0:00:00.350,0:00:03.999
♪ preroll music ♪

0:00:03.999,0:00:10.940
Angel: The next talk will start now

0:00:10.940,0:00:12.830
and will be 'Unpatchable -

0:00:12.830,0:00:15.250
living with a vulnerable[br]implanted device'

0:00:15.250,0:00:18.240
by Dr. Marie Moe and Eireann Leverett.

0:00:18.240,0:00:22.180
Give them a warm round[br]of applause please.

0:00:22.180,0:00:29.040
<i>applause</i>

0:00:33.300,0:00:38.799
<i>heart monitor beep sounds start</i>

0:00:38.799,0:00:40.489
So, we are here today

0:00:40.489,0:00:41.760
to talk to you about a subject

0:00:41.760,0:00:44.530
that is really close to my heart.

0:00:44.530,0:00:46.350
I have a medical implant.

0:00:46.350,0:00:48.969
A pacemaker, that is generating

0:00:48.969,0:00:51.690
every single beat of my heart.

0:00:51.690,0:00:56.079
But how can I trust my own heart,

0:00:56.079,0:00:58.350
when it's being controlled by a machine,

0:00:58.350,0:01:00.329
running a proprietary code,

0:01:00.329,0:01:03.530
and there is no transparency?

0:01:03.530,0:01:05.570
So I'm a patient,

0:01:05.570,0:01:08.630
but I'm also a security researcher.

0:01:08.630,0:01:10.860
I'm a hacker, because I like

0:01:10.860,0:01:13.390
to figure out how things work.

0:01:13.390,0:01:15.009
That's why I started a project

0:01:15.009,0:01:16.340
on breaking my own heart,

0:01:16.340,0:01:17.299
together with Eireann

0:01:17.299,0:01:19.799
and a couple of friends.

0:01:19.799,0:01:22.719
Because I really want to know

0:01:22.719,0:01:24.270
what protocols are running

0:01:24.270,0:01:27.259
in this machine inside my body.

0:01:27.259,0:01:29.429
Is the crypto correctly implemented?

0:01:29.429,0:01:32.979
Does it even have crypto?

0:01:34.939,0:01:38.140
So I'm here to inspire you today.

0:01:38.140,0:01:40.880
I want more people[br]to hack to save lives.

0:01:40.880,0:01:44.049
Because we are all becoming

0:01:44.049,0:01:47.990
more and more dependent on machines.

0:01:47.990,0:01:49.999
Maybe some of you in the audience

0:01:49.999,0:01:51.929
also have medical implants,

0:01:51.929,0:01:52.840
maybe you know someone

0:01:52.840,0:01:57.839
that's also depending on[br]medical implants

0:01:57.839,0:02:00.119
Imagine that this is your heartbeat

0:02:00.119,0:02:04.380
and it's being controlled by a device.

0:02:04.380,0:02:06.350
A device, that might fail.

0:02:06.350,0:02:09.680
Due to software bugs,

0:02:09.680,0:02:11.820
due to hardware failures.

0:02:11.820,0:02:14.490
<i>additional background sound:[br]real heartbeat</i>

0:02:14.490,0:02:17.690
Wouldn't you also like to know

0:02:17.690,0:02:21.390
if it has security vulnerabilities?

0:02:21.390,0:02:23.680
If it can be trusted?

0:02:26.950,0:02:32.110
<i>sounds stop</i>[br]<i>beeeeep</i>

0:02:32.110,0:02:35.940
E: Something to think about, right?

0:02:35.940,0:02:37.230
M: Yeah.

0:02:37.230,0:02:40.140
E: Marie is an incredibly[br]brave women.

0:02:40.140,0:02:42.940
When she asked me to give this talk

0:02:42.940,0:02:44.640
it made me nervous, right?

0:02:44.640,0:02:46.760
It's such a personal story.

0:02:46.760,0:02:48.860
Such a journey as well.

0:02:48.860,0:02:49.880
And she's gonna talk to you

0:02:49.880,0:02:51.460
about a lot of things, right?

0:02:51.460,0:02:53.640
Not just hacking medical devices

0:02:53.640,0:02:54.950
from a safety point of view

0:02:54.950,0:02:57.510
but also some of the[br]privacy concerns,

0:02:57.510,0:02:59.050
some of the transparency concerns,

0:02:59.050,0:03:01.280
some of the consent concerns.

0:03:01.280,0:03:03.420
So, there's a lot to get trough

0:03:03.420,0:03:05.140
in the next hour.

0:03:05.140,0:03:07.200
But I think you're gonna enjoy it

0:03:07.200,0:03:08.110
quite a lot.

0:03:08.110,0:03:10.890
M: So, let me tell you

0:03:10.890,0:03:13.110
the story about my heart.

0:03:13.110,0:03:14.730
So, 4 years ago

0:03:14.730,0:03:17.590
I got my medical implant.

0:03:17.590,0:03:21.010
It was a kind of emergency situation

0:03:21.010,0:03:22.950
because my heart was starting to beat

0:03:22.950,0:03:24.200
really slow,

0:03:24.200,0:03:26.110
so i needed to have the pacemaker.

0:03:26.110,0:03:28.580
I had no choice.

0:03:28.580,0:03:31.180
After I got the implant,

0:03:31.180,0:03:32.690
since I was a security researcher,

0:03:32.690,0:03:33.630
of course I started to

0:03:33.630,0:03:36.520
look up information about how it worked.

0:03:36.520,0:03:38.000
And I googled for information.

0:03:38.000,0:03:40.440
I found a technical manual

0:03:40.440,0:03:41.290
of my pacemaker

0:03:41.290,0:03:43.750
and I started to read it.

0:03:43.750,0:03:45.930
And i was quite surprised

0:03:45.930,0:03:47.520
when I learned that

0:03:47.520,0:03:51.580
my pacemaker has 2 wireless interfaces.

0:03:51.580,0:03:54.870
There is one interface, that is really

0:03:54.870,0:03:56.490
close field communication,

0:03:56.490,0:03:58.730
near field communication

0:03:58.730,0:04:01.180
that is being used when I'm at checkups

0:04:01.180,0:04:03.150
at the hospital,

0:04:03.150,0:04:05.550
where the technician,

0:04:05.550,0:04:07.510
the pacemaker technician or doctor

0:04:07.510,0:04:10.030
uses a programming device

0:04:10.030,0:04:11.820
and places it

0:04:11.820,0:04:14.410
really close to my pacemaker.

0:04:14.410,0:04:16.620
And it's possible to use that

0:04:16.620,0:04:19.608
communication to adjust the settings.

0:04:19.608,0:04:21.560
But it also has another

0:04:21.560,0:04:22.530
wireless interface,

0:04:22.530,0:04:24.940
that I was not aware of,

0:04:24.940,0:04:28.390
that I was not informed of[br]as a patient.

0:04:28.390,0:04:30.810
It has a possibility for remote monitoring

0:04:30.810,0:04:31.970
or telemetry,

0:04:31.970,0:04:35.880
where you can have an[br]access point in your house

0:04:35.880,0:04:37.010
that will communicate

0:04:37.010,0:04:39.430
with the pacemaker

0:04:39.430,0:04:41.940
at a couple of meters distance.

0:04:41.940,0:04:44.320
And it can collect logs from the pacemaker

0:04:44.320,0:04:46.160
and send them to a server

0:04:46.160,0:04:47.880
at the vendor.

0:04:47.880,0:04:48.870
And there is a web interface

0:04:48.870,0:04:50.150
where the doctor can log in

0:04:50.150,0:04:52.880
and retrieve my information.

0:04:52.880,0:04:54.790
And I have no access the data

0:04:54.790,0:04:56.260
that is being collected

0:04:56.260,0:04:57.970
by my device.

0:04:57.970,0:04:59.860
E: So imagine for a moment

0:04:59.860,0:05:02.240
that you are buying a new phone

0:05:02.240,0:05:03.600
or buying a new laptop.

0:05:03.600,0:05:04.860
You would do your homework, right?

0:05:04.860,0:05:07.000
You would understand[br]what interfaces where there.

0:05:07.000,0:05:09.830
But in Marie's case she's just

0:05:09.830,0:05:12.040
given a device,[br]and then later she gets

0:05:12.040,0:05:13.950
to go and read the manual, right?

0:05:13.950,0:05:16.790
So she's the epitome[br]of a informed consumer

0:05:16.790,0:05:17.850
in this space

0:05:17.850,0:05:20.070
and we want a lot more[br]informed consumers

0:05:20.070,0:05:20.780
in this space,

0:05:20.780,0:05:22.360
which is why we are giving this talk.

0:05:22.360,0:05:23.830
Now, I don't know about you,

0:05:23.830,0:05:25.750
but I'm used to hacking

0:05:25.750,0:05:26.790
industrial systems.

0:05:26.790,0:05:29.200
I haven't done as[br]much medical research

0:05:29.200,0:05:30.060
in the past.

0:05:30.060,0:05:31.940
So, when I first[br]started this project

0:05:31.940,0:05:33.270
I knew literally nothing

0:05:33.270,0:05:35.020
about Marie's heart.

0:05:35.020,0:05:35.980
Or even my own.

0:05:35.980,0:05:38.750
And she had to teach me[br]how the heart works

0:05:38.750,0:05:40.290
and how her pacemaker works.

0:05:40.290,0:05:42.660
So, would you mind explaining

0:05:42.660,0:05:44.550
some details to the audience[br]that will be relevant

0:05:44.550,0:05:45.930
through the rest of the presentation?

