:25:40.86,0:25:48.03,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:25:48.03,0:25:51.64,Default,,0000,0000,0000,,E: Do you wanna say something\Nabout Scott Erven's presentation
Dialogue: 0,0:25:51.64,0:25:52.42,Default,,0000,0000,0000,,that you saw at DEF CON?
Dialogue: 0,0:25:52.42,0:25:54.42,Default,,0000,0000,0000,,M: Yeah, that was a really\Ninteresting presentation about
Dialogue: 0,0:25:54.42,0:25:59.90,Default,,0000,0000,0000,,how medical devices have\Nreally poor security.
Dialogue: 0,0:25:59.90,0:26:02.40,Default,,0000,0000,0000,,And they have, like,\Nhard coded credentials,
Dialogue: 0,0:26:02.40,0:26:06.06,Default,,0000,0000,0000,,and you can find them\Nusing Shodan on the internet.
Dialogue: 0,0:26:06.06,0:26:09.50,Default,,0000,0000,0000,,This were not pacemakers,\Nbut other types of
Dialogue: 0,0:26:09.50,0:26:10.81,Default,,0000,0000,0000,,different medical devices.
Dialogue: 0,0:26:10.81,0:26:17.03,Default,,0000,0000,0000,,There are, like, hospital networks\Nthat are completely open
Dialogue: 0,0:26:17.03,0:26:20.80,Default,,0000,0000,0000,,and you can access\Nthe medical equipment
Dialogue: 0,0:26:20.80,0:26:26.24,Default,,0000,0000,0000,,using default passwords that\Nyou can find in the manuals.
Dialogue: 0,0:26:26.24,0:26:27.24,Default,,0000,0000,0000,,And the vendors claim that
Dialogue: 0,0:26:27.24,0:26:30.16,Default,,0000,0000,0000,,no, these are not hard coded,\Nthese are default,
Dialogue: 0,0:26:30.16,0:26:33.81,Default,,0000,0000,0000,,but then the manuals say:\NDo not change this password...
Dialogue: 0,0:26:33.81,0:26:37.27,Default,,0000,0000,0000,,E: Because they want to\Nintegrate with other stuff, right? So...
Dialogue: 0,0:26:37.27,0:26:40.95,Default,,0000,0000,0000,,I've heard that excuse from SCADA,\Nso I wasn't having it.
Dialogue: 0,0:26:40.95,0:26:43.76,Default,,0000,0000,0000,,M: They also put up some\Nmedical device honeypots
Dialogue: 0,0:26:43.76,0:26:48.89,Default,,0000,0000,0000,,to see if there were\Ntargeted hacking attempts
Dialogue: 0,0:26:48.89,0:26:55.01,Default,,0000,0000,0000,,but they only picked up regular malware\Non them, which is also ...
Dialogue: 0,0:26:55.01,0:26:57.31,Default,,0000,0000,0000,,E: Only!\NM: ... of course of a concern {\i1}laughing{\i0}
Dialogue: 0,0:26:57.31,0:27:01.39,Default,,0000,0000,0000,,E: Anything else,\Nabout prior art, Kevin?
Dialogue: 0,0:27:01.39,0:27:04.89,Default,,0000,0000,0000,,M: I guess we should mention\Nthat the academic research
Dialogue: 0,0:27:04.89,0:27:08.02,Default,,0000,0000,0000,,on hacking pacemakers,\Nwhich was started by
Dialogue: 0,0:27:08.02,0:27:11.09,Default,,0000,0000,0000,,a group led by Kevin Fu
Dialogue: 0,0:27:11.09,0:27:13.84,Default,,0000,0000,0000,,and they had this\Nfirst paper in 2008
Dialogue: 0,0:27:13.84,0:27:15.21,Default,,0000,0000,0000,,that they also followed up\Nwith more academic research
Dialogue: 0,0:27:15.21,0:27:17.91,Default,,0000,0000,0000,,and they showed that it's\Npossible to hack a pacemaker.
Dialogue: 0,0:27:17.91,0:27:21.22,Default,,0000,0000,0000,,They showed that...\Nthis was possible on a, like
Dialogue: 0,0:27:21.22,0:27:23.46,Default,,0000,0000,0000,,a couple of centimeters\Ndistance only,
Dialogue: 0,0:27:23.46,0:27:28.29,Default,,0000,0000,0000,,so, like, the attack scenario\Nwould be, if you have a
Dialogue: 0,0:27:28.29,0:27:30.33,Default,,0000,0000,0000,,device similar to the\Nprogrammers device
Dialogue: 0,0:27:30.33,0:27:33.61,Default,,0000,0000,0000,,and you attack me with it\Nyou can {\i1}laughing{\i0}
Dialogue: 0,0:27:33.61,0:27:34.29,Default,,0000,0000,0000,,turn off my pacemaker.
Dialogue: 0,0:27:34.29,0:27:36.02,Default,,0000,0000,0000,,That's not really scary,
Dialogue: 0,0:27:36.02,0:27:39.84,Default,,0000,0000,0000,,but then we have the research\Nby Barnaby Jack
Dialogue: 0,0:27:39.84,0:27:45.53,Default,,0000,0000,0000,,where this range of the attack\Nis extended to several meters
Dialogue: 0,0:27:45.53,0:27:48.55,Default,,0000,0000,0000,,so you have someone with\Nan antenna in a room
Dialogue: 0,0:27:48.55,0:27:51.36,Default,,0000,0000,0000,,scanning for pacemakers
Dialogue: 0,0:27:51.36,0:27:54.06,Default,,0000,0000,0000,,and starting to program them.
Dialogue: 0,0:27:54.06,0:28:00.21,Default,,0000,0000,0000,,E: We have a saying\Nat Cambridge about that.
Dialogue: 0,0:28:00.21,0:28:01.93,Default,,0000,0000,0000,,Some of the other people at the\Nuniversity have been doing attacks
Dialogue: 0,0:28:01.93,0:28:04.80,Default,,0000,0000,0000,,a lot longer than I have, and\None of the things they say is:
Dialogue: 0,0:28:04.80,0:28:07.06,Default,,0000,0000,0000,,'Attacks only get worse,\Nthey never get better.'
Dialogue: 0,0:28:07.06,0:28:11.17,Default,,0000,0000,0000,,So, the range might be short one year,\Nthen a couple of years later it's worse.
Dialogue: 0,0:28:11.17,0:28:15.89,Default,,0000,0000,0000,,M: The worst case scenario\NI think would be remotely,
Dialogue: 0,0:28:15.89,0:28:19.55,Default,,0000,0000,0000,,via the internet being able to\Nhack pacemakers.
Dialogue: 0,0:28:19.55,0:28:24.49,Default,,0000,0000,0000,,but there's no research so far\Nindicating that that's possible.
Dialogue: 0,0:28:24.49,0:28:26.97,Default,,0000,0000,0000,,E: And we don't wanna\Nhype that up. We don't wanna...
Dialogue: 0,0:28:26.97,0:28:28.93,Default,,0000,0000,0000,,M: No.\NE: ... get that kind of an angle
Dialogue: 0,0:28:28.93,0:28:31.72,Default,,0000,0000,0000,,on this talk. We wanna make the\Npoint that hacking can save lives,
Dialogue: 0,0:28:31.72,0:28:38.78,Default,,0000,0000,0000,,that hackers are global citizen's\Nresource to save lives, right? So...
Dialogue: 0,0:28:38.78,0:28:45.20,Default,,0000,0000,0000,,M: Yeah, so, this is the result\Nof hacking of the drug infusion pumps.
Dialogue: 0,0:28:45.20,0:28:48.66,Default,,0000,0000,0000,,Earlier this year
Dialogue: 0,0:28:48.66,0:28:55.19,Default,,0000,0000,0000,,the FDA actually issued the first ever\Nrecall of a medical device
Dialogue: 0,0:28:55.19,0:28:57.73,Default,,0000,0000,0000,,based on cyber security concerns.
Dialogue: 0,0:28:57.73,0:29:02.19,Default,,0000,0000,0000,,E: I think that's amazing, right?\NThey've recalled products
Dialogue: 0,0:29:02.19,0:29:05.51,Default,,0000,0000,0000,,because of cyber security concerns. They\Nused to have to wait until someone died.
Dialogue: 0,0:29:05.51,0:29:09.84,Default,,0000,0000,0000,,In fact, they had to show\Nsomething like 500 deaths
Dialogue: 0,0:29:09.84,0:29:13.36,Default,,0000,0000,0000,,before you could recall a product.\NSo now they can ...
Dialogue: 0,0:29:13.36,0:29:16.08,Default,,0000,0000,0000,,the FDA, at least in the US,\Nthey can recall products
Dialogue: 0,0:29:16.08,0:29:18.57,Default,,0000,0000,0000,,just based on security\Nconsiderations.
Dialogue: 0,0:29:18.57,0:29:20.52,Default,,0000,0000,0000,,M: So, this is also,
Dialogue: 0,0:29:20.52,0:29:26.73,Default,,0000,0000,0000,,I guess the first example\Nof that type of pro-active
Dialogue: 0,0:29:26.73,0:29:29.45,Default,,0000,0000,0000,,security research,\Nwhere you can
Dialogue: 0,0:29:29.45,0:29:33.05,Default,,0000,0000,0000,,make a proof of concept\Nwithout killing any patients
Dialogue: 0,0:29:33.05,0:29:36.74,Default,,0000,0000,0000,,and then that closes\Nthe security holes.
Dialogue: 0,0:29:36.74,0:29:38.24,Default,,0000,0000,0000,,And that potentially\Nsaves lives.
Dialogue: 0,0:29:38.24,0:29:41.17,Default,,0000,0000,0000,,And no one has been hurt\Nin the research.
Dialogue: 0,0:29:41.17,0:29:42.11,Default,,0000,0000,0000,,I think that's great.
Dialogue: 0,0:29:42.11,0:29:45.02,Default,,0000,0000,0000,,E: I'm also really excited\Nbecause we give a lot of presentations
Dialogue: 0,0:29:45.02,0:29:48.61,Default,,0000,0000,0000,,about security that are filled with\Ndoom and gloom and depression,
Dialogue: 0,0:29:48.61,0:29:52.19,Default,,0000,0000,0000,,so it's nice to have two major victories\Nin medical device research
Dialogue: 0,0:29:52.19,0:29:54.61,Default,,0000,0000,0000,,in the last few years.\NOne being the DMCA exemptions
Dialogue: 0,0:29:54.61,0:29:57.30,Default,,0000,0000,0000,,and the other being\Nactual product recalls.
Dialogue: 0,0:29:57.30,0:30:01.88,Default,,0000,0000,0000,,M: Yeah, and the FDA are starting\Nto take these issues seriously and
Dialogue: 0,0:30:01.88,0:30:05.70,Default,,0000,0000,0000,,they are really focusing on the cyber\Nsecurity of medical implants now.
Dialogue: 0,0:30:05.70,0:30:09.98,Default,,0000,0000,0000,,I'm going to go to a workshop\Narranged by the FDA in January
Dialogue: 0,0:30:09.98,0:30:15.64,Default,,0000,0000,0000,,and participate on a panel discussing\Ncyber security of medical implants.
Dialogue: 0,0:30:15.64,0:30:18.79,Default,,0000,0000,0000,,And it's great to have this\Ntype of interaction between
Dialogue: 0,0:30:18.79,0:30:23.27,Default,,0000,0000,0000,,the security committee, medical\Ndevice vendors and the regulators.
Dialogue: 0,0:30:23.27,0:30:24.95,Default,,0000,0000,0000,,So, things are happening.
Dialogue: 0,0:30:24.95,0:30:26.82,Default,,0000,0000,0000,,E: Yeah. How do you feel\Nas an audience,
Dialogue: 0,0:30:26.82,0:30:29.76,Default,,0000,0000,0000,,are you glad that she's going to be\Nyour representative in Washington
Dialogue: 0,0:30:29.76,0:30:31.75,Default,,0000,0000,0000,,for some of these issues?
Dialogue: 0,0:30:31.75,0:30:38.68,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:30:38.68,0:30:41.33,Default,,0000,0000,0000,,And we want you to get\Ninvolved as well, right?
Dialogue: 0,0:30:41.33,0:30:44.95,Default,,0000,0000,0000,,This is not just about Marie\Nand myself and the other people
Dialogue: 0,0:30:44.95,0:30:47.50,Default,,0000,0000,0000,,who worked on this\Nproject, it's meant say
Dialogue: 0,0:30:47.50,0:30:50.20,Default,,0000,0000,0000,,you too can do this research.\NAnd you should be.
Dialogue: 0,0:30:50.20,0:30:53.50,Default,,0000,0000,0000,,You have to be a little sensitive,\Na little bit precise and articulate
Dialogue: 0,0:30:53.50,0:30:55.03,Default,,0000,0000,0000,,about concerns.
Dialogue: 0,0:30:55.03,0:30:58.51,Default,,0000,0000,0000,,We take some inspiration from the\Nformer research around hygiene.
Dialogue: 0,0:30:58.51,0:31:01.42,Default,,0000,0000,0000,,Imagine the first time some scientist\Nwent to some other scientist and said
Dialogue: 0,0:31:01.42,0:31:04.96,Default,,0000,0000,0000,,'There is this invisible stuff,\Nand it's on your hands,
Dialogue: 0,0:31:04.96,0:31:07.21,Default,,0000,0000,0000,,and if you don't wash your hands\Npeople get infections!'
Dialogue: 0,0:31:07.21,0:31:08.24,Default,,0000,0000,0000,,And everyone thought\Nthey were crazy.
Dialogue: 0,0:31:08.24,0:31:12.05,Default,,0000,0000,0000,,Well, it's kind of the same with us\Ntalking about industrial systems
Dialogue: 0,0:31:12.05,0:31:15.84,Default,,0000,0000,0000,,or talking about medical devices\Nor talking about hacking in general.
Dialogue: 0,0:31:15.84,0:31:18.20,Default,,0000,0000,0000,,People just didn't, sort of,\Nbelieve it was possible at first.
Dialogue: 0,0:31:18.20,0:31:21.02,Default,,0000,0000,0000,,And so we have to articulate ourselves\Nvery, very carefully.
Dialogue: 0,0:31:21.02,0:31:25.20,Default,,0000,0000,0000,,So, we draw inspiration from\Nthat early hygiene movement
Dialogue: 0,0:31:25.20,0:31:28.73,Default,,0000,0000,0000,,where they had a couple simple rules\Nthat started to save people's lives
Dialogue: 0,0:31:28.73,0:31:31.53,Default,,0000,0000,0000,,while they explained germ theory\Nto the masses.
Dialogue: 0,0:31:31.53,0:31:38.14,Default,,0000,0000,0000,,M: Yeah, so, this type of research\Nis kind of low hanging fruits
Dialogue: 0,0:31:38.14,0:31:41.15,Default,,0000,0000,0000,,where you just, so...
Dialogue: 0,0:31:41.15,0:31:46.32,Default,,0000,0000,0000,,what we show here is an example,
Dialogue: 0,0:31:46.32,0:31:50.44,Default,,0000,0000,0000,,where there's a lot of medical\Ndevice networks in hospitals
Dialogue: 0,0:31:50.44,0:31:53.72,Default,,0000,0000,0000,,that are open to the internet\Nand that can get infected
Dialogue: 0,0:31:53.72,0:31:59.43,Default,,0000,0000,0000,,by normal type of malware,\Nlike banking trojans or whatever.
Dialogue: 0,0:31:59.43,0:32:03.20,Default,,0000,0000,0000,,And this is potentially a safety issue.
Dialogue: 0,0:32:03.20,0:32:08.46,Default,,0000,0000,0000,,So, if your MR scanner or some other
Dialogue: 0,0:32:08.46,0:32:12.97,Default,,0000,0000,0000,,more life-critical device\Nis being unavailable because of
Dialogue: 0,0:32:12.97,0:32:16.92,Default,,0000,0000,0000,,a virus on it,
Dialogue: 0,0:32:16.92,0:32:21.36,Default,,0000,0000,0000,,that's a real concern for patient\Nsecurity and safety.
Dialogue: 0,0:32:21.36,0:32:26.42,Default,,0000,0000,0000,,So we need to think more about\Nthe hygiene also in terms of
Dialogue: 0,0:32:26.42,0:32:29.86,Default,,0000,0000,0000,,computer viruses, not only\Njust normal viruses.
Dialogue: 0,0:32:29.86,0:32:33.13,Default,,0000,0000,0000,,E: Yeah. So, you know, some\Ntimes people will treat you like
Dialogue: 0,0:32:33.13,0:32:35.64,Default,,0000,0000,0000,,this is an entirely theoretical\Nconcern, but
Dialogue: 0,0:32:35.64,0:32:39.38,Default,,0000,0000,0000,,I think this is one of the best\Nillustrations that we've found
Dialogue: 0,0:32:39.38,0:32:42.21,Default,,0000,0000,0000,,of how that should\Nbe a concern,
Dialogue: 0,0:32:42.21,0:32:43.74,Default,,0000,0000,0000,,and I think all of you will get it,
Dialogue: 0,0:32:43.74,0:32:47.32,Default,,0000,0000,0000,,but I wanna give you a moment to kind of\Nread what's about to come up on the slides.
Dialogue: 0,0:32:47.32,0:32:59.20,Default,,0000,0000,0000,,So I'll just let you enjoy\Nthat for a moment.
Dialogue: 0,0:32:59.20,0:33:02.01,Default,,0000,0000,0000,,So if it's not clear or it's not your\Nfirst language or something,
Dialogue: 0,0:33:02.01,0:33:07.66,Default,,0000,0000,0000,,this guy basically sharded patient data\Nacross a bunch of amazon clusters.
Dialogue: 0,0:33:07.66,0:33:11.31,Default,,0000,0000,0000,,And then it was unavailable.\NAnd they were very concerned
Dialogue: 0,0:33:11.31,0:33:14.03,Default,,0000,0000,0000,,about the unavailability of their\Ncostumer patient data
Dialogue: 0,0:33:14.03,0:33:17.63,Default,,0000,0000,0000,,sharded across amazon instances.
Dialogue: 0,0:33:17.63,0:33:23.29,Default,,0000,0000,0000,,He was complaining to support, like\N'Can I get support to fix this?' {\i1}laughing{\i0}
Dialogue: 0,0:33:23.29,0:33:27.15,Default,,0000,0000,0000,,M: So, all the data of the ...
Dialogue: 0,0:33:27.15,0:33:31.58,Default,,0000,0000,0000,,... the monitoring data of the cardiac\Npatients is unavailable to them
Dialogue: 0,0:33:31.58,0:33:35.13,Default,,0000,0000,0000,,because of the service\Nbeing downed.
Dialogue: 0,0:33:35.13,0:33:43.06,Default,,0000,0000,0000,,And, well, do you want to outsource your\Npatient's safety to the cloud? Really?
Dialogue: 0,0:33:43.06,0:33:45.36,Default,,0000,0000,0000,,I don't want that.\NOkay.
Dialogue: 0,0:33:45.36,0:33:50.04,Default,,0000,0000,0000,,E: I wanna get into some other details.\NWe have sort of 10 min left if we can ...
Dialogue: 0,0:33:50.04,0:33:53.18,Default,,0000,0000,0000,,so we can have a lot of questions,\Nand I'm sure there will be some.
Dialogue: 0,0:33:53.18,0:33:57.99,Default,,0000,0000,0000,,But I want you to talk to them about\Nthis very personal story.
Dialogue: 0,0:33:57.99,0:34:00.77,Default,,0000,0000,0000,,This is... Remember before, when we\Nsaid, is this stuff theoretical?
Dialogue: 0,0:34:00.77,0:34:02.30,Default,,0000,0000,0000,,I want you to pay a lot of\Nattention to this story.
Dialogue: 0,0:34:02.30,0:34:04.30,Default,,0000,0000,0000,,It really moved me\Nwhen she first told me.
Dialogue: 0,0:34:04.30,0:34:08.65,Default,,0000,0000,0000,,M: I know how it feels to have\Nmy body controlled by a device
Dialogue: 0,0:34:08.65,0:34:12.36,Default,,0000,0000,0000,,that is not working correctly.
Dialogue: 0,0:34:12.36,0:34:18.43,Default,,0000,0000,0000,,So, I think it was around 2 or 3\Nweeks after I had the surgery.
Dialogue: 0,0:34:18.43,0:34:19.48,Default,,0000,0000,0000,,I felt fine.
Dialogue: 0,0:34:19.48,0:34:23.41,Default,,0000,0000,0000,,But I hadn't really done\Nany exercise yet.
Dialogue: 0,0:34:23.41,0:34:28.09,Default,,0000,0000,0000,,The surgery was pretty easy,\NI only had 2 weeks sick leave
Dialogue: 0,0:34:28.09,0:34:29.73,Default,,0000,0000,0000,,and then I came back to work
Dialogue: 0,0:34:29.73,0:34:30.96,Default,,0000,0000,0000,,and I went to London
Dialogue: 0,0:34:30.96,0:34:35.45,Default,,0000,0000,0000,,to participate in a course\Nin ethical hacking and
Dialogue: 0,0:34:35.45,0:34:39.77,Default,,0000,0000,0000,,I did take the London Underground\Ntogether with some of my colleges
Dialogue: 0,0:34:39.77,0:34:42.84,Default,,0000,0000,0000,,and we went of at this station\Nat Covent Garden
Dialogue: 0,0:34:42.84,0:34:46.05,Default,,0000,0000,0000,,And I don't know if you\Nhave been there but
Dialogue: 0,0:34:46.05,0:34:49.10,Default,,0000,0000,0000,,that particular station is\Nreally low underground.