0:05:45.930,0:05:48.290
M: Actually I think[br]we're going to show you

0:05:48.290,0:05:50.100
a video of[br]how the heart works.

0:05:50.100,0:05:53.250
So, it's a little bit of[br]biology introduction here

0:05:53.250,0:05:57.630
before we start[br]with the technical details.

0:05:57.630,0:06:01.070
So, this.. play the video.

0:06:01.070,0:06:03.480
Video: A normal heart beat rate

0:06:03.480,0:06:07.470
and rhythm is called[br]'Normal Sinus Rhythm'.

0:06:07.470,0:06:09.010
The heart's pumping action

0:06:09.010,0:06:11.240
is driven by electrical stimulation

0:06:11.240,0:06:13.570
within the heart muscle.

0:06:13.570,0:06:15.139
the heart's electrical system

0:06:15.139,0:06:17.120
allows it to beat in an

0:06:17.120,0:06:20.230
organized, synchronized pattern.

0:06:20.230,0:06:21.360
Every normal heart beat

0:06:21.360,0:06:23.400
has 4 steps.

0:06:23.400,0:06:24.810
Step 1:

0:06:24.810,0:06:27.150
As blood flows into the heart

0:06:27.150,0:06:28.360
an electrical impulse

0:06:28.360,0:06:31.240
from an upper area of the right atrium

0:06:31.240,0:06:33.700
also known as the sinus node

0:06:33.700,0:06:35.900
causes the atria to contract.

0:06:35.900,0:06:38.139
When the atria contract

0:06:38.139,0:06:39.460
they squeeze the blood

0:06:39.460,0:06:41.930
into the ventricles.

0:06:41.930,0:06:43.020
Step 3:

0:06:43.020,0:06:45.020
There is a very short pause

0:06:45.020,0:06:48.060
only about a fraction of a second.

0:06:48.060,0:06:49.200
and Step 4:

0:06:49.200,0:06:51.020
The ventricles contract

0:06:51.020,0:06:55.590
pumping the blood to the body.

0:06:55.590,0:06:56.860
A heart normally beats

0:06:56.860,0:07:00.930
between 60-100 times/min.

0:07:00.930,0:07:02.120
Electrical signals in your heart

0:07:02.120,0:07:04.830
can become blocked or irregular,

0:07:04.830,0:07:05.610
causing a disruption

0:07:05.610,0:07:08.120
in your hearts normal rhythm.

0:07:08.120,0:07:10.070
When the heart's rhythm is too fast,

0:07:10.070,0:07:12.900
too slow or out of order,

0:07:12.900,0:07:14.490
an arrhythmia,

0:07:14.490,0:07:18.520
also called a rhythm disorder occurs.

0:07:18.520,0:07:20.639
When your heart beats out of rhythm,

0:07:20.639,0:07:22.180
it may not deliver enough blood

0:07:22.180,0:07:24.790
to your body.

0:07:24.790,0:07:26.180
Rhythm disorders can be caused

0:07:26.180,0:07:27.800
by a number of factors

0:07:27.800,0:07:30.710
including disease, heredity,

0:07:30.710,0:07:33.590
medications or other factors.

0:07:33.590,0:07:37.390
E: So for those of you[br]who are already aware of that,

0:07:37.390,0:07:38.130
apologies.

0:07:38.130,0:07:39.380
But I needed to learn that.

0:07:39.380,0:07:40.280
I needed to learn the basics

0:07:40.280,0:07:41.980
before we even got started, right?

0:07:41.980,0:07:43.940
So...

0:07:43.940,0:07:47.199
M: So this is a diagram of the

0:07:47.199,0:07:50.169
electrical system of the heart.

0:07:50.169,0:07:52.310
So, as you see,[br]this is the sinus node

0:07:52.310,0:07:54.169
that is generating the pulse.

0:07:54.169,0:07:56.290
And in my case

0:07:56.290,0:07:58.850
I had a problem with the signal

0:07:58.850,0:08:01.520
being generated by the sinus node

0:08:01.520,0:08:05.090
not reaching the lower[br]heart chamber.

0:08:05.090,0:08:10.640
It's something called an AV block[br]or a heart block

0:08:10.640,0:08:13.580
So, occasionally this will cause

0:08:13.580,0:08:17.080
an arrhythmia that makes[br]the heart pause.

0:08:17.080,0:08:18.320
If you don't have a heart beat

0:08:18.320,0:08:20.180
for, like ... 8-10 seconds,

0:08:20.180,0:08:22.000
you lose your consciousness.

0:08:22.000,0:08:24.260
And that was, what happened to me.

0:08:24.260,0:08:25.620
I just suddenly found myself

0:08:25.620,0:08:27.010
lying on the floor

0:08:27.010,0:08:28.910
and I didn't remember how I got there.

0:08:28.910,0:08:31.180
And it turned out that it was my heart

0:08:31.180,0:08:34.009
that had taken a break.

0:08:34.009,0:08:36.899
So that's how I discovered

0:08:36.899,0:08:38.519
that I had this issue.

0:08:38.519,0:08:40.899
So, this is where the signal is blocked

0:08:40.899,0:08:44.279
on the way down to the lower heart chamber

0:08:44.279,0:08:45.639
But there's a backup function

0:08:45.639,0:08:50.600
in the heart that can make

0:08:50.600,0:08:52.110
a so called backup pulse.

0:08:52.110,0:08:54.759
And I had that backup pulse

0:08:54.759,0:08:57.209
when I went to the[br]emergency room.

0:08:57.209,0:08:59.579
So I had a pulse[br]around 30-40 beats/min.

0:08:59.579,0:09:03.100
And that's generated by some cells

0:09:03.100,0:09:05.449
in the lower heart chamber.

0:09:05.449,0:09:08.259
So, after I got the pacemaker

0:09:08.259,0:09:09.329
my heart started to become

0:09:09.329,0:09:10.449
a little bit more lazy.

0:09:10.449,0:09:12.220
So it is not certain,

0:09:12.220,0:09:14.040
that I will have this backup pulse

0:09:14.040,0:09:16.959
anymore if the pacemaker[br]stops working.

0:09:16.959,0:09:17.990
So currently

0:09:17.990,0:09:22.490
my heart is 100% running[br]on the pacemaker.

0:09:22.490,0:09:27.079
So, let's also look at[br]how the pacemaker works.

0:09:27.079,0:09:29.899
I have another video of that.

0:09:29.899,0:09:31.670
So, this is my little friend

0:09:31.670,0:09:34.449
that is running my heart.

0:09:34.449,0:09:38.279
Video: A pacemaker[br]is a miniaturized computer

0:09:38.279,0:09:40.990
that is used to treat[br]a slow heart beat.

0:09:40.990,0:09:42.699
It is about the size

0:09:42.699,0:09:45.449
of a couple of stacked silver dollars

0:09:45.449,0:09:49.110
and weights approximately 17-25 grams.

0:09:49.110,0:09:52.050
It is usually surgically placed

0:09:52.050,0:09:54.449
or implanted just under the skin

0:09:54.449,0:09:57.119
in the chest area.

0:09:57.119,0:09:59.720
The device sends[br]a tiny electrical pulse

0:09:59.720,0:10:01.730
down a thin coated wire,

0:10:01.730,0:10:04.699
called a lead, into your heart.

0:10:04.699,0:10:07.209
This stimulates the heart to beat.

0:10:07.209,0:10:09.490
This impulses are very tiny

0:10:09.490,0:10:12.499
and most people[br]do not feel them.

0:10:12.499,0:10:13.929
While the device[br]helps your heart

0:10:13.929,0:10:15.529
maintain its rhythm,

0:10:15.529,0:10:17.009
it also stores information

0:10:17.009,0:10:18.369
about your heart that can be

0:10:18.369,0:10:20.209
retrieved by your doctor

0:10:20.209,0:10:21.990
to program the device.

0:10:21.990,0:10:23.629
E: Remember that!

0:10:23.629,0:10:26.309
M: Yeah... Did you see

0:10:26.309,0:10:28.509
the ones and zeros at the end

0:10:28.509,0:10:29.459
of the video?

0:10:29.459,0:10:31.240
That's what we want[br]to know more about.

0:10:31.240,0:10:33.179
Because this information

0:10:33.179,0:10:35.230
that is being collected[br]by the pacemaker,

0:10:35.230,0:10:36.629
how it works,

0:10:36.629,0:10:38.749
how the code looks like,

0:10:38.749,0:10:40.119
it's all closed source,

0:10:40.119,0:10:42.119
it's all proprietary information.

0:10:42.119,0:10:44.540
And that's why we need more

0:10:44.540,0:10:45.579
security researchers,

0:10:45.579,0:10:48.579
we need more 3rd party testing,

0:10:48.579,0:10:52.209
to be sure that we can trust this code.

0:10:52.209,0:10:53.689
E: And you can imagine that

0:10:53.689,0:10:56.029
we're doing some of[br]this research as well.

0:10:56.029,0:10:58.209
But I'm not gonna break[br]Marie's heart on stage,

0:10:58.209,0:10:59.189
I'm not gonna drop 0-day

0:10:59.189,0:11:00.600
on some medical devices,

0:11:00.600,0:11:02.999
so if you came for that,

0:11:02.999,0:11:04.300
it's not worth staying.

0:11:04.300,0:11:05.379
The rest of the presentation

0:11:05.379,0:11:06.990
will be about some of[br]the things we found

0:11:06.990,0:11:07.779
and how this works and

0:11:07.779,0:11:09.529
how you might approach this research.

0:11:09.529,0:11:11.629
And some of the people[br]who did this research before,

0:11:11.629,0:11:12.279
because there's plenty of others,

0:11:12.279,0:11:13.429
and we like to give a shout-out

0:11:13.429,0:11:16.319
to those who've done[br]great research in advance.

0:11:16.319,0:11:18.730
But essentially this point is

0:11:18.730,0:11:19.589
very relevant.

0:11:19.589,0:11:21.179
That the internet[br]of medical things

0:11:21.179,0:11:22.850
is already here.

0:11:22.850,0:11:24.899
And Marie is wired into it.

0:11:24.899,0:11:27.059
She's a bit younger than the average

0:11:27.059,0:11:30.339
pacemaker patient, but, you know,

0:11:30.339,0:11:31.759
she was thrust into this situation

0:11:31.759,0:11:33.249
where she had to think about things

0:11:33.249,0:11:34.269
in a very different way.

0:11:34.269,0:11:36.449
Like, you did a Masters,[br]breaking crypto,

0:11:36.449,0:11:39.059
and also a PHD in Information Security.

0:11:39.059,0:11:40.899
Did you imagine, that[br]things you learned

0:11:40.899,0:11:42.709
about SSH and[br]network security

0:11:42.709,0:11:46.689
might one day apply to your[br]heart and your own body?

0:11:46.689,0:11:49.579
M: No, I never[br]figured out that

0:11:49.579,0:11:52.910
my research would eventually[br]end up inside my own body.

0:11:52.910,0:11:55.269
That's something I never[br]thought about.

0:11:55.269,0:11:57.649
And also, there's a lot of

0:11:57.649,0:12:00.110
people that don't think about

0:12:00.110,0:12:02.610
how the medical devices[br]actually work.

0:12:02.610,0:12:04.860
So, when I asked this question

0:12:04.860,0:12:06.470
to health care professionals

0:12:06.470,0:12:08.529
they look at me like I'm crazy,

0:12:08.529,0:12:11.189
they don't ... they have never[br]thought about this before.

0:12:11.189,0:12:14.699
That there's actually code[br]inside my body

0:12:14.699,0:12:16.360
and someone has[br]programmed it,

0:12:16.360,0:12:18.259
someone has[br]written this code.

0:12:18.259,0:12:20.350
And, did they think[br]about, that this

0:12:20.350,0:12:23.290
would actually control[br]someone's life,

0:12:23.290,0:12:27.389
and be my own personal[br]critical infrastructure?

0:12:28.719,0:12:31.009
E: Yeah, personal[br]infrastructure, right?

0:12:31.009,0:12:33.189
On a physical level.

0:12:33.189,0:12:35.220
And also, I think, it's...

0:12:35.220,0:12:37.679
You know, the point that you made[br]is important to reiterate,

0:12:37.679,0:12:38.629
that you go and see your doctor

0:12:38.629,0:12:40.360
and you ask these questions about

0:12:40.360,0:12:42.040
whether anyone can hack into my heart

0:12:42.040,0:12:44.050
and they probably look[br]at you and go like

0:12:44.050,0:12:46.600
'Don't you worry your pretty[br]little head about that', right?

0:12:46.600,0:12:47.589
But Marie used to head up

0:12:47.589,0:12:49.949
the Norwegian computer[br]emergency response team

0:12:49.949,0:12:50.720
for a couple of years

0:12:50.720,0:12:52.610
and knows a lot of hackers

0:12:52.610,0:12:54.790
and knows what she's[br]talking about, right?

0:12:54.790,0:12:57.199
So, when she asked her doctor[br]these questions,

0:12:57.199,0:12:58.819
they're very legitimate questions.

0:12:58.819,0:13:01.449
And the doctors probably[br]don't know anything about code,

0:13:01.449,0:13:02.970
but they need to move[br]towards a place

0:13:02.970,0:13:05.459
where they can answer[br]those questions with some

0:13:05.459,0:13:08.079
honesty and certainty and[br]treat them with the dignity

0:13:08.079,0:13:10.569
that they deserve.

0:13:10.569,0:13:11.670
Should we show them[br]a little bit more

0:13:11.670,0:13:13.980
about the total ecosystem[br]of devices

0:13:13.980,0:13:16.649
that we are talking about,[br]at least in this particular talk?

0:13:16.649,0:13:18.629
M: Yeah.

0:13:18.629,0:13:21.929
E: So, this was[br]all new to me.

0:13:21.929,0:13:24.970
I mean I've moved around[br]in networks and done some

0:13:24.970,0:13:27.519
penetration testing and[br]some stuff in the past,

0:13:27.519,0:13:31.540
but I didn't know much about[br]implantable medical devices.

0:13:31.540,0:13:34.360
So, we've got a couple[br]of them there.

0:13:34.360,0:13:38.339
The ICD, which is the[br]in-cardio-defibrillator,

0:13:38.339,0:13:40.360
that's some of the work[br]that you saw from Barnaby Jack

0:13:40.360,0:13:41.629
which we will mention later,

0:13:41.629,0:13:43.170
was on those particular devices,

0:13:43.170,0:13:45.299
We've got the pacemakers[br]and of course other devices

0:13:45.299,0:13:47.269
could be in this diagram as well.

0:13:47.269,0:13:49.079
Like, we could be talking[br]about insulin pumps

0:13:49.079,0:13:51.329
or other things in the future.

0:13:51.329,0:13:54.619
The device itself speaks[br]to box number 2,

0:13:54.619,0:13:56.389
which we will tell you a little bit[br]more about in a moment,

0:13:56.389,0:13:59.799
using a protocol, commonly[br]referred to as 'MICS'.

0:13:59.799,0:14:02.209
A number of different[br]devices use this

0:14:02.209,0:14:06.170
Medical Implant[br]Communication Service.

0:14:06.170,0:14:08.649
And Marie shocked me yesterday

0:14:08.649,0:14:10.589
when she found[br]a couple devices

0:14:10.589,0:14:15.799
that potentially use Bluetooth. <i>sighing</i>[br]<i>laughter</i>

0:14:15.799,0:14:19.610
So, would you like to tell them[br]a little bit more about the access point,

0:14:19.610,0:14:20.709
and I'll join in?

0:14:20.709,0:14:23.889
M: Yeah, so, the access[br]point is the device

0:14:23.889,0:14:27.369
that you can typically have[br]on your bed stand

0:14:27.369,0:14:32.209
and that will, depending[br]on your configuration,

0:14:32.209,0:14:35.249
contact your pacemaker[br]as regular intervals,

0:14:35.249,0:14:37.509
e.g. once during the night.

0:14:37.509,0:14:41.499
It will start a communication[br]with the pacemaker,

0:14:41.499,0:14:43.209
couple of meters distance,

0:14:43.209,0:14:44.249
and will start[br]collecting logs.

0:14:44.249,0:14:47.160
And this logs will[br]then be sent,

0:14:47.160,0:14:51.999
it can be via SMS[br]or other means,

0:14:51.999,0:14:53.730
to a server.

0:14:53.730,0:14:58.569
So, there's a lot of my[br]personal information

0:14:58.569,0:15:02.049
that can end up different[br]places in this diagram.

0:15:02.049,0:15:05.679
So, of course it's[br]in my own device,

0:15:05.679,0:15:10.079
it will be then communicated[br]via this access point

0:15:10.079,0:15:10.889
and also then

0:15:10.889,0:15:14.179
via the cellular network.

0:15:14.179,0:15:19.989
And then it will also be stored[br]in the telemetry server.

0:15:19.989,0:15:24.519
Potentially when I go[br]for the checkups

0:15:24.519,0:15:28.939
my personal information will[br]also end up in my

0:15:28.939,0:15:29.730
doctor workstation

0:15:29.730,0:15:36.639
or in the electronic[br]patient records.

0:15:36.639,0:15:40.049
And there's a lot of things[br]that can go wrong there.

0:15:40.049,0:15:42.100
E: Yeah, you[br]can see, it's using

0:15:42.100,0:15:46.949
famously secure methods[br]of communication

0:15:46.949,0:15:51.639
that have never been backdoored or[br]compromised by anyone ever before,

0:15:51.639,0:15:56.139
even here at this conference,[br]probably even this time around.

0:15:56.139,0:15:59.850
So these are some things[br]that are concerning.

0:15:59.850,0:16:03.439
The data also travels often[br]to other countries

0:16:03.439,0:16:05.199
and so there are questions[br]about the jurisdiction

0:16:05.199,0:16:09.689
in terms of privacy laws[br]in terms of some of this data.

0:16:09.689,0:16:13.049
And some of you can go and[br]look deeper into that as well.

0:16:13.049,0:16:15.439
The telemetry store thing[br]I think is important,

0:16:15.439,0:16:20.009
some of this is a telemetry store,[br]such as the server at the vendor.

0:16:20.009,0:16:21.709
So the vendor owns some[br]machines somewhere

0:16:21.709,0:16:23.859
that collect data[br]from Marie's heart.

0:16:23.859,0:16:26.910
So you can imagine she goes to see her[br]doctor and the doctor is like:

0:16:26.910,0:16:30.649
'Hey, Marie, last weekend, did you, ...[br]run a half marathon or something?'

0:16:30.649,0:16:32.839
And she hasn't told him, right?

0:16:32.839,0:16:35.410
Like, he just can look[br]at the data and see,

0:16:35.410,0:16:38.529
that her heart rate was up[br]for a couple hours.