Dialogue: 0,0:34:49.10,0:34:51.98,Default,,0000,0000,0000,,They have elevators that you\Ncan use to get up,
Dialogue: 0,0:34:51.98,0:34:55.14,Default,,0000,0000,0000,,but usually there are, like,\Nlong queues to the elevators...
Dialogue: 0,0:34:55.14,0:34:57.05,Default,,0000,0000,0000,,E: You always have to do\Nthings the hard way, right?
Dialogue: 0,0:34:57.05,0:34:58.12,Default,,0000,0000,0000,,M: You had to take the stairs, or
Dialogue: 0,0:34:58.12,0:35:00.83,Default,,0000,0000,0000,,they were just heading for the stairs\Nand I was following them and
Dialogue: 0,0:35:00.83,0:35:05.70,Default,,0000,0000,0000,,we were starting to climb the stairs and\NI didn't read this warning sign, which is:
Dialogue: 0,0:35:05.70,0:35:09.85,Default,,0000,0000,0000,,'Those with luggage, pushchairs & heart\Nconditions, please use the lift' {\i1}laughing{\i0}
Dialogue: 0,0:35:09.85,0:35:11.61,Default,,0000,0000,0000,,Because I was feeling fine,
Dialogue: 0,0:35:11.61,0:35:15.57,Default,,0000,0000,0000,,and this was the first time that I\Nfigured out there's something wrong
Dialogue: 0,0:35:15.57,0:35:17.86,Default,,0000,0000,0000,,with my pacemaker or with my heart.
Dialogue: 0,0:35:17.86,0:35:20.33,Default,,0000,0000,0000,,Because I came like\Nhalf way up this stairs
Dialogue: 0,0:35:20.33,0:35:23.12,Default,,0000,0000,0000,,and I felt like I was going to die.
Dialogue: 0,0:35:23.12,0:35:24.61,Default,,0000,0000,0000,,It was a really horrible feeling.
Dialogue: 0,0:35:24.61,0:35:26.43,Default,,0000,0000,0000,,I didn't have any more breath left,
Dialogue: 0,0:35:26.43,0:35:30.74,Default,,0000,0000,0000,,I felt like I wasn't able\Nto complete the stairs.
Dialogue: 0,0:35:30.74,0:35:33.65,Default,,0000,0000,0000,,I didn't know what was\Nhappening to me, but
Dialogue: 0,0:35:33.65,0:35:37.44,Default,,0000,0000,0000,,somehow I managed to\Ndrag myself up the stairs
Dialogue: 0,0:35:37.44,0:35:38.70,Default,,0000,0000,0000,,and my heart was really...
Dialogue: 0,0:35:38.70,0:35:40.83,Default,,0000,0000,0000,,it didn't feel right.
Dialogue: 0,0:35:40.83,0:35:45.04,Default,,0000,0000,0000,,So, first thing when I came\Nback from this course
Dialogue: 0,0:35:45.04,0:35:46.25,Default,,0000,0000,0000,,I went to my doctor
Dialogue: 0,0:35:46.25,0:35:49.23,Default,,0000,0000,0000,,and we started to try\Ndebug me, tried to find out
Dialogue: 0,0:35:49.23,0:35:51.67,Default,,0000,0000,0000,,what was wrong with my pacemaker.
Dialogue: 0,0:35:51.67,0:35:54.61,Default,,0000,0000,0000,,And this is how that looks like.\NE: {\i1}laughing{\i0}
Dialogue: 0,0:35:54.61,0:35:58.37,Default,,0000,0000,0000,,M: So, there's a stack\Nof different programmers
Dialogue: 0,0:35:58.37,0:36:02.41,Default,,0000,0000,0000,,- this is not me by the way, but it's\Na very similar situation.
Dialogue: 0,0:36:02.41,0:36:04.13,Default,,0000,0000,0000,,E: And we'll come back to those\Nprogrammers in a moment.
Dialogue: 0,0:36:04.13,0:36:05.18,Default,,0000,0000,0000,,M: Yeah.\NE: But the bit I want you
Dialogue: 0,0:36:05.18,0:36:08.93,Default,,0000,0000,0000,,to focus on is, like, they're\Ndebugging your pacemaker?
Dialogue: 0,0:36:08.93,0:36:11.73,Default,,0000,0000,0000,,Inside you?\NM: Yeah, I didn't know
Dialogue: 0,0:36:11.73,0:36:12.89,Default,,0000,0000,0000,,what was happening\Nat the time.
Dialogue: 0,0:36:12.89,0:36:15.26,Default,,0000,0000,0000,,We were just trying to\Nget the settings right
Dialogue: 0,0:36:15.26,0:36:19.03,Default,,0000,0000,0000,,and it took like 2 or 3 months before\Nwe figured out what was wrong.
Dialogue: 0,0:36:19.03,0:36:23.86,Default,,0000,0000,0000,,And what happened was, that my\Noperate limit was set to low for me,
Dialogue: 0,0:36:23.86,0:36:29.93,Default,,0000,0000,0000,,for my age. So, the normal pacemaker\Npatient is maybe around 80 years old
Dialogue: 0,0:36:29.93,0:36:34.05,Default,,0000,0000,0000,,and the default operate\Nlimit was 160 beats/min.
Dialogue: 0,0:36:34.05,0:36:36.75,Default,,0000,0000,0000,,And that's pretty low for\Na young person.
Dialogue: 0,0:36:36.75,0:36:40.42,Default,,0000,0000,0000,,E: So, imagine, like, you're younger\Nand you're really fit and you know
Dialogue: 0,0:36:40.42,0:36:43.93,Default,,0000,0000,0000,,how to do something really well,\Nlike swimming or skiing or skateboarding
Dialogue: 0,0:36:43.93,0:36:47.18,Default,,0000,0000,0000,,or whatever. You're fantastic at it.\NAnd then a couple years go past
Dialogue: 0,0:36:47.18,0:36:49.87,Default,,0000,0000,0000,,and you know, you gain some weight\Nand you're not as good at it, right?
Dialogue: 0,0:36:49.87,0:36:53.04,Default,,0000,0000,0000,,But now imagine that\Nhappens in 3 seconds.
Dialogue: 0,0:36:53.04,0:36:54.58,Default,,0000,0000,0000,,While you're walking\Nup a set of stairs.
Dialogue: 0,0:36:54.58,0:36:57.47,Default,,0000,0000,0000,,M: So, what happens is that\Nthe pacemaker detects
Dialogue: 0,0:36:57.47,0:37:01.57,Default,,0000,0000,0000,,'Oh, you have a really high pulse'.\NAnd there's a safety mechanism
Dialogue: 0,0:37:01.57,0:37:04.69,Default,,0000,0000,0000,,that will cut your pulse in half ...\NE: In half!
Dialogue: 0,0:37:04.69,0:37:07.38,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NM: {\i1}laughing{\i0} So in my case it went
Dialogue: 0,0:37:07.38,0:37:11.05,Default,,0000,0000,0000,,from 160 beats/min to 80 beats/min.\NIn a second, or less than a second,
Dialogue: 0,0:37:11.05,0:37:14.37,Default,,0000,0000,0000,,and that felt really, really horrible.
Dialogue: 0,0:37:14.37,0:37:16.48,Default,,0000,0000,0000,,And it took a long time\Nto figure out what was wrong.
Dialogue: 0,0:37:16.48,0:37:20.89,Default,,0000,0000,0000,,It wasn't until they put me on\Nan exercise bike and
Dialogue: 0,0:37:20.89,0:37:24.52,Default,,0000,0000,0000,,had me on monitoring that they\Nfigured out what was wrong, because
Dialogue: 0,0:37:24.52,0:37:31.40,Default,,0000,0000,0000,,the thing was, that what was displayed\Non the pacemaker technician's view
Dialogue: 0,0:37:31.40,0:37:35.73,Default,,0000,0000,0000,,was not the same settings that\Nmy pacemaker actually had.
Dialogue: 0,0:37:35.73,0:37:41.34,Default,,0000,0000,0000,,There was a software bug in the\Nprogrammer, that caused this problem.
Dialogue: 0,0:37:41.34,0:37:45.61,Default,,0000,0000,0000,,E: So they thought they had updated\Nher settings to be that of a young person.
Dialogue: 0,0:37:45.61,0:37:47.08,Default,,0000,0000,0000,,They were like\N'Oh, we've already changed it'.
Dialogue: 0,0:37:47.08,0:37:51.39,Default,,0000,0000,0000,,But they lost the view. They couldn't\Nsee the actual state of the pacemaker.
Dialogue: 0,0:37:51.39,0:37:53.98,Default,,0000,0000,0000,,And the only way to figure that out\Nwas to put her on a bike
Dialogue: 0,0:37:53.98,0:37:57.19,Default,,0000,0000,0000,,and let her cycle until her\Nheart rate was high enough.
Dialogue: 0,0:37:57.19,0:38:00.23,Default,,0000,0000,0000,,You know, literally physically\Ndebugging her to figure out
Dialogue: 0,0:38:00.23,0:38:00.85,Default,,0000,0000,0000,,what was wrong.
Dialogue: 0,0:38:00.85,0:38:04.25,Default,,0000,0000,0000,,Now stop and think about whether or not\Nyou would trust your doctor
Dialogue: 0,0:38:04.25,0:38:06.89,Default,,0000,0000,0000,,to debug software.
Dialogue: 0,0:38:06.89,0:38:10.80,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:38:10.80,0:38:14.05,Default,,0000,0000,0000,,So, say a little bit more about those\Nprogrammers and then we'll move on
Dialogue: 0,0:38:14.05,0:38:14.86,Default,,0000,0000,0000,,towards the future.
Dialogue: 0,0:38:14.86,0:38:19.24,Default,,0000,0000,0000,,M: Yeah, so, we got hold of one of these\Nprogrammers, as mentioned
Dialogue: 0,0:38:19.24,0:38:20.50,Default,,0000,0000,0000,,and looked inside it.
Dialogue: 0,0:38:20.50,0:38:24.16,Default,,0000,0000,0000,,And, well, we named this talk\N'Unpatchable', because
Dialogue: 0,0:38:24.16,0:38:29.93,Default,,0000,0000,0000,,originally my hypothesis was that,\Nif you find a bug in a pacemaker
Dialogue: 0,0:38:29.93,0:38:32.63,Default,,0000,0000,0000,,it will be hard to patch it.
Dialogue: 0,0:38:32.63,0:38:34.55,Default,,0000,0000,0000,,Maybe it would require surgery.
Dialogue: 0,0:38:34.55,0:38:37.37,Default,,0000,0000,0000,,But then when we looked\Ninside the programmer
Dialogue: 0,0:38:37.37,0:38:42.52,Default,,0000,0000,0000,,and we saw that it contained firmware\Nfor pacemakers we realized that
Dialogue: 0,0:38:42.52,0:38:46.17,Default,,0000,0000,0000,,it's possible to actually patch the\Npacemaker via this programmer.
Dialogue: 0,0:38:46.17,0:38:49.50,Default,,0000,0000,0000,,E: One of the other researchers\Nfinds these firmware blobs inside
Dialogue: 0,0:38:49.50,0:38:53.29,Default,,0000,0000,0000,,the programmer code and, like,\Nmy heart stopped at that point, right?
Dialogue: 0,0:38:53.29,0:39:00.16,Default,,0000,0000,0000,,I was just going 'Really, you can just\Nupdate the code on someones pacemaker?'
Dialogue: 0,0:39:00.16,0:39:01.92,Default,,0000,0000,0000,,We also wanna say something\Nabout standardization.
Dialogue: 0,0:39:01.92,0:39:02.84,Default,,0000,0000,0000,,Look at all those\Ndifferent programmers.
Dialogue: 0,0:39:02.84,0:39:05.68,Default,,0000,0000,0000,,Someone goes into a hospital\Nwith one of these devices
Dialogue: 0,0:39:05.68,0:39:08.94,Default,,0000,0000,0000,,they have may different programmers\Nso they have to make an estimation
Dialogue: 0,0:39:08.94,0:39:12.73,Default,,0000,0000,0000,,of which... you know, which\Nprogrammer for which device.
Dialogue: 0,0:39:12.73,0:39:14.00,Default,,0000,0000,0000,,Like, which one are you running.
Dialogue: 0,0:39:14.00,0:39:18.07,Default,,0000,0000,0000,,And, so, some standardization\Nwould be an option {\i1}laughing{\i0}
Dialogue: 0,0:39:18.07,0:39:20.41,Default,,0000,0000,0000,,perhaps, in this case.\NM: Yeah.
Dialogue: 0,0:39:20.41,0:39:23.11,Default,,0000,0000,0000,,E: Alright. So, we gonna need\Nto move quickly through
Dialogue: 0,0:39:23.11,0:39:25.40,Default,,0000,0000,0000,,the next few slides to talk\Nto you about the future,
Dialogue: 0,0:39:25.40,0:39:28.94,Default,,0000,0000,0000,,but I hope that drives home that\Nthis is a very real issue for real people.
Dialogue: 0,0:39:28.94,0:39:32.77,Default,,0000,0000,0000,,M: So, pacemakers are evolving and\Nthey are getting smaller
Dialogue: 0,0:39:32.77,0:39:36.06,Default,,0000,0000,0000,,and this is the type of pacemaker\Nthat you can actually implant
Dialogue: 0,0:39:36.06,0:39:37.07,Default,,0000,0000,0000,,inside the heart.
Dialogue: 0,0:39:37.07,0:39:42.13,Default,,0000,0000,0000,,So, the pacemaker I have today\Nis outside the heart and it has
Dialogue: 0,0:39:42.13,0:39:44.36,Default,,0000,0000,0000,,leads that are wired to my heart.
Dialogue: 0,0:39:44.36,0:39:50.60,Default,,0000,0000,0000,,But in future they are getting\Nsmaller and more sophisticated and
Dialogue: 0,0:39:50.60,0:39:52.73,Default,,0000,0000,0000,,I think this is exciting!
Dialogue: 0,0:39:52.73,0:39:54.95,Default,,0000,0000,0000,,I think that a lot of you,\Nalso in the audience will
Dialogue: 0,0:39:54.95,0:39:58.06,Default,,0000,0000,0000,,benefit from having this type of\Ntechnology when you grow older
Dialogue: 0,0:39:58.06,0:40:02.05,Default,,0000,0000,0000,,and we can have longer lives and\Nwe can live more healthier lives
Dialogue: 0,0:40:02.05,0:40:04.68,Default,,0000,0000,0000,,because of the technology\NE: And keep in mind, right?
Dialogue: 0,0:40:04.68,0:40:06.90,Default,,0000,0000,0000,,Some of you may already have devices\Nand already have this issues,
Dialogue: 0,0:40:06.90,0:40:09.55,Default,,0000,0000,0000,,but others of you will think 'Ah, that\Nwon't happen to me for quite a long time'
Dialogue: 0,0:40:09.55,0:40:13.20,Default,,0000,0000,0000,,But it can be a sudden thing, that,\Nyou know, you don't necessarily
Dialogue: 0,0:40:13.20,0:40:17.14,Default,,0000,0000,0000,,have a choice to run code\Ninside your body.
Dialogue: 0,0:40:17.14,0:40:21.34,Default,,0000,0000,0000,,Which OS do you wanna implant?\N{\i1}laughing{\i0}
Dialogue: 0,0:40:21.34,0:40:25.22,Default,,0000,0000,0000,,You wanna tell them about the..
Dialogue: 0,0:40:25.22,0:40:27.08,Default,,0000,0000,0000,,M: This is also a quite exciting
Dialogue: 0,0:40:27.08,0:40:29.61,Default,,0000,0000,0000,,maybe future type of implants\Nthat you can have.
Dialogue: 0,0:40:29.61,0:40:34.32,Default,,0000,0000,0000,,So, this is actually a cardiac sock,\Nit's 3D-printed and it's making
Dialogue: 0,0:40:34.32,0:40:38.37,Default,,0000,0000,0000,,a rabbit's heart beat outside\Nthe body of the rabbit.
Dialogue: 0,0:40:38.37,0:40:41.27,Default,,0000,0000,0000,,So, there's a lot of technology\Nand sensors and things that
Dialogue: 0,0:40:41.27,0:40:44.17,Default,,0000,0000,0000,,are going to be implanted\Nin our bodies
Dialogue: 0,0:40:44.17,0:40:46.84,Default,,0000,0000,0000,,and I think more of you will become\Ncyborgs like me in the future
Dialogue: 0,0:40:46.84,0:40:49.80,Default,,0000,0000,0000,,E: And there's a lot of work\Nthat you could be doing.
Dialogue: 0,0:40:49.80,0:40:51.40,Default,,0000,0000,0000,,You know, 3D-printing\Nthis devices,
Dialogue: 0,0:40:51.40,0:40:57.11,Default,,0000,0000,0000,,and open sourcing as much\Nof this as possible.
Dialogue: 0,0:40:57.11,0:40:58.86,Default,,0000,0000,0000,,There's a lot to say here, right?
Dialogue: 0,0:40:58.86,0:41:02.86,Default,,0000,0000,0000,,I think it's time to address\Nthe really scary issue.
Dialogue: 0,0:41:02.86,0:41:07.55,Default,,0000,0000,0000,,The informed consent issue\Naround patching, right?
Dialogue: 0,0:41:07.55,0:41:09.75,Default,,0000,0000,0000,,Remember earlier we were\Ntalking about the programmers
Dialogue: 0,0:41:09.75,0:41:11.98,Default,,0000,0000,0000,,and we pointed out that there\Nwere firmware blobs in there
Dialogue: 0,0:41:11.98,0:41:14.28,Default,,0000,0000,0000,,and that these people,\Nyou know, your doctor or nurse
Dialogue: 0,0:41:14.28,0:41:18.95,Default,,0000,0000,0000,,could upgrade the code\Nrunning on your medical implant.
Dialogue: 0,0:41:18.95,0:41:23.76,Default,,0000,0000,0000,,Now, is there a legal requirement\Nfor them to inform you,
Dialogue: 0,0:41:23.76,0:41:26.65,Default,,0000,0000,0000,,before they alter the code\Nthat's running inside your body?
Dialogue: 0,0:41:26.65,0:41:27.49,Default,,0000,0000,0000,,As far as we can tell
Dialogue: 0,0:41:27.49,0:41:30.48,Default,,0000,0000,0000,,- and we need to look at a lot of\Ndifferent countries at the same time,
Dialogue: 0,0:41:30.48,0:41:32.33,Default,,0000,0000,0000,,so we gonna ask you to help us -
Dialogue: 0,0:41:32.33,0:41:34.69,Default,,0000,0000,0000,,as far as we can tell there are not\Nlaws requiring your doctor
Dialogue: 0,0:41:34.69,0:41:40.36,Default,,0000,0000,0000,,to tell you that they are upgrading\Nthe firmware in your device.
Dialogue: 0,0:41:40.36,0:41:43.78,Default,,0000,0000,0000,,M: Yeah, think about that {\i1} laughs{\i0}
Dialogue: 0,0:41:43.78,0:41:44.78,Default,,0000,0000,0000,,It's a quite scary thing.
Dialogue: 0,0:41:44.78,0:41:48.97,Default,,0000,0000,0000,,I want to know what's happening\Nto my implant, the code,
Dialogue: 0,0:41:48.97,0:41:53.07,Default,,0000,0000,0000,,if someone wants to alter the code\Ninside my body, I would like to know
Dialogue: 0,0:41:53.07,0:41:57.25,Default,,0000,0000,0000,,and I would like to make\Nan informed decision on that
Dialogue: 0,0:41:57.25,0:41:59.47,Default,,0000,0000,0000,,and give my consent\Nbefore it happens.
Dialogue: 0,0:41:59.47,0:42:02.23,Default,,0000,0000,0000,,E: You might even choose a device\Nwhere that's possible or not possible
Dialogue: 0,0:42:02.23,0:42:05.64,Default,,0000,0000,0000,,because you're making a risk-based\Ndecision and you're an informed consumer
Dialogue: 0,0:42:05.64,0:42:07.80,Default,,0000,0000,0000,,but how do we help people,\Nwho don't wanna understand
Dialogue: 0,0:42:07.80,0:42:11.19,Default,,0000,0000,0000,,software and firmware and upgrades\Nmake those decisions in the future as well.
Dialogue: 0,0:42:11.19,0:42:15.57,Default,,0000,0000,0000,,Alright.
Dialogue: 0,0:42:15.57,0:42:17.32,Default,,0000,0000,0000,,M: So now, if we're going to go through
Dialogue: 0,0:42:17.32,0:42:21.95,Default,,0000,0000,0000,,all this, but there's a lot of reasons\Nwhy we're in the situations of having
Dialogue: 0,0:42:21.95,0:42:23.87,Default,,0000,0000,0000,,insecure medical devices.
Dialogue: 0,0:42:23.87,0:42:29.04,Default,,0000,0000,0000,,There's a lot of legacy technology because\Nthere's a long lifetime of this devices
Dialogue: 0,0:42:29.04,0:42:31.91,Default,,0000,0000,0000,,and it takes a long time\Nto get them on the market.