0:16:38.529,0:16:40.609
That's true though, right? You[br]did actually run a half marathon.

0:16:40.609,0:16:43.639
M: Yeah, I did run a half marathon.[br]<i>laughing</i>

0:16:43.639,0:16:46.829
E: So, the telemetry[br]store is one part,

0:16:46.829,0:16:48.420
but there's also the[br]doctors work station

0:16:48.420,0:16:50.579
which contains a lot of[br]this medical data.

0:16:50.579,0:16:54.040
So, from privacy perspective[br]that's part of the attack surface.

0:16:54.040,0:16:55.489
But there's also the programmers, right?

0:16:55.489,0:16:57.879
There's the device's programmers.

0:16:57.879,0:17:00.850
So that's an interesting point, that[br]I hope a lot of you are interested in

0:17:00.850,0:17:04.929
already, that there[br]is a programmer

0:17:04.929,0:17:06.339
for these devices.

0:17:06.339,0:17:10.299
M: So, we actually[br]went shopping on eBay

0:17:10.299,0:17:12.189
and we found some[br]of these devices.

0:17:12.189,0:17:13.319
E: You can buy them on eBay?

0:17:13.319,0:17:14.429
M: Yeah.[br]E: <i>laughing</i>

0:17:14.429,0:17:16.740
M: So, I found[br]a programmer

0:17:16.740,0:17:19.369
that can program[br]my device, on eBay

0:17:19.369,0:17:20.599
and I bought it.

0:17:20.599,0:17:22.500
And I also found a couple of[br]these access points.

0:17:22.500,0:17:26.319
So, that's what we're[br]now starting to look at.

0:17:26.319,0:17:29.320
E: We just wanna to give[br]you an overview of this system,

0:17:29.320,0:17:31.720
and it's fairly similar across the[br]different device vendors,

0:17:31.720,0:17:34.549
and we're not going to talk[br]about individual vendors.

0:17:34.549,0:17:36.600
But if you're gonna go and[br]do this kind of research

0:17:36.600,0:17:39.789
you can see that some of the research[br]you've already done in the past

0:17:39.789,0:17:43.110
applies to different parts[br]of this process.

0:17:43.110,0:17:46.730
M: And talking about[br]patient privacy,

0:17:46.730,0:17:50.710
when we got the[br]programmer from ebay

0:17:50.710,0:17:54.159
it actually contained[br]patient information.

0:17:54.159,0:17:56.779
So, that's the[br]really bad thing.

0:17:56.779,0:17:58.919
E: So, I found[br]this very odd.

0:17:58.919,0:18:01.100
I had a similar reaction[br]to yourselves because

0:18:01.100,0:18:03.080
I usually do industrial[br]system stuff.

0:18:03.080,0:18:06.299
One of my friends picked up[br]some PLCs recently and

0:18:06.299,0:18:09.679
they had data from the nuclear plant,[br]that the PLCs had been used in.

0:18:09.679,0:18:13.789
So, decommissioning is a problem[br]in industrial systems

0:18:13.789,0:18:18.080
but it turns out also[br]in medical devices, right?

0:18:18.080,0:18:20.480
I guess that's a useful point[br]to make as well,

0:18:20.480,0:18:22.820
about the costs of doing[br]this kind of research.

0:18:22.820,0:18:26.260
It is possible to get some[br]devices, some implants

0:18:26.260,0:18:29.000
from people who have sadly[br]passed on,

0:18:29.000,0:18:33.429
but that comes with a very high[br]cost of biomedical decontamination.

0:18:33.429,0:18:35.549
So that raises the cost[br]of doing this research

0:18:35.549,0:18:38.070
on the implants themselves,[br]not necessarily on the rest

0:18:38.070,0:18:38.710
of the devices.

0:18:38.710,0:18:42.700
M: Yeah, so, also want[br]to say, that in this research

0:18:42.700,0:18:44.059
I had not have not tinkered[br]with my own device.

0:18:44.059,0:18:46.630
So, that would not be a good thing ...

0:18:46.630,0:18:49.679
E: You're not gonna let me,[br]like, SSH into your heart and just ...

0:18:49.679,0:18:52.330
M: Um.. No.[br]E: ... just delete some stuff.. No?

0:18:52.330,0:18:54.990
M: No.[br]E: I wouldn't do it anyway,

0:18:54.990,0:18:56.860
but it's an interesting point, right?

0:18:56.860,0:18:59.019
So, like, there are a lot of[br]safety percussions

0:18:59.019,0:19:00.960
that we and the rest[br]of the team have to take

0:19:00.960,0:19:02.380
when we are doing this research.

0:19:02.380,0:19:06.039
And one of them is[br]not pairing Marie's pacemaker

0:19:06.039,0:19:09.289
with any of the devices[br]that are under test.

0:19:09.289,0:19:13.519
Do you wanna say a bit more[br]about connectivity and vulnerability?

0:19:13.519,0:19:15.200
M: Yeah, so...

0:19:15.200,0:19:18.620
I was worried[br]when I discovered that

0:19:18.620,0:19:23.850
I had this possible connectivity[br]to the medical internet of things.

0:19:23.850,0:19:28.830
In my case this is switched off[br]in the configurations

0:19:28.830,0:19:29.679
but it's there.

0:19:29.679,0:19:32.750
It's possible to turn it on,[br]it's possible for me to be

0:19:32.750,0:19:36.970
hooked up to the,[br]this internet of medical things.

0:19:36.970,0:19:40.500
And for some patients[br]this is really benefit.

0:19:40.500,0:19:43.090
So you always have to make[br]a risk-based decision

0:19:43.090,0:19:47.510
on whether or not to[br]make use of this

0:19:47.510,0:19:48.529
connectivity.

0:19:48.529,0:19:52.490
But I think it's really important[br]that you make an informed decision

0:19:52.490,0:19:55.480
about that and that the patient

0:19:55.480,0:20:01.919
is informed and has given[br]his or her consent

0:20:01.919,0:20:04.120
to have this feature.

0:20:04.120,0:20:08.200
The battery lifetime of my pacemaker[br]is around 10 years.

0:20:08.200,0:20:10.450
So in 6 years time

0:20:10.450,0:20:12.870
I will have to have a[br]replacement surgery

0:20:12.870,0:20:16.409
and I'm going to be[br]a really difficult patient <i>laughing</i>

0:20:16.409,0:20:17.840
<i>laughter</i>

0:20:17.840,0:20:23.980
So, ...[br]<i>applause</i>

0:20:23.980,0:20:25.039
E: Right on.

0:20:25.039,0:20:27.710
M: I really want to know

0:20:27.710,0:20:30.269
how the devices work[br]by then and

0:20:30.269,0:20:33.830
I want to make an informed[br]decision on whether or not

0:20:33.830,0:20:35.659
to have this connectivity.

0:20:35.659,0:20:38.970
But of course for lot of patients[br]the benefit of having this

0:20:38.970,0:20:40.850
outweighs the risk.

0:20:40.850,0:20:44.630
Because people that had other[br]heart problems than me

0:20:44.630,0:20:47.070
they have to go for more[br]frequent checkups.

0:20:47.070,0:20:49.759
I only have to go once a year.

0:20:49.759,0:20:53.130
So, for patients that need to go[br]frequently for checkups,

0:20:53.130,0:20:55.710
it's really good for them[br]to have the possibility

0:20:55.710,0:20:58.039
of having telemetry and[br]having connectivity to

0:20:58.039,0:21:00.370
have remote patient monitoring.

0:21:00.370,0:21:04.059
E: Yeah, imagine you[br]have mobility problems or

0:21:04.059,0:21:06.029
you even just live far

0:21:06.029,0:21:08.639
from a major city.

0:21:08.639,0:21:11.360
And making the journey[br]to the hospital is quite arduous,

0:21:11.360,0:21:15.159
then this kind of remote[br]telemetry allows your doctor

0:21:15.159,0:21:17.070
to keep track of[br]what's going on.

0:21:17.070,0:21:19.570
And that's very important,[br]we don't wanna, like...

0:21:19.570,0:21:22.440
have a big scary testosterone[br]filled talk where we, like,

0:21:22.440,0:21:23.389
hack some pacemakers.

0:21:23.389,0:21:26.720
We wanna talk about[br]how there's a dual use thing

0:21:26.720,0:21:28.090
going on here.

0:21:28.090,0:21:31.649
And that there is a lot of value[br]in having this devices

0:21:31.649,0:21:35.830
but we also want them to be safe[br]and secure and preserve our privacy

0:21:35.830,0:21:39.320
and a lot of other things.

0:21:39.320,0:21:43.789
So, these are some[br]of the issues.

0:21:43.789,0:21:46.139
Of course the last one,[br]the remote assassination scenario,

0:21:46.139,0:21:49.340
that' s everyone favorite one[br]to fantasize about

0:21:49.340,0:21:53.250
or talk about, or make[br]movies about, but

0:21:53.250,0:21:54.980
we think there's a lot of[br]other issues in here

0:21:54.980,0:21:56.620
that are more interesting,

0:21:56.620,0:21:59.009
some quality issues even, right,

0:21:59.009,0:22:02.070
that we'll talk about[br]in a little bit.

0:22:02.070,0:22:02.649
Battery exhaustion,

0:22:02.649,0:22:06.600
again something many people[br]don't think about. But...

0:22:06.600,0:22:09.200
I'm very interested in[br]cyber-physical exploitation

0:22:09.200,0:22:12.789
and so some of this elements[br]were interesting to me

0:22:12.789,0:22:15.960
that you might use the device[br]in a way that wasn't expected.