Dialogue: 0,0:42:31.91,0:42:35.68,Default,,0000,0000,0000,,And they can be patched,\Nbut in some cases
Dialogue: 0,0:42:35.68,0:42:40.79,Default,,0000,0000,0000,,they are not patched or there are\Nno software updates applied to them.
Dialogue: 0,0:42:40.79,0:42:48.03,Default,,0000,0000,0000,,We don't have any third party\Nsecurity testing of the devices,
Dialogue: 0,0:42:48.03,0:42:49.49,Default,,0000,0000,0000,,and that's really needed in my opinion.
Dialogue: 0,0:42:49.49,0:42:50.77,Default,,0000,0000,0000,,E: Right, an underwriters laboratory
Dialogue: 0,0:42:50.77,0:42:55.19,Default,,0000,0000,0000,,or consumer laboratory that's there\Nto check some of these details.
Dialogue: 0,0:42:55.19,0:42:58.59,Default,,0000,0000,0000,,And I don't think that's unreasonable,\Nright? That sort of approach.
Dialogue: 0,0:42:58.59,0:43:02.04,Default,,0000,0000,0000,,M: And there's a lack of regulations,\Nalso. So there's a lot of things
Dialogue: 0,0:43:02.04,0:43:04.61,Default,,0000,0000,0000,,that should be worked on.
Dialogue: 0,0:43:04.61,0:43:07.27,Default,,0000,0000,0000,,E: So, there's a lot of\Nways to solve this
Dialogue: 0,0:43:07.27,0:43:09.64,Default,,0000,0000,0000,,and we're not gonna give you\N{\i1}the{\i0} answer, because we're not
Dialogue: 0,0:43:09.64,0:43:13.42,Default,,0000,0000,0000,,geniuses, so we're\Ngonna say that
Dialogue: 0,0:43:13.42,0:43:16.37,Default,,0000,0000,0000,,these are some different\Napproaches that we see all
Dialogue: 0,0:43:16.37,0:43:19.70,Default,,0000,0000,0000,,playing in a solution space.
Dialogue: 0,0:43:19.70,0:43:22.27,Default,,0000,0000,0000,,So, vendor awareness is\Nobviously important, but
Dialogue: 0,0:43:22.27,0:43:23.95,Default,,0000,0000,0000,,that's not the only thing.\NA lot of the vendors have been
Dialogue: 0,0:43:23.95,0:43:27.89,Default,,0000,0000,0000,,very supportive and\Nvery open to discussion,
Dialogue: 0,0:43:27.89,0:43:31.75,Default,,0000,0000,0000,,of transparency, that needs to\Nhappen more in the future, right?
Dialogue: 0,0:43:31.75,0:43:34.39,Default,,0000,0000,0000,,Security risk monitoring,\NI've been working in the field
Dialogue: 0,0:43:34.39,0:43:38.60,Default,,0000,0000,0000,,of cyber insurance, which I'm sure\Nsounds like insanity to the rest of you,
Dialogue: 0,0:43:38.60,0:43:42.88,Default,,0000,0000,0000,,and it is, there are bad days.\NBut that could play a part
Dialogue: 0,0:43:42.88,0:43:45.53,Default,,0000,0000,0000,,in this risk equation in the future.
Dialogue: 0,0:43:45.53,0:43:49.71,Default,,0000,0000,0000,,What about medical incidence response,\Nright? Or medical device forensics.
Dialogue: 0,0:43:49.71,0:43:53.66,Default,,0000,0000,0000,,M: If I suddenly drop dead\NI really would like to have
Dialogue: 0,0:43:53.66,0:43:57.16,Default,,0000,0000,0000,,a forensic analysis\Nof my pacemaker, to ...
Dialogue: 0,0:43:57.16,0:44:00.96,Default,,0000,0000,0000,,E: Please remember that, all of you!\NLike, if anything is going to happen
Dialogue: 0,0:44:00.96,0:44:04.66,Default,,0000,0000,0000,,to Marie... everyone asked that, right?\NLike, 'Aren't you afraid of giving this talk?'
Dialogue: 0,0:44:04.66,0:44:06.95,Default,,0000,0000,0000,,And we thought about it,\Nwe talked about it a lot and
Dialogue: 0,0:44:06.95,0:44:09.50,Default,,0000,0000,0000,,she's got a lot of support\Nfrom her husband and her son
Dialogue: 0,0:44:09.50,0:44:12.88,Default,,0000,0000,0000,,and her family and a bunch of us.\NIf anything happens to this woman
Dialogue: 0,0:44:12.88,0:44:15.38,Default,,0000,0000,0000,,I hope that we will all be doing\Nforensic analysis
Dialogue: 0,0:44:15.38,0:44:17.11,Default,,0000,0000,0000,,of everything.
Dialogue: 0,0:44:17.11,0:44:24.58,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:44:24.58,0:44:32.47,Default,,0000,0000,0000,,Cool. So, we'll say a little bit about\N'I Am The Cavalry' and social contract
Dialogue: 0,0:44:32.47,0:44:34.59,Default,,0000,0000,0000,,and then we'll wrap it up, okay?
Dialogue: 0,0:44:34.59,0:44:37.84,Default,,0000,0000,0000,,So, 'I Am The Cavalry' does\Na lot of grassroots research
Dialogue: 0,0:44:37.84,0:44:41.45,Default,,0000,0000,0000,,and support and lobbying and\Ntries to articulate these messages.
Dialogue: 0,0:44:41.45,0:44:44.23,Default,,0000,0000,0000,,They have a medical implant\Narm that has a bunch of
Dialogue: 0,0:44:44.23,0:44:46.35,Default,,0000,0000,0000,,different researchers doing\Nthis kind of stuff.
Dialogue: 0,0:44:46.35,0:44:48.58,Default,,0000,0000,0000,,Do you wanna say more about them?
Dialogue: 0,0:44:48.58,0:44:52.43,Default,,0000,0000,0000,,M: Yeah, so we are both\Npart of the Cavalry,
Dialogue: 0,0:44:52.43,0:44:56.00,Default,,0000,0000,0000,,because no one is coming\Nto save us from the future
Dialogue: 0,0:44:56.00,0:44:59.84,Default,,0000,0000,0000,,of being more depended on\Ntrusting our lives on machines
Dialogue: 0,0:44:59.84,0:45:04.39,Default,,0000,0000,0000,,so, that's why we need to step up\Nand do the research and
Dialogue: 0,0:45:04.39,0:45:06.55,Default,,0000,0000,0000,,encourage and inspire the research.
Dialogue: 0,0:45:06.55,0:45:09.46,Default,,0000,0000,0000,,So, that's why I joined\N'I Am The Cavalry'
Dialogue: 0,0:45:09.46,0:45:12.75,Default,,0000,0000,0000,,and I think it's a\Ngood thing to have
Dialogue: 0,0:45:12.75,0:45:15.66,Default,,0000,0000,0000,,a collaboration effort between\Nresearchers, between the vendors
Dialogue: 0,0:45:15.66,0:45:21.06,Default,,0000,0000,0000,,and the regulators, as they are,\Nor we are working with.
Dialogue: 0,0:45:21.06,0:45:25.01,Default,,0000,0000,0000,,E: We also think that even if you\Ndon't do reverse engineering
Dialogue: 0,0:45:25.01,0:45:28.04,Default,,0000,0000,0000,,or you're not interested in\Nsecurity details or the opcodes
Dialogue: 0,0:45:28.04,0:45:30.13,Default,,0000,0000,0000,,that are inside the firmwares\Nor whatever,
Dialogue: 0,0:45:30.13,0:45:33.06,Default,,0000,0000,0000,,this question is a question that\Nany of you here can talk about
Dialogue: 0,0:45:33.06,0:45:36.31,Default,,0000,0000,0000,,for the rest of the congress and\Ngoing forward into the future.
Dialogue: 0,0:45:36.31,0:45:37.24,Default,,0000,0000,0000,,Right?
Dialogue: 0,0:45:37.24,0:45:39.99,Default,,0000,0000,0000,,This is Marie's, so go ahead.
Dialogue: 0,0:45:39.99,0:45:47.82,Default,,0000,0000,0000,,M: Yeah, so, I really want to know\Nwhat code is running inside my body.
Dialogue: 0,0:45:47.82,0:45:49.03,Default,,0000,0000,0000,,And I want to know ...
Dialogue: 0,0:45:49.03,0:45:55.39,Default,,0000,0000,0000,,or I want to have a social contract\Nwith my medical doctors and
Dialogue: 0,0:45:55.39,0:45:58.78,Default,,0000,0000,0000,,my physician that is giving me\Nthis implants.
Dialogue: 0,0:45:58.78,0:46:05.57,Default,,0000,0000,0000,,It needs to be based on a\Npatient-to-doctor trust relationship.
Dialogue: 0,0:46:05.57,0:46:08.62,Default,,0000,0000,0000,,And also between\Nme and the vendors.
Dialogue: 0,0:46:08.62,0:46:13.21,Default,,0000,0000,0000,,So I really want to know that\NI can trust this machine inside...
Dialogue: 0,0:46:13.21,0:46:15.51,Default,,0000,0000,0000,,E: And we think many of you will\Nbe facing similar questions
Dialogue: 0,0:46:15.51,0:46:17.00,Default,,0000,0000,0000,,to these in the future.
Dialogue: 0,0:46:17.00,0:46:20.24,Default,,0000,0000,0000,,I have questions.\NSome of my questions are serious,
Dialogue: 0,0:46:20.24,0:46:25.26,Default,,0000,0000,0000,,some of my questions are\Nnot serious, like this one:
Dialogue: 0,0:46:25.26,0:46:27.77,Default,,0000,0000,0000,,Is the code on your dress\Nfrom your pacemaker?
Dialogue: 0,0:46:27.77,0:46:31.66,Default,,0000,0000,0000,,M: No, actually it's from the\Ncomputer game 'Doom'.
Dialogue: 0,0:46:31.66,0:46:33.09,Default,,0000,0000,0000,,But ...\N{\i1}laughter{\i0}
Dialogue: 0,0:46:33.09,0:46:36.18,Default,,0000,0000,0000,,once I have the {\i1}laughing{\i0}\Ncode of my pacemaker
Dialogue: 0,0:46:36.18,0:46:38.79,Default,,0000,0000,0000,,I'm going to make a custom-\Nordered dress and get it...
Dialogue: 0,0:46:38.79,0:46:44.97,Default,,0000,0000,0000,,E: Which is pretty cool, right?\NM: ... get it with my own code.
Dialogue: 0,0:46:44.97,0:46:48.71,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:46:48.71,0:46:53.71,Default,,0000,0000,0000,,So, let's wrap up with... what we\Nwant to have of future research.