0:22:15.960,0:22:20.700
M: So personally I'm not afraid[br]of being remotely assassinated.

0:22:20.700,0:22:23.370
E: I've actually never known[br]you to be afraid of anything

0:22:23.370,0:22:24.549
M: <i>laughing</i>

0:22:24.549,0:22:29.130
I'm more worried about[br]software bugs in my device,

0:22:29.130,0:22:31.759
the things that can malfunction,

0:22:31.759,0:22:34.049
E: Is that just theoretical?

0:22:34.049,0:22:36.850
M: No, actually software bugs

0:22:36.850,0:22:38.940
have killed people.

0:22:38.940,0:22:41.340
So, think about that!

0:22:41.340,0:22:42.130
People that are not here,

0:22:42.130,0:22:44.700
they don't have their voice[br]and they can't really

0:22:44.700,0:22:46.340
give there story.

0:22:46.340,0:22:51.100
But there are stories about persons[br]depending on medical devices

0:22:51.100,0:22:54.240
dying because their[br]device malfunctioned.

0:22:54.240,0:22:57.830
E: There's even some[br]great research

0:22:57.830,0:23:01.940
from academics about[br]how the user interface design

0:23:01.940,0:23:05.100
of medical devices can have[br]an impact on patients safety

0:23:05.100,0:23:07.399
and how designing UX

0:23:07.399,0:23:10.139
much more clearly[br]and concisely

0:23:10.139,0:23:11.840
specifically for the[br]medical profession

0:23:11.840,0:23:17.809
might improve[br]the care of patients.

0:23:17.809,0:23:19.889
Do you wanna say more[br]about this slide or should we

0:23:19.889,0:23:22.370
go on to the previous work,[br]should we... go ahead!

0:23:22.370,0:23:25.190
M: Yeah, I think it's really[br]important also to...

0:23:25.190,0:23:27.639
the issue of trusting the vendors.

0:23:27.639,0:23:31.480
So, as a patient I'm[br]expected to just, you know,

0:23:31.480,0:23:34.720
trust, that my device[br]is working correctly,

0:23:34.720,0:23:38.860
every security vulnerability[br]has been corrected by the vendor

0:23:38.860,0:23:39.650
and it's safe.

0:23:39.650,0:23:42.659
But I want to have more[br]third party testing,

0:23:42.659,0:23:48.210
I want to have more security[br]research on medical implants.

0:23:48.210,0:23:52.379
And as a lot things, like ...[br]history has shown

0:23:52.379,0:23:57.580
we can't always trust that[br]the vendors do the right thing.

0:23:57.580,0:24:00.179
E: I think this is a good[br]opportunity for us to ask

0:24:00.179,0:24:03.279
a very fun question, which is:

0:24:03.279,0:24:05.700
Any fans of DMCA in the room?

0:24:05.700,0:24:08.330
<i>laughter</i>

0:24:08.330,0:24:09.379
No? No fans? Alright.

0:24:09.379,0:24:12.779
Well, you then you'll really enjoy this.

0:24:12.779,0:24:17.129
Marie has some very exciting news[br]about DMCA exemptions.

0:24:17.129,0:24:21.350
M: Yeah, so... October, this year

0:24:21.350,0:24:27.909
there was a ruling of[br]an DMCA exemption for

0:24:27.909,0:24:30.710
security research[br]on medical devices

0:24:30.710,0:24:33.529
also for automotive security research.

0:24:33.529,0:24:34.860
So, this means, that

0:24:34.860,0:24:39.289
as researchers you can

0:24:39.289,0:24:41.919
actually do reverse engineering[br]of medical implants

0:24:41.919,0:24:46.169
without infringing copyright laws.

0:24:46.169,0:24:48.220
It will take effect[br]I think October next year.

0:24:48.220,0:24:50.710
E: Yeah.[br]M: That is really a big

0:24:50.710,0:24:53.529
step forward in my opinion.

0:24:53.529,0:24:56.009
And I hope that this will[br]encourage more research.

0:24:56.009,0:24:59.649
And I also want to mention[br]that there are

0:24:59.649,0:25:02.720
fellow activist patients[br]like myself

0:25:02.720,0:25:06.649
that was behind that proposal[br]of having this exemptions.

0:25:06.649,0:25:11.529
So, Jay Radcliff who hacked[br]his own insulin pump,

0:25:11.529,0:25:16.299
Karen Sandler, who is a free and[br]open software advocat.

0:25:16.299,0:25:21.190
And Hugo Campos, who has[br]an ICD implant, he is very ...

0:25:21.190,0:25:24.580
he wants to have access[br]to his own data

0:25:24.580,0:25:27.669
for quantified self reasons.

0:25:27.669,0:25:31.210
So this patients,[br]they actually

0:25:31.210,0:25:36.409
made this happen,[br]that you're allowed to do

0:25:36.409,0:25:38.870
security research[br]on medical devices.

0:25:38.870,0:25:40.859
I think that's really great.

0:25:40.859,0:25:48.029
<i>applause</i>

0:25:48.029,0:25:51.639
E: Do you wanna say something[br]about Scott Erven's presentation

0:25:51.639,0:25:52.419
that you saw at DEF CON?

0:25:52.419,0:25:54.419
M: Yeah, that was a really[br]interesting presentation about

0:25:54.419,0:25:59.899
how medical devices have[br]really poor security.

0:25:59.899,0:26:02.399
And they have, like,[br]hard coded credentials,

0:26:02.399,0:26:06.059
and you can find them[br]using Shodan on the internet.

0:26:06.059,0:26:09.500
This were not pacemakers,[br]but other types of

0:26:09.500,0:26:10.809
different medical devices.

0:26:10.809,0:26:17.029
There are, like, hospital networks[br]that are completely open

0:26:17.029,0:26:20.799
and you can access[br]the medical equipment

0:26:20.799,0:26:26.240
using default passwords that[br]you can find in the manuals.

0:26:26.240,0:26:27.240
And the vendors claim that

0:26:27.240,0:26:30.159
no, these are not hard coded,[br]these are default,

0:26:30.159,0:26:33.809
but then the manuals say:[br]Do not change this password...

0:26:33.809,0:26:37.269
E: Because they want to[br]integrate with other stuff, right? So...

0:26:37.269,0:26:40.950
I've heard that excuse from SCADA,[br]so I wasn't having it.

0:26:40.950,0:26:43.759
M: They also put up some[br]medical device honeypots

0:26:43.759,0:26:48.889
to see if there were[br]targeted hacking attempts

0:26:48.889,0:26:55.009
but they only picked up regular malware[br]on them, which is also ...

0:26:55.009,0:26:57.309
E: Only![br]M: ... of course of a concern <i>laughing</i>

0:26:57.309,0:27:01.389
E: Anything else,[br]about prior art, Kevin?

0:27:01.389,0:27:04.889
M: I guess we should mention[br]that the academic research

0:27:04.889,0:27:08.019
on hacking pacemakers,[br]which was started by

0:27:08.019,0:27:11.090
a group led by Kevin Fu

0:27:11.090,0:27:13.840
and they had this[br]first paper in 2008

0:27:13.840,0:27:15.210
that they also followed up[br]with more academic research

0:27:15.210,0:27:17.909
and they showed that it's[br]possible to hack a pacemaker.

0:27:17.909,0:27:21.220
They showed that...[br]this was possible on a, like

0:27:21.220,0:27:23.460
a couple of centimeters[br]distance only,

0:27:23.460,0:27:28.289
so, like, the attack scenario[br]would be, if you have a

0:27:28.289,0:27:30.330
device similar to the[br]programmers device

0:27:30.330,0:27:33.610
and you attack me with it[br]you can <i>laughing</i>

0:27:33.610,0:27:34.289
turn off my pacemaker.

0:27:34.289,0:27:36.019
That's not really scary,

0:27:36.019,0:27:39.840
but then we have the research[br]by Barnaby Jack

0:27:39.840,0:27:45.529
where this range of the attack[br]is extended to several meters

0:27:45.529,0:27:48.549
so you have someone with[br]an antenna in a room

0:27:48.549,0:27:51.360
scanning for pacemakers

0:27:51.360,0:27:54.059
and starting to program them.

0:27:54.059,0:28:00.210
E: We have a saying[br]at Cambridge about that.

0:28:00.210,0:28:01.929
Some of the other people at the[br]university have been doing attacks

0:28:01.929,0:28:04.799
a lot longer than I have, and[br]one of the things they say is:

0:28:04.799,0:28:07.059
'Attacks only get worse,[br]they never get better.'

0:28:07.059,0:28:11.169
So, the range might be short one year,[br]then a couple of years later it's worse.

0:28:11.169,0:28:15.889
M: The worst case scenario[br]I think would be remotely,

0:28:15.889,0:28:19.549
via the internet being able to[br]hack pacemakers.

0:28:19.549,0:28:24.490
but there's no research so far[br]indicating that that's possible.

0:28:24.490,0:28:26.970
E: And we don't wanna[br]hype that up. We don't wanna...

0:28:26.970,0:28:28.929
M: No.[br]E: ... get that kind of an angle

0:28:28.929,0:28:31.720
on this talk. We wanna make the[br]point that hacking can save lives,

0:28:31.720,0:28:38.779
that hackers are global citizen's[br]resource to save lives, right? So...

0:28:38.779,0:28:45.200
M: Yeah, so, this is the result[br]of hacking of the drug infusion pumps.