Dialogue: 0,0:46:53.71,0:46:57.19,Default,,0000,0000,0000,,So, we encourage more research,\Nand these are some things that
Dialogue: 0,0:46:57.19,0:46:59.22,Default,,0000,0000,0000,,could be looked into.
Dialogue: 0,0:46:59.22,0:47:02.97,Default,,0000,0000,0000,,Like open source medical devices,\Nthat doesn't really exist,
Dialogue: 0,0:47:02.97,0:47:05.32,Default,,0000,0000,0000,,at least not for pacemakers.
Dialogue: 0,0:47:05.32,0:47:09.18,Default,,0000,0000,0000,,But I think that's one way\Nof going forward.
Dialogue: 0,0:47:09.18,0:47:13.71,Default,,0000,0000,0000,,E: I think it's also an opportunity\Nfor us to mention a really scary idea,
Dialogue: 0,0:47:13.71,0:47:18.20,Default,,0000,0000,0000,,which is, you know, should anyone\Nhave a golden key to Marie's heart,
Dialogue: 0,0:47:18.20,0:47:22.07,Default,,0000,0000,0000,,should there be backdoored\Nencryption inside of her heart?
Dialogue: 0,0:47:22.07,0:47:24.91,Default,,0000,0000,0000,,We think no {\i1}laughing{\i0}\Nbut that...
Dialogue: 0,0:47:24.91,0:47:28.29,Default,,0000,0000,0000,,M: I don't see any reason why\Nthe NSA should be able to
Dialogue: 0,0:47:28.29,0:47:31.13,Default,,0000,0000,0000,,have a back door to my heart,\Ndo you?
Dialogue: 0,0:47:31.13,0:47:33.89,Default,,0000,0000,0000,,E: You would be an extremist,\Nthat's why you don't want them
Dialogue: 0,0:47:33.89,0:47:37.38,Default,,0000,0000,0000,,to have a back door to your heart.\NBut this is a serious question, right?
Dialogue: 0,0:47:37.38,0:47:39.48,Default,,0000,0000,0000,,If you start backdooring\Nany kind of crypto anywhere,
Dialogue: 0,0:47:39.48,0:47:41.32,Default,,0000,0000,0000,,how do you know,\Nwhere it's gonna end up.
Dialogue: 0,0:47:41.32,0:47:46.55,Default,,0000,0000,0000,,It might end up in medical devices\Nand we think that's unacceptable.
Dialogue: 0,0:47:46.55,0:47:58.41,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:47:58.41,0:48:05.40,Default,,0000,0000,0000,,M: And we should also mention\Nthat we're not doing this alone,
Dialogue: 0,0:48:05.40,0:48:09.28,Default,,0000,0000,0000,,we have other researchers\Nhelping us forward doing this.
Dialogue: 0,0:48:09.28,0:48:12.23,Default,,0000,0000,0000,,Angel: So, thank you very much\Nfor this thrilling talk,
Dialogue: 0,0:48:12.23,0:48:15.25,Default,,0000,0000,0000,,we're now doing a little\NQ&A for 10 min,
Dialogue: 0,0:48:15.25,0:48:19.63,Default,,0000,0000,0000,,and for the Q&A please keep in mind\Nto respect Marie's privacy, so
Dialogue: 0,0:48:19.63,0:48:23.34,Default,,0000,0000,0000,,don't ask for details about
Dialogue: 0,0:48:23.34,0:48:24.76,Default,,0000,0000,0000,,the implant or\Nsomething like that.
Dialogue: 0,0:48:24.76,0:48:26.82,Default,,0000,0000,0000,,E: Yeah, the brands and stuff.
Dialogue: 0,0:48:26.82,0:48:29.53,Default,,0000,0000,0000,,We're gonna tell you, what OS\Nshe's running.
Dialogue: 0,0:48:29.53,0:48:35.13,Default,,0000,0000,0000,,Angel: People, who are now leaving\Nthe room, they will not be able
Dialogue: 0,0:48:35.13,0:48:41.44,Default,,0000,0000,0000,,to come back in, because
Dialogue: 0,0:48:41.44,0:48:43.03,Default,,0000,0000,0000,,of measures {\i1}laughing{\i0}\N{\i1}laughter{\i0}
Dialogue: 0,0:48:43.03,0:48:48.32,Default,,0000,0000,0000,,So, let's start with the Q&A!\NLet's start with this microphone there.
Dialogue: 0,0:48:48.32,0:48:54.10,Default,,0000,0000,0000,,Q: Hi, first of all thank you very much\Nfor a very fascinating talk.
Dialogue: 0,0:48:54.10,0:48:56.64,Default,,0000,0000,0000,,I'm not going to ask you\Nabout specific vendors.
Dialogue: 0,0:48:56.64,0:49:01.34,Default,,0000,0000,0000,,However, I thought it was very\Ninteresting what you said, that
Dialogue: 0,0:49:01.34,0:49:05.72,Default,,0000,0000,0000,,most vendors were really supportive\NI would like to know whether
Dialogue: 0,0:49:05.72,0:49:09.10,Default,,0000,0000,0000,,there have been\Nexceptions to that rule,
Dialogue: 0,0:49:09.10,0:49:13.76,Default,,0000,0000,0000,,not who it was or anything like that\Nbut what kind of arguments
Dialogue: 0,0:49:13.76,0:49:19.27,Default,,0000,0000,0000,,you may have heard from vendors\Ne. g. have they referred to anything
Dialogue: 0,0:49:19.27,0:49:24.22,Default,,0000,0000,0000,,such as trade secrets or copyright\Nor any other legal reasons
Dialogue: 0,0:49:24.22,0:49:28.10,Default,,0000,0000,0000,,why not to give you,\Nor not to give public access
Dialogue: 0,0:49:28.10,0:49:33.21,Default,,0000,0000,0000,,to information about devices?\NThank you.
Dialogue: 0,0:49:33.21,0:49:41.56,Default,,0000,0000,0000,,E: So, we haven't had any legal\Nissues so far in this research.
Dialogue: 0,0:49:41.56,0:49:44.94,Default,,0000,0000,0000,,And in general they haven't been\Nconcerned about copyright.
Dialogue: 0,0:49:44.94,0:49:47.84,Default,,0000,0000,0000,,I think they're more concerned\Nabout press, bad press,
Dialogue: 0,0:49:47.84,0:49:51.11,Default,,0000,0000,0000,,and a hype, you know, what\Nthey would see as hype.
Dialogue: 0,0:49:51.11,0:49:55.16,Default,,0000,0000,0000,,they don't wanna see us scaring\Npeople away from these things
Dialogue: 0,0:49:55.16,0:49:56.42,Default,,0000,0000,0000,,with, you know, these stories.
Dialogue: 0,0:49:56.42,0:50:00.29,Default,,0000,0000,0000,,M: Yeah, that's also something\NI'm concerned of, of course,
Dialogue: 0,0:50:00.29,0:50:03.23,Default,,0000,0000,0000,,as a patient. I don't want to\Nscare my fellow patients
Dialogue: 0,0:50:03.23,0:50:06.00,Default,,0000,0000,0000,,from having life-critical\Nimplants in their body.
Dialogue: 0,0:50:06.00,0:50:10.70,Default,,0000,0000,0000,,Because a lot of people need\Nthem, like me, to survive.
Dialogue: 0,0:50:10.70,0:50:15.82,Default,,0000,0000,0000,,So, the benefit clearly\Noutweighs the risk in my case.
Dialogue: 0,0:50:15.82,0:50:18.81,Default,,0000,0000,0000,,E: But that seems to be their\Nmain concern, like, you know,
Dialogue: 0,0:50:18.81,0:50:19.76,Default,,0000,0000,0000,,'Don't give us too\Nmuch bad press'
Dialogue: 0,0:50:19.76,0:50:25.20,Default,,0000,0000,0000,,Angel: Ok, next question\Nfrom over there.
Dialogue: 0,0:50:25.20,0:50:31.90,Default,,0000,0000,0000,,Q: Hello. I wanted to ask you, if you\Nknow about any existing initiatives
Dialogue: 0,0:50:31.90,0:50:35.48,Default,,0000,0000,0000,,on open sourcing\Nthe medical devices,
Dialogue: 0,0:50:35.48,0:50:40.25,Default,,0000,0000,0000,,on mandating the open sourcing\Nof the software and firmware
Dialogue: 0,0:50:40.25,0:50:43.98,Default,,0000,0000,0000,,through the legal system,\Nin European Union, in United States
Dialogue: 0,0:50:43.98,0:50:47.76,Default,,0000,0000,0000,,because I think I've read\Nabout such initiatives
Dialogue: 0,0:50:47.76,0:50:51.05,Default,,0000,0000,0000,,about 1 year ago or so,\Nbut it was just a glimpse.
Dialogue: 0,0:50:51.05,0:50:56.17,Default,,0000,0000,0000,,M: So, there are some patients\Nthat have reverse engineered their
Dialogue: 0,0:50:56.17,0:50:57.78,Default,,0000,0000,0000,,{\i1}no audio{\i0}
Dialogue: 0,0:50:57.78,0:51:04.31,Default,,0000,0000,0000,,(insu)lin pumps. I know, that\Nthere are groups of patients
Dialogue: 0,0:51:04.31,0:51:07.74,Default,,0000,0000,0000,,like the parents of children\Nwith insulin pumps.
Dialogue: 0,0:51:07.74,0:51:10.76,Default,,0000,0000,0000,,They have created\Nsoftware to be able...
Dialogue: 0,0:51:10.76,0:51:14.18,Default,,0000,0000,0000,,to have an app on their\Nmobile phone to be able
Dialogue: 0,0:51:14.18,0:51:17.41,Default,,0000,0000,0000,,to monitor their child's\Nblood sugar levels.
Dialogue: 0,0:51:17.41,0:51:21.39,Default,,0000,0000,0000,,So that's one way of\Ndoing this open source
Dialogue: 0,0:51:21.39,0:51:23.25,Default,,0000,0000,0000,,and I think that's great.
Dialogue: 0,0:51:23.25,0:51:26.54,Default,,0000,0000,0000,,Q: But nothing\Nin the legal systems,
Dialogue: 0,0:51:26.54,0:51:32.64,Default,,0000,0000,0000,,no initiatives to mandate this,\Ne.g. on European level?
Dialogue: 0,0:51:32.64,0:51:34.48,Default,,0000,0000,0000,,E: Not so far that we've seen,
Dialogue: 0,0:51:34.48,0:51:36.28,Default,,0000,0000,0000,,but that's something that\Ncan be discussed now, right?
Dialogue: 0,0:51:36.28,0:51:38.77,Default,,0000,0000,0000,,M: I think it's really interesting,\Nyou could look into the legal
Dialogue: 0,0:51:38.77,0:51:41.76,Default,,0000,0000,0000,,aspects and the regulations\Naround this, yeah.
Dialogue: 0,0:51:41.76,0:51:43.05,Default,,0000,0000,0000,,Q: Thank you.
Dialogue: 0,0:51:43.05,0:51:45.51,Default,,0000,0000,0000,,Angel: Ok, can we have\Na question from the internet?
Dialogue: 0,0:51:45.51,0:51:49.25,Default,,0000,0000,0000,,Q: Yes, from the IRC someone asks:
Dialogue: 0,0:51:49.25,0:51:52.89,Default,,0000,0000,0000,,'Does your pacemaker\Nhave a biofeedback,
Dialogue: 0,0:51:52.89,0:51:56.30,Default,,0000,0000,0000,,so in case something bad\Nhappens it starts to defibrillate?
Dialogue: 0,0:51:56.30,0:52:02.92,Default,,0000,0000,0000,,M: No, I don't have an ICD,\Nso in my case I'm not getting a shock
Dialogue: 0,0:52:02.92,0:52:06.38,Default,,0000,0000,0000,,in case my heart stops.\NBecause I have a different condition
Dialogue: 0,0:52:06.38,0:52:08.62,Default,,0000,0000,0000,,I only need to have\Nmy rhythm corrected.
Dialogue: 0,0:52:08.62,0:52:11.23,Default,,0000,0000,0000,,But there are other\Ntypes of conditions,
Dialogue: 0,0:52:11.23,0:52:14.42,Default,,0000,0000,0000,,that require pacemakers\Nthat can deliver shocks.
Dialogue: 0,0:52:14.42,0:52:18.13,Default,,0000,0000,0000,,Angel: Ok, one question\Nfrom that microphone there.
Dialogue: 0,0:52:18.13,0:52:20.22,Default,,0000,0000,0000,,Q: Thank you very much.\NAt one point you mentioned
Dialogue: 0,0:52:20.22,0:52:24.87,Default,,0000,0000,0000,,that the connectivity in you\Npacemaker is off. For now.
Dialogue: 0,0:52:24.87,0:52:28.90,Default,,0000,0000,0000,,And, is that something, that patients\Nare asked during the process,
Dialogue: 0,0:52:28.90,0:52:32.17,Default,,0000,0000,0000,,or is that something,\Npatients have to require?
Dialogue: 0,0:52:32.17,0:52:35.53,Default,,0000,0000,0000,,And generally: What role\Ndo you see for the choice
Dialogue: 0,0:52:35.53,0:52:39.43,Default,,0000,0000,0000,,not to have any connectivity\Nor any security for that matter,
Dialogue: 0,0:52:39.43,0:52:41.87,Default,,0000,0000,0000,,that technology would\Nmake available to you?
Dialogue: 0,0:52:41.87,0:52:47.12,Default,,0000,0000,0000,,So, how do you see the possibility\Nto choose a more risky life
Dialogue: 0,0:52:47.12,0:52:49.64,Default,,0000,0000,0000,,in terms of trading in\Nfor privacy, whatever?
Dialogue: 0,0:52:49.64,0:52:52.31,Default,,0000,0000,0000,,M: Yeah, I think that's\Nreally a relevant question.
Dialogue: 0,0:52:52.31,0:52:58.13,Default,,0000,0000,0000,,As we mentioned\Nin the social contract,
Dialogue: 0,0:52:58.13,0:53:03.64,Default,,0000,0000,0000,,I really would like, that the doctors\Ninformed patients about
Dialogue: 0,0:53:03.64,0:53:07.93,Default,,0000,0000,0000,,their different wireless interfaces\Nand that there's an informed decision
Dialogue: 0,0:53:07.93,0:53:10.96,Default,,0000,0000,0000,,whether or not to switch it on.
Dialogue: 0,0:53:10.96,0:53:14.56,Default,,0000,0000,0000,,So, in my case, I don't\Nhave it switched on and ...
Dialogue: 0,0:53:14.56,0:53:17.75,Default,,0000,0000,0000,,I don't need it, so there's no reason\Nwhy I need to have it switched on.
Dialogue: 0,0:53:17.75,0:53:21.76,Default,,0000,0000,0000,,But then, again, why did I get\Nan implant that has this capability?
Dialogue: 0,0:53:21.76,0:53:29.20,Default,,0000,0000,0000,,I should have had the option of\Nopting out of it, but I didn't get that.
Dialogue: 0,0:53:29.20,0:53:31.98,Default,,0000,0000,0000,,They didn't ask me, or they\Ndidn't inform me of that,
Dialogue: 0,0:53:31.98,0:53:34.72,Default,,0000,0000,0000,,before I got the implant.\NIt was chosen for me.
Dialogue: 0,0:53:34.72,0:53:40.74,Default,,0000,0000,0000,,And at that time I hadn't looked\Ninto the security of medical devices,
Dialogue: 0,0:53:40.74,0:53:43.47,Default,,0000,0000,0000,,and I needed to\Nhave the implant,
Dialogue: 0,0:53:43.47,0:53:46.20,Default,,0000,0000,0000,,so I couldn't really make\Nan informed decision.
Dialogue: 0,0:53:46.20,0:53:49.14,Default,,0000,0000,0000,,A lot of patients that are,\Nlike, older and not so...
Dialogue: 0,0:53:49.14,0:53:55.24,Default,,0000,0000,0000,,that don't really understand\Nthe technology,
Dialogue: 0,0:53:55.24,0:54:00.04,Default,,0000,0000,0000,,they can't make that\Ninformed decision, like I can.
Dialogue: 0,0:54:00.04,0:54:02.59,Default,,0000,0000,0000,,So, it's really a\Ncomplex issue
Dialogue: 0,0:54:02.59,0:54:06.48,Default,,0000,0000,0000,,and something that we\Nneed to discuss more.
Dialogue: 0,0:54:06.48,0:54:09.27,Default,,0000,0000,0000,,Angel: Ok, another\Nquestion from there.
Dialogue: 0,0:54:09.27,0:54:11.49,Default,,0000,0000,0000,,Q: Yeah, thanks.
Dialogue: 0,0:54:11.49,0:54:14.43,Default,,0000,0000,0000,,As a hacker, connected personally
Dialogue: 0,0:54:14.43,0:54:19.29,Default,,0000,0000,0000,,and professionally\Nto the medical world:
Dialogue: 0,0:54:19.29,0:54:25.30,Default,,0000,0000,0000,,How can I educate doctors,\Nnurses, medical people
Dialogue: 0,0:54:25.30,0:54:30.53,Default,,0000,0000,0000,,about the security risks presented\Nby connected medical devices?
Dialogue: 0,0:54:30.53,0:54:34.87,Default,,0000,0000,0000,,What can I tell them?\NDo you have something
Dialogue: 0,0:54:34.87,0:54:37.67,Default,,0000,0000,0000,,from your own experience\NI could somehow ...
Dialogue: 0,0:54:37.67,0:54:42.23,Default,,0000,0000,0000,,M: Yeah, so, the issue of\Nsoftware bugs in the devices
Dialogue: 0,0:54:42.23,0:54:48.22,Default,,0000,0000,0000,,I think is a real scenario\Nthat can happen and ...
Dialogue: 0,0:54:48.22,0:54:50.38,Default,,0000,0000,0000,,E: Yeah, if you can repeat\Nthat story of debugging her,
Dialogue: 0,0:54:50.38,0:54:53.79,Default,,0000,0000,0000,,like, I think, that makes the point.\NAnd then try in adopt that
Dialogue: 0,0:54:53.79,0:54:56.69,Default,,0000,0000,0000,,hygiene-metaphor that we\Nhad before, where, you know,
Dialogue: 0,0:54:56.69,0:54:59.56,Default,,0000,0000,0000,,people didn't believe in germs,\Nand these problems before,
Dialogue: 0,0:54:59.56,0:55:01.99,Default,,0000,0000,0000,,we're in that sort of era,\Nand we're still figuring out
Dialogue: 0,0:55:01.99,0:55:05.17,Default,,0000,0000,0000,,what the scope of potential\Nsecurity and privacy problems are
Dialogue: 0,0:55:05.17,0:55:07.44,Default,,0000,0000,0000,,for medical devices.\NIn the meantime
Dialogue: 0,0:55:07.44,0:55:10.29,Default,,0000,0000,0000,,please be open to new research\Non this subject, right?
Dialogue: 0,0:55:10.29,0:55:12.33,Default,,0000,0000,0000,,And that story is\Na fantastic illustration,
Dialogue: 0,0:55:12.33,0:55:16.98,Default,,0000,0000,0000,,that we don't need evil hacker\Ntyper, you know, bond villain,
Dialogue: 0,0:55:16.98,0:55:22.15,Default,,0000,0000,0000,,we just need failure to debug\Nprogramming station, properly, right?
Dialogue: 0,0:55:22.15,0:55:23.58,Default,,0000,0000,0000,,Q: Thank you very much.
Dialogue: 0,0:55:23.58,0:55:26.15,Default,,0000,0000,0000,,Angel: Ok, another question\Nfrom the internet.
Dialogue: 0,0:55:26.15,0:55:28.51,Default,,0000,0000,0000,,Q: Yes, from the IRC:
Dialogue: 0,0:55:28.51,0:55:34.24,Default,,0000,0000,0000,,'20 years ago it was common,\Nthat a magnet had to be placed
Dialogue: 0,0:55:34.24,0:55:40.30,Default,,0000,0000,0000,,on the patients chest to activate the\Npacemakers remote configuration interface.
Dialogue: 0,0:55:40.30,0:55:42.25,Default,,0000,0000,0000,,Is that no longer the case today?'
Dialogue: 0,0:55:42.25,0:55:45.91,Default,,0000,0000,0000,,E: It's still the case with some devices,\Nbut not with all of them I think.
Dialogue: 0,0:55:45.91,0:55:52.24,Default,,0000,0000,0000,,M: Yeah, it varies between the devices,\Nhow they are programmed and
Dialogue: 0,0:55:52.24,0:55:58.20,Default,,0000,0000,0000,,how long distance you\Ncan be from the device.
Dialogue: 0,0:55:58.20,0:56:02.64,Default,,0000,0000,0000,,Q: Thank you for the talk.\NI've some medical devices
Dialogue: 0,0:56:02.64,0:56:10.22,Default,,0000,0000,0000,,in myself to, an insulin pump and\Nsensors to measure the blood sugar levels,
Dialogue: 0,0:56:10.22,0:56:15.64,Default,,0000,0000,0000,,I'm busy with hacking that and\Nto write the software for myself,
Dialogue: 0,0:56:15.64,0:56:17.94,Default,,0000,0000,0000,,because the *** doesn't\Nhave the software.
Dialogue: 0,0:56:17.94,0:56:24.79,Default,,0000,0000,0000,,Have you ever think about it, to write\Nyour own software for your pacemaker?