0:28:45.200,0:28:48.659
Earlier this year

0:28:48.659,0:28:55.190
the FDA actually issued the first ever[br]recall of a medical device

0:28:55.190,0:28:57.730
based on cyber security concerns.

0:28:57.730,0:29:02.190
E: I think that's amazing, right?[br]They've recalled products

0:29:02.190,0:29:05.509
because of cyber security concerns. They[br]used to have to wait until someone died.

0:29:05.509,0:29:09.840
In fact, they had to show[br]something like 500 deaths

0:29:09.840,0:29:13.360
before you could recall a product.[br]So now they can ...

0:29:13.360,0:29:16.080
the FDA, at least in the US,[br]they can recall products

0:29:16.080,0:29:18.570
just based on security[br]considerations.

0:29:18.570,0:29:20.519
M: So, this is also,

0:29:20.519,0:29:26.730
I guess the first example[br]of that type of pro-active

0:29:26.730,0:29:29.450
security research,[br]where you can

0:29:29.450,0:29:33.049
make a proof of concept[br]without killing any patients

0:29:33.049,0:29:36.740
and then that closes[br]the security holes.

0:29:36.740,0:29:38.240
And that potentially[br]saves lives.

0:29:38.240,0:29:41.169
And no one has been hurt[br]in the research.

0:29:41.169,0:29:42.110
I think that's great.

0:29:42.110,0:29:45.019
E: I'm also really excited[br]because we give a lot of presentations

0:29:45.019,0:29:48.610
about security that are filled with[br]doom and gloom and depression,

0:29:48.610,0:29:52.190
so it's nice to have two major victories[br]in medical device research

0:29:52.190,0:29:54.610
in the last few years.[br]One being the DMCA exemptions

0:29:54.610,0:29:57.299
and the other being[br]actual product recalls.

0:29:57.299,0:30:01.879
M: Yeah, and the FDA are starting[br]to take these issues seriously and

0:30:01.879,0:30:05.700
they are really focusing on the cyber[br]security of medical implants now.

0:30:05.700,0:30:09.980
I'm going to go to a workshop[br]arranged by the FDA in January

0:30:09.980,0:30:15.639
and participate on a panel discussing[br]cyber security of medical implants.

0:30:15.639,0:30:18.789
And it's great to have this[br]type of interaction between

0:30:18.789,0:30:23.269
the security committee, medical[br]device vendors and the regulators.

0:30:23.269,0:30:24.950
So, things are happening.

0:30:24.950,0:30:26.820
E: Yeah. How do you feel[br]as an audience,

0:30:26.820,0:30:29.759
are you glad that she's going to be[br]your representative in Washington

0:30:29.759,0:30:31.749
for some of these issues?

0:30:31.749,0:30:38.679
<i>applause</i>

0:30:38.679,0:30:41.330
And we want you to get[br]involved as well, right?

0:30:41.330,0:30:44.950
This is not just about Marie[br]and myself and the other people

0:30:44.950,0:30:47.499
who worked on this[br]project, it's meant say

0:30:47.499,0:30:50.200
you too can do this research.[br]And you should be.

0:30:50.200,0:30:53.499
You have to be a little sensitive,[br]a little bit precise and articulate

0:30:53.499,0:30:55.029
about concerns.

0:30:55.029,0:30:58.509
We take some inspiration from the[br]former research around hygiene.

0:30:58.509,0:31:01.419
Imagine the first time some scientist[br]went to some other scientist and said

0:31:01.419,0:31:04.960
'There is this invisible stuff,[br]and it's on your hands,

0:31:04.960,0:31:07.210
and if you don't wash your hands[br]people get infections!'

0:31:07.210,0:31:08.240
And everyone thought[br]they were crazy.

0:31:08.240,0:31:12.049
Well, it's kind of the same with us[br]talking about industrial systems

0:31:12.049,0:31:15.840
or talking about medical devices[br]or talking about hacking in general.

0:31:15.840,0:31:18.200
People just didn't, sort of,[br]believe it was possible at first.

0:31:18.200,0:31:21.019
And so we have to articulate ourselves[br]very, very carefully.

0:31:21.019,0:31:25.200
So, we draw inspiration from[br]that early hygiene movement

0:31:25.200,0:31:28.730
where they had a couple simple rules[br]that started to save people's lives

0:31:28.730,0:31:31.529
while they explained germ theory[br]to the masses.

0:31:31.529,0:31:38.139
M: Yeah, so, this type of research[br]is kind of low hanging fruits

0:31:38.139,0:31:41.149
where you just, so...

0:31:41.149,0:31:46.320
what we show here is an example,

0:31:46.320,0:31:50.440
where there's a lot of medical[br]device networks in hospitals

0:31:50.440,0:31:53.720
that are open to the internet[br]and that can get infected

0:31:53.720,0:31:59.429
by normal type of malware,[br]like banking trojans or whatever.

0:31:59.429,0:32:03.200
And this is potentially a safety issue.

0:32:03.200,0:32:08.460
So, if your MR scanner or some other

0:32:08.460,0:32:12.970
more life-critical device[br]is being unavailable because of

0:32:12.970,0:32:16.919
a virus on it,

0:32:16.919,0:32:21.360
that's a real concern for patient[br]security and safety.

0:32:21.360,0:32:26.419
So we need to think more about[br]the hygiene also in terms of

0:32:26.419,0:32:29.860
computer viruses, not only[br]just normal viruses.

0:32:29.860,0:32:33.129
E: Yeah. So, you know, some[br]times people will treat you like

0:32:33.129,0:32:35.639
this is an entirely theoretical[br]concern, but

0:32:35.639,0:32:39.379
I think this is one of the best[br]illustrations that we've found

0:32:39.379,0:32:42.210
of how that should[br]be a concern,

0:32:42.210,0:32:43.740
and I think all of you will get it,

0:32:43.740,0:32:47.320
but I wanna give you a moment to kind of[br]read what's about to come up on the slides.

0:32:47.320,0:32:59.200
So I'll just let you enjoy[br]that for a moment.

0:32:59.200,0:33:02.009
So if it's not clear or it's not your[br]first language or something,

0:33:02.009,0:33:07.659
this guy basically sharded patient data[br]across a bunch of amazon clusters.

0:33:07.659,0:33:11.309
And then it was unavailable.[br]And they were very concerned

0:33:11.309,0:33:14.029
about the unavailability of their[br]costumer patient data

0:33:14.029,0:33:17.629
sharded across amazon instances.

0:33:17.629,0:33:23.289
He was complaining to support, like[br]'Can I get support to fix this?' <i>laughing</i>

0:33:23.289,0:33:27.149
M: So, all the data of the ...

0:33:27.149,0:33:31.580
... the monitoring data of the cardiac[br]patients is unavailable to them

0:33:31.580,0:33:35.129
because of the service[br]being downed.

0:33:35.129,0:33:43.060
And, well, do you want to outsource your[br]patient's safety to the cloud? Really?

0:33:43.060,0:33:45.360
I don't want that.[br]Okay.

0:33:45.360,0:33:50.039
E: I wanna get into some other details.[br]We have sort of 10 min left if we can ...

0:33:50.039,0:33:53.179
so we can have a lot of questions,[br]and I'm sure there will be some.

0:33:53.179,0:33:57.990
But I want you to talk to them about[br]this very personal story.

0:33:57.990,0:34:00.769
This is... Remember before, when we[br]said, is this stuff theoretical?

0:34:00.769,0:34:02.299
I want you to pay a lot of[br]attention to this story.

0:34:02.299,0:34:04.299
It really moved me[br]when she first told me.

0:34:04.299,0:34:08.650
M: I know how it feels to have[br]my body controlled by a device

0:34:08.650,0:34:12.360
that is not working correctly.

0:34:12.360,0:34:18.429
So, I think it was around 2 or 3[br]weeks after I had the surgery.

0:34:18.429,0:34:19.480
I felt fine.

0:34:19.480,0:34:23.409
But I hadn't really done[br]any exercise yet.

0:34:23.409,0:34:28.090
The surgery was pretty easy,[br]I only had 2 weeks sick leave

0:34:28.090,0:34:29.730
and then I came back to work

0:34:29.730,0:34:30.960
and I went to London

0:34:30.960,0:34:35.449
to participate in a course[br]in ethical hacking and

0:34:35.449,0:34:39.770
I did take the London Underground[br]together with some of my colleges

0:34:39.770,0:34:42.840
and we went of at this station[br]at Covent Garden

0:34:42.840,0:34:46.050
And I don't know if you[br]have been there but

0:34:46.050,0:34:49.100
that particular station is[br]really low underground.

0:34:49.100,0:34:51.980
They have elevators that you[br]can use to get up,

0:34:51.980,0:34:55.139
but usually there are, like,[br]long queues to the elevators...

0:34:55.139,0:34:57.050
E: You always have to do[br]things the hard way, right?

0:34:57.050,0:34:58.120
M: You had to take the stairs, or

0:34:58.120,0:35:00.830
they were just heading for the stairs[br]and I was following them and

0:35:00.830,0:35:05.700
we were starting to climb the stairs and[br]I didn't read this warning sign, which is:

0:35:05.700,0:35:09.850
'Those with luggage, pushchairs &amp; heart[br]conditions, please use the lift' <i>laughing</i>

0:35:09.850,0:35:11.610
Because I was feeling fine,

0:35:11.610,0:35:15.570
and this was the first time that I[br]figured out there's something wrong

0:35:15.570,0:35:17.860
with my pacemaker or with my heart.