Dialogue: 0,0:56:24.79,0:56:27.19,Default,,0000,0000,0000,,E: {\i1}laughing{\i0}\NM: {\i1}laughing{\i0}
Dialogue: 0,0:56:27.19,0:56:33.80,Default,,0000,0000,0000,,M: No, I haven't thought about\Nthat until now. No. {\i1}laughing{\i0}
Dialogue: 0,0:56:33.80,0:56:37.82,Default,,0000,0000,0000,,E: Fantastic, I think that deserves\Na round of applause, though,
Dialogue: 0,0:56:37.82,0:56:40.13,Default,,0000,0000,0000,,because that's exactly\Nwhat we're talking about.
Dialogue: 0,0:56:40.13,0:56:42.34,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:56:42.34,0:56:46.40,Default,,0000,0000,0000,,Angel: Another question\Nfrom there.
Dialogue: 0,0:56:46.40,0:56:52.85,Default,,0000,0000,0000,,Q: First off, I want to say thank you\Nthat you gave this talk, because
Dialogue: 0,0:56:52.85,0:56:55.70,Default,,0000,0000,0000,,once it's quite interesting,\Nbut it's not that talk,
Dialogue: 0,0:56:55.70,0:56:59.87,Default,,0000,0000,0000,,anyone of that is effected could hold,
Dialogue: 0,0:56:59.87,0:57:04.53,Default,,0000,0000,0000,,so, it takes quiet some courage and
Dialogue: 0,0:57:04.53,0:57:06.74,Default,,0000,0000,0000,,I want to say thank you. So
Dialogue: 0,0:57:06.74,0:57:12.37,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:57:12.37,0:57:15.01,Default,,0000,0000,0000,,Secondly, thank you for giving me the
Dialogue: 0,0:57:15.01,0:57:18.35,Default,,0000,0000,0000,,update. I started medical technology but
Dialogue: 0,0:57:18.35,0:57:21.74,Default,,0000,0000,0000,,I finished ten years ago and I didn't work
Dialogue: 0,0:57:21.74,0:57:22.15,Default,,0000,0000,0000,,in the area and it's quiet interesting to
Dialogue: 0,0:57:22.15,0:57:24.02,Default,,0000,0000,0000,,see what happened in the meantime, but
Dialogue: 0,0:57:24.02,0:57:24.80,Default,,0000,0000,0000,,now for my actual question:
Dialogue: 0,0:57:24.80,0:57:28.30,Default,,0000,0000,0000,,You said you got devices on ebay, is it
Dialogue: 0,0:57:28.30,0:57:29.72,Default,,0000,0000,0000,,possible to get the hole
Dialogue: 0,0:57:29.72,0:57:30.98,Default,,0000,0000,0000,,communication chain?
Dialogue: 0,0:57:30.98,0:57:34.68,Default,,0000,0000,0000,,So you can make a sandbox test or ..
Dialogue: 0,0:57:34.68,0:57:37.81,Default,,0000,0000,0000,,M: Yes it's possible to get devices,
Dialogue: 0,0:57:37.81,0:57:40.24,Default,,0000,0000,0000,,it's not so easy to get the pacemaker
Dialogue: 0,0:57:40.24,0:57:42.08,Default,,0000,0000,0000,,itself , it's quite expensive.
Dialogue: 0,0:57:42.08,0:57:44.13,Default,,0000,0000,0000,,E: And even when we get one,
Dialogue: 0,0:57:44.13,0:57:46.31,Default,,0000,0000,0000,,we have some paring issues and like
Dialogue: 0,0:57:46.31,0:57:48.02,Default,,0000,0000,0000,,Marie can't be in the same room , when
Dialogue: 0,0:57:48.02,0:57:49.50,Default,,0000,0000,0000,,we were doing a curtain types of testing
Dialogue: 0,0:57:49.50,0:57:52.91,Default,,0000,0000,0000,,and right, so that last piece is difficult
Dialogue: 0,0:57:52.91,0:57:54.59,Default,,0000,0000,0000,,but the rest of the chain is pretty
Dialogue: 0,0:57:54.59,0:57:56.23,Default,,0000,0000,0000,,available for the research.
Dialogue: 0,0:57:56.23,0:57:57.46,Default,,0000,0000,0000,,Q: Ok, thank you.
Dialogue: 0,0:57:57.46,0:57:59.69,Default,,0000,0000,0000,,Angel: So, time is running out, so we,
Dialogue: 0,0:57:59.69,0:58:02.50,Default,,0000,0000,0000,,only time left for one question and from
Dialogue: 0,0:58:02.50,0:58:03.11,Default,,0000,0000,0000,,there please.
Dialogue: 0,0:58:03.11,0:58:06.34,Default,,0000,0000,0000,,Q: Thank you. I'm also involved in
Dialogue: 0,0:58:06.34,0:58:09.62,Default,,0000,0000,0000,,software quality checks and software qs
Dialogue: 0,0:58:09.62,0:58:13.07,Default,,0000,0000,0000,,here in Germany also\Nwith medical developments
Dialogue: 0,0:58:13.07,0:58:15.90,Default,,0000,0000,0000,,and as far as I know, it is the most
Dialogue: 0,0:58:15.90,0:58:18.58,Default,,0000,0000,0000,,restricted area of developing products
Dialogue: 0,0:58:18.58,0:58:21.18,Default,,0000,0000,0000,,I think in the world,
Dialogue: 0,0:58:21.18,0:58:24.71,Default,,0000,0000,0000,,it's just easier to manipulate software
Dialogue: 0,0:58:24.71,0:58:27.75,Default,,0000,0000,0000,,in a car X-source system or breaking guard
Dialogue: 0,0:58:27.75,0:58:29.59,Default,,0000,0000,0000,,or something like this, where you don't
Dialogue: 0,0:58:29.59,0:58:34.02,Default,,0000,0000,0000,,have to show any testing certificate or
Dialogue: 0,0:58:34.02,0:58:35.94,Default,,0000,0000,0000,,something like this, the FDA is a very
Dialogue: 0,0:58:35.94,0:58:37.98,Default,,0000,0000,0000,,high regulation part there.
Dialogue: 0,0:58:37.98,0:58:41.92,Default,,0000,0000,0000,,Do you have the feeling that it's a
Dialogue: 0,0:58:41.92,0:58:44.59,Default,,0000,0000,0000,,general issue that patients do not have
Dialogue: 0,0:58:44.59,0:58:47.67,Default,,0000,0000,0000,,access to these FDA compliant tests and
Dialogue: 0,0:58:47.67,0:58:48.80,Default,,0000,0000,0000,,software q-a-systems?
Dialogue: 0,0:58:48.80,0:58:53.33,Default,,0000,0000,0000,,M: Yeah, I think that we should have
Dialogue: 0,0:58:53.33,0:58:56.16,Default,,0000,0000,0000,,more openness and more transparency
Dialogue: 0,0:58:56.16,0:58:58.32,Default,,0000,0000,0000,,about, around this issues , really.
Dialogue: 0,0:58:58.32,0:59:01.68,Default,,0000,0000,0000,,E: I mean, it's fantastic you do quality
Dialogue: 0,0:59:01.68,0:59:03.06,Default,,0000,0000,0000,,assurance, i used to be in quality assurance
Dialogue: 0,0:59:03.06,0:59:06.26,Default,,0000,0000,0000,,at a large cooperation and I got tiered
Dialogue: 0,0:59:06.26,0:59:08.62,Default,,0000,0000,0000,,and landed in strategy and pen testing and
Dialogue: 0,0:59:08.62,0:59:10.42,Default,,0000,0000,0000,,then I just thought of myself as paramilitary
Dialogue: 0,0:59:10.42,0:59:11.13,Default,,0000,0000,0000,,quality assurence , ..
Dialogue: 0,0:59:11.13,0:59:15.87,Default,,0000,0000,0000,,now I just do it on ever I wanne test, so
Dialogue: 0,0:59:15.87,0:59:17.79,Default,,0000,0000,0000,,thank you for doing q-a and keep doing it
Dialogue: 0,0:59:17.79,0:59:19.79,Default,,0000,0000,0000,,and hopefull you don't have to many regulations
Dialogue: 0,0:59:19.79,0:59:21.57,Default,,0000,0000,0000,,but companies sharing more of this
Dialogue: 0,0:59:21.57,0:59:23.59,Default,,0000,0000,0000,,information, its really the transparency
Dialogue: 0,0:59:23.59,0:59:25.37,Default,,0000,0000,0000,,and the discussion, the open dialogue
Dialogue: 0,0:59:25.37,0:59:28.07,Default,,0000,0000,0000,,with patients and doctor and a vendor is
Dialogue: 0,0:59:28.07,0:59:30.65,Default,,0000,0000,0000,,really what we wanna focus on and make
Dialogue: 0,0:59:30.65,0:59:32.84,Default,,0000,0000,0000,,our final note ?\NM: Yeah.
Dialogue: 0,0:59:32.84,0:59:35.57,Default,,0000,0000,0000,,M: We see some problems already
Dialogue: 0,0:59:35.57,0:59:37.54,Default,,0000,0000,0000,,the last year, the MI Undercover Group has
Dialogue: 0,0:59:37.54,0:59:42.04,Default,,0000,0000,0000,,had some great progress on having good
Dialogue: 0,0:59:42.04,0:59:46.39,Default,,0000,0000,0000,,discussions with the FDA and also involving
Dialogue: 0,0:59:46.39,0:59:49.09,Default,,0000,0000,0000,,the medical device vendors in the discussions
Dialogue: 0,0:59:49.09,0:59:51.44,Default,,0000,0000,0000,,about cyber security of medical devices
Dialogue: 0,0:59:51.44,0:59:52.85,Default,,0000,0000,0000,,and implants. so thats great and I hope
Dialogue: 0,0:59:52.85,0:59:54.80,Default,,0000,0000,0000,,that this will be even better the next year.
Dialogue: 0,0:59:54.80,0:59:57.17,Default,,0000,0000,0000,,E: And I think you wanne to say
Dialogue: 0,0:59:57.17,0:59:59.00,Default,,0000,0000,0000,,one more thing to congress before we leave
Dialogue: 0,0:59:59.00,0:59:59.49,Default,,0000,0000,0000,,which is:
Dialogue: 0,0:59:59.49,1:00:01.28,Default,,0000,0000,0000,,M: Hack to save lives!
Dialogue: 0,1:00:01.28,1:00:04.71,Default,,0000,0000,0000,,{\i1}applaus{\i0}
Dialogue: 0,1:00:04.71,1:00:09.43,Default,,0000,0000,0000,,♪ postroll music ♪
Dialogue: 0,1:00:09.43,1:00:16.00,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\NJoin, and help us!