0:35:17.860,0:35:20.330
Because I came like[br]half way up this stairs

0:35:20.330,0:35:23.120
and I felt like I was going to die.

0:35:23.120,0:35:24.610
It was a really horrible feeling.

0:35:24.610,0:35:26.430
I didn't have any more breath left,

0:35:26.430,0:35:30.740
I felt like I wasn't able[br]to complete the stairs.

0:35:30.740,0:35:33.650
I didn't know what was[br]happening to me, but

0:35:33.650,0:35:37.440
somehow I managed to[br]drag myself up the stairs

0:35:37.440,0:35:38.700
and my heart was really...

0:35:38.700,0:35:40.830
it didn't feel right.

0:35:40.830,0:35:45.040
So, first thing when I came[br]back from this course

0:35:45.040,0:35:46.250
I went to my doctor

0:35:46.250,0:35:49.230
and we started to try[br]debug me, tried to find out

0:35:49.230,0:35:51.670
what was wrong with my pacemaker.

0:35:51.670,0:35:54.610
And this is how that looks like.[br]E: <i>laughing</i>

0:35:54.610,0:35:58.370
M: So, there's a stack[br]of different programmers

0:35:58.370,0:36:02.410
- this is not me by the way, but it's[br]a very similar situation.

0:36:02.410,0:36:04.130
E: And we'll come back to those[br]programmers in a moment.

0:36:04.130,0:36:05.180
M: Yeah.[br]E: But the bit I want you

0:36:05.180,0:36:08.930
to focus on is, like, they're[br]debugging your pacemaker?

0:36:08.930,0:36:11.730
Inside you?[br]M: Yeah, I didn't know

0:36:11.730,0:36:12.890
what was happening[br]at the time.

0:36:12.890,0:36:15.260
We were just trying to[br]get the settings right

0:36:15.260,0:36:19.030
and it took like 2 or 3 months before[br]we figured out what was wrong.

0:36:19.030,0:36:23.860
And what happened was, that my[br]operate limit was set to low for me,

0:36:23.860,0:36:29.930
for my age. So, the normal pacemaker[br]patient is maybe around 80 years old

0:36:29.930,0:36:34.050
and the default operate[br]limit was 160 beats/min.

0:36:34.050,0:36:36.750
And that's pretty low for[br]a young person.

0:36:36.750,0:36:40.420
E: So, imagine, like, you're younger[br]and you're really fit and you know

0:36:40.420,0:36:43.930
how to do something really well,[br]like swimming or skiing or skateboarding

0:36:43.930,0:36:47.180
or whatever. You're fantastic at it.[br]And then a couple years go past

0:36:47.180,0:36:49.870
and you know, you gain some weight[br]and you're not as good at it, right?

0:36:49.870,0:36:53.040
But now imagine that[br]happens in 3 seconds.

0:36:53.040,0:36:54.580
While you're walking[br]up a set of stairs.

0:36:54.580,0:36:57.470
M: So, what happens is that[br]the pacemaker detects

0:36:57.470,0:37:01.570
'Oh, you have a really high pulse'.[br]And there's a safety mechanism

0:37:01.570,0:37:04.690
that will cut your pulse in half ...[br]E: In half!

0:37:04.690,0:37:07.380
<i>laughter</i>[br]M: <i>laughing</i> So in my case it went

0:37:07.380,0:37:11.050
from 160 beats/min to 80 beats/min.[br]In a second, or less than a second,

0:37:11.050,0:37:14.370
and that felt really, really horrible.

0:37:14.370,0:37:16.480
And it took a long time[br]to figure out what was wrong.

0:37:16.480,0:37:20.890
It wasn't until they put me on[br]an exercise bike and

0:37:20.890,0:37:24.520
had me on monitoring that they[br]figured out what was wrong, because

0:37:24.520,0:37:31.400
the thing was, that what was displayed[br]on the pacemaker technician's view

0:37:31.400,0:37:35.730
was not the same settings that[br]my pacemaker actually had.

0:37:35.730,0:37:41.340
There was a software bug in the[br]programmer, that caused this problem.

0:37:41.340,0:37:45.610
E: So they thought they had updated[br]her settings to be that of a young person.

0:37:45.610,0:37:47.080
They were like[br]'Oh, we've already changed it'.

0:37:47.080,0:37:51.390
But they lost the view. They couldn't[br]see the actual state of the pacemaker.

0:37:51.390,0:37:53.980
And the only way to figure that out[br]was to put her on a bike

0:37:53.980,0:37:57.190
and let her cycle until her[br]heart rate was high enough.

0:37:57.190,0:38:00.230
You know, literally physically[br]debugging her to figure out

0:38:00.230,0:38:00.850
what was wrong.

0:38:00.850,0:38:04.250
Now stop and think about whether or not[br]you would trust your doctor

0:38:04.250,0:38:06.890
to debug software.

0:38:06.890,0:38:10.800
<i>laughter</i>

0:38:10.800,0:38:14.050
So, say a little bit more about those[br]programmers and then we'll move on

0:38:14.050,0:38:14.860
towards the future.

0:38:14.860,0:38:19.240
M: Yeah, so, we got hold of one of these[br]programmers, as mentioned

0:38:19.240,0:38:20.500
and looked inside it.

0:38:20.500,0:38:24.160
And, well, we named this talk[br]'Unpatchable', because

0:38:24.160,0:38:29.930
originally my hypothesis was that,[br]if you find a bug in a pacemaker

0:38:29.930,0:38:32.630
it will be hard to patch it.

0:38:32.630,0:38:34.550
Maybe it would require surgery.

0:38:34.550,0:38:37.370
But then when we looked[br]inside the programmer

0:38:37.370,0:38:42.520
and we saw that it contained firmware[br]for pacemakers we realized that

0:38:42.520,0:38:46.170
it's possible to actually patch the[br]pacemaker via this programmer.

0:38:46.170,0:38:49.500
E: One of the other researchers[br]finds these firmware blobs inside

0:38:49.500,0:38:53.290
the programmer code and, like,[br]my heart stopped at that point, right?

0:38:53.290,0:39:00.160
I was just going 'Really, you can just[br]update the code on someones pacemaker?'

0:39:00.160,0:39:01.920
We also wanna say something[br]about standardization.

0:39:01.920,0:39:02.840
Look at all those[br]different programmers.

0:39:02.840,0:39:05.680
Someone goes into a hospital[br]with one of these devices

0:39:05.680,0:39:08.940
they have may different programmers[br]so they have to make an estimation

0:39:08.940,0:39:12.730
of which... you know, which[br]programmer for which device.

0:39:12.730,0:39:14.000
Like, which one are you running.

0:39:14.000,0:39:18.070
And, so, some standardization[br]would be an option <i>laughing</i>

0:39:18.070,0:39:20.410
perhaps, in this case.[br]M: Yeah.

0:39:20.410,0:39:23.110
E: Alright. So, we gonna need[br]to move quickly through

0:39:23.110,0:39:25.400
the next few slides to talk[br]to you about the future,

0:39:25.400,0:39:28.940
but I hope that drives home that[br]this is a very real issue for real people.

0:39:28.940,0:39:32.770
M: So, pacemakers are evolving and[br]they are getting smaller

0:39:32.770,0:39:36.060
and this is the type of pacemaker[br]that you can actually implant

0:39:36.060,0:39:37.070
inside the heart.

0:39:37.070,0:39:42.130
So, the pacemaker I have today[br]is outside the heart and it has

0:39:42.130,0:39:44.360
leads that are wired to my heart.

0:39:44.360,0:39:50.600
But in future they are getting[br]smaller and more sophisticated and

0:39:50.600,0:39:52.730
I think this is exciting!

0:39:52.730,0:39:54.950
I think that a lot of you,[br]also in the audience will

0:39:54.950,0:39:58.060
benefit from having this type of[br]technology when you grow older

0:39:58.060,0:40:02.050
and we can have longer lives and[br]we can live more healthier lives

0:40:02.050,0:40:04.680
because of the technology[br]E: And keep in mind, right?

0:40:04.680,0:40:06.900
Some of you may already have devices[br]and already have this issues,

0:40:06.900,0:40:09.550
but others of you will think 'Ah, that[br]won't happen to me for quite a long time'

0:40:09.550,0:40:13.200
But it can be a sudden thing, that,[br]you know, you don't necessarily

0:40:13.200,0:40:17.140
have a choice to run code[br]inside your body.

0:40:17.140,0:40:21.340
Which OS do you wanna implant?[br]<i>laughing</i>

0:40:21.340,0:40:25.220
You wanna tell them about the..

0:40:25.220,0:40:27.080
M: This is also a quite exciting

0:40:27.080,0:40:29.610
maybe future type of implants[br]that you can have.

0:40:29.610,0:40:34.320
So, this is actually a cardiac sock,[br]it's 3D-printed and it's making

0:40:34.320,0:40:38.370
a rabbit's heart beat outside[br]the body of the rabbit.

0:40:38.370,0:40:41.270
So, there's a lot of technology[br]and sensors and things that

0:40:41.270,0:40:44.170
are going to be implanted[br]in our bodies

0:40:44.170,0:40:46.840
and I think more of you will become[br]cyborgs like me in the future

0:40:46.840,0:40:49.800
E: And there's a lot of work[br]that you could be doing.

0:40:49.800,0:40:51.400
You know, 3D-printing[br]this devices,

0:40:51.400,0:40:57.110
and open sourcing as much[br]of this as possible.

0:40:57.110,0:40:58.860
There's a lot to say here, right?

0:40:58.860,0:41:02.860
I think it's time to address[br]the really scary issue.

0:41:02.860,0:41:07.550
The informed consent issue[br]around patching, right?

0:41:07.550,0:41:09.750
Remember earlier we were[br]talking about the programmers

0:41:09.750,0:41:11.980
and we pointed out that there[br]were firmware blobs in there

0:41:11.980,0:41:14.280
and that these people,[br]you know, your doctor or nurse

0:41:14.280,0:41:18.950
could upgrade the code[br]running on your medical implant.

0:41:18.950,0:41:23.760
Now, is there a legal requirement[br]for them to inform you,

0:41:23.760,0:41:26.650
before they alter the code[br]that's running inside your body?

0:41:26.650,0:41:27.490
As far as we can tell

0:41:27.490,0:41:30.480
- and we need to look at a lot of[br]different countries at the same time,

0:41:30.480,0:41:32.330
so we gonna ask you to help us -

0:41:32.330,0:41:34.690
as far as we can tell there are not[br]laws requiring your doctor

0:41:34.690,0:41:40.360
to tell you that they are upgrading[br]the firmware in your device.

0:41:40.360,0:41:43.780
M: Yeah, think about that <i> laughs</i>

0:41:43.780,0:41:44.780
It's a quite scary thing.

0:41:44.780,0:41:48.970
I want to know what's happening[br]to my implant, the code,

0:41:48.970,0:41:53.070
if someone wants to alter the code[br]inside my body, I would like to know

0:41:53.070,0:41:57.250
and I would like to make[br]an informed decision on that

0:41:57.250,0:41:59.470
and give my consent[br]before it happens.

0:41:59.470,0:42:02.230
E: You might even choose a device[br]where that's possible or not possible

0:42:02.230,0:42:05.640
because you're making a risk-based[br]decision and you're an informed consumer

0:42:05.640,0:42:07.800
but how do we help people,[br]who don't wanna understand

0:42:07.800,0:42:11.190
software and firmware and upgrades[br]make those decisions in the future as well.

0:42:11.190,0:42:15.570
Alright.

0:42:15.570,0:42:17.320
M: So now, if we're going to go through

0:42:17.320,0:42:21.950
all this, but there's a lot of reasons[br]why we're in the situations of having

0:42:21.950,0:42:23.870
insecure medical devices.

0:42:23.870,0:42:29.040
There's a lot of legacy technology because[br]there's a long lifetime of this devices

0:42:29.040,0:42:31.910
and it takes a long time[br]to get them on the market.

0:42:31.910,0:42:35.680
And they can be patched,[br]but in some cases

0:42:35.680,0:42:40.790
they are not patched or there are[br]no software updates applied to them.

0:42:40.790,0:42:48.030
We don't have any third party[br]security testing of the devices,

0:42:48.030,0:42:49.490
and that's really needed in my opinion.

0:42:49.490,0:42:50.770
E: Right, an underwriters laboratory

0:42:50.770,0:42:55.190
or consumer laboratory that's there[br]to check some of these details.

0:42:55.190,0:42:58.590
And I don't think that's unreasonable,[br]right? That sort of approach.

0:42:58.590,0:43:02.040
M: And there's a lack of regulations,[br]also. So there's a lot of things

0:43:02.040,0:43:04.610
that should be worked on.

0:43:04.610,0:43:07.270
E: So, there's a lot of[br]ways to solve this

0:43:07.270,0:43:09.640
and we're not gonna give you[br]<i>the</i> answer, because we're not

0:43:09.640,0:43:13.420
geniuses, so we're[br]gonna say that

0:43:13.420,0:43:16.370
these are some different[br]approaches that we see all

0:43:16.370,0:43:19.700
playing in a solution space.

0:43:19.700,0:43:22.270
So, vendor awareness is[br]obviously important, but

0:43:22.270,0:43:23.950
that's not the only thing.[br]A lot of the vendors have been

0:43:23.950,0:43:27.890
very supportive and[br]very open to discussion,

0:43:27.890,0:43:31.750
of transparency, that needs to[br]happen more in the future, right?

0:43:31.750,0:43:34.390
Security risk monitoring,[br]I've been working in the field

0:43:34.390,0:43:38.600
of cyber insurance, which I'm sure[br]sounds like insanity to the rest of you,

0:43:38.600,0:43:42.880
and it is, there are bad days.[br]But that could play a part

0:43:42.880,0:43:45.530
in this risk equation in the future.

0:43:45.530,0:43:49.710
What about medical incidence response,[br]right? Or medical device forensics.

0:43:49.710,0:43:53.660
M: If I suddenly drop dead[br]I really would like to have

0:43:53.660,0:43:57.160
a forensic analysis[br]of my pacemaker, to ...

0:43:57.160,0:44:00.960
E: Please remember that, all of you![br]Like, if anything is going to happen

0:44:00.960,0:44:04.660
to Marie... everyone asked that, right?[br]Like, 'Aren't you afraid of giving this talk?'

0:44:04.660,0:44:06.950
And we thought about it,[br]we talked about it a lot and

0:44:06.950,0:44:09.500
she's got a lot of support[br]from her husband and her son

0:44:09.500,0:44:12.880
and her family and a bunch of us.[br]If anything happens to this woman

0:44:12.880,0:44:15.380
I hope that we will all be doing[br]forensic analysis

0:44:15.380,0:44:17.110
of everything.

0:44:17.110,0:44:24.580
<i>applause</i>

0:44:24.580,0:44:32.470
Cool. So, we'll say a little bit about[br]'I Am The Cavalry' and social contract

0:44:32.470,0:44:34.590
and then we'll wrap it up, okay?

0:44:34.590,0:44:37.840
So, 'I Am The Cavalry' does[br]a lot of grassroots research

0:44:37.840,0:44:41.450
and support and lobbying and[br]tries to articulate these messages.

0:44:41.450,0:44:44.230
They have a medical implant[br]arm that has a bunch of

0:44:44.230,0:44:46.350
different researchers doing[br]this kind of stuff.

0:44:46.350,0:44:48.580
Do you wanna say more about them?

0:44:48.580,0:44:52.430
M: Yeah, so we are both[br]part of the Cavalry,

0:44:52.430,0:44:56.000
because no one is coming[br]to save us from the future

0:44:56.000,0:44:59.840
of being more depended on[br]trusting our lives on machines

0:44:59.840,0:45:04.390
so, that's why we need to step up[br]and do the research and

0:45:04.390,0:45:06.550
encourage and inspire the research.

0:45:06.550,0:45:09.460
So, that's why I joined[br]'I Am The Cavalry'

0:45:09.460,0:45:12.750
and I think it's a[br]good thing to have

0:45:12.750,0:45:15.660
a collaboration effort between[br]researchers, between the vendors

0:45:15.660,0:45:21.060
and the regulators, as they are,[br]or we are working with.

0:45:21.060,0:45:25.010
E: We also think that even if you[br]don't do reverse engineering

0:45:25.010,0:45:28.040
or you're not interested in[br]security details or the opcodes

0:45:28.040,0:45:30.130
that are inside the firmwares[br]or whatever,

0:45:30.130,0:45:33.060
this question is a question that[br]any of you here can talk about

0:45:33.060,0:45:36.310
for the rest of the congress and[br]going forward into the future.

0:45:36.310,0:45:37.240
Right?

0:45:37.240,0:45:39.990
This is Marie's, so go ahead.

0:45:39.990,0:45:47.820
M: Yeah, so, I really want to know[br]what code is running inside my body.

0:45:47.820,0:45:49.030
And I want to know ...

0:45:49.030,0:45:55.390
or I want to have a social contract[br]with my medical doctors and

0:45:55.390,0:45:58.780
my physician that is giving me[br]this implants.

0:45:58.780,0:46:05.570
It needs to be based on a[br]patient-to-doctor trust relationship.

0:46:05.570,0:46:08.620
And also between[br]me and the vendors.

0:46:08.620,0:46:13.210
So I really want to know that[br]I can trust this machine inside...

0:46:13.210,0:46:15.510
E: And we think many of you will[br]be facing similar questions

0:46:15.510,0:46:17.000
to these in the future.

0:46:17.000,0:46:20.240
I have questions.[br]Some of my questions are serious,

0:46:20.240,0:46:25.260
some of my questions are[br]not serious, like this one:

0:46:25.260,0:46:27.770
Is the code on your dress[br]from your pacemaker?

0:46:27.770,0:46:31.660
M: No, actually it's from the[br]computer game 'Doom'.

0:46:31.660,0:46:33.090
But ...[br]<i>laughter</i>

0:46:33.090,0:46:36.180
once I have the <i>laughing</i>[br]code of my pacemaker

0:46:36.180,0:46:38.790
I'm going to make a custom-[br]ordered dress and get it...

0:46:38.790,0:46:44.970
E: Which is pretty cool, right?[br]M: ... get it with my own code.

0:46:44.970,0:46:48.710
<i>applause</i>

0:46:48.710,0:46:53.710
So, let's wrap up with... what we[br]want to have of future research.

0:46:53.710,0:46:57.190
So, we encourage more research,[br]and these are some things that

0:46:57.190,0:46:59.220
could be looked into.

0:46:59.220,0:47:02.970
Like open source medical devices,[br]that doesn't really exist,

0:47:02.970,0:47:05.320
at least not for pacemakers.

0:47:05.320,0:47:09.180
But I think that's one way[br]of going forward.

0:47:09.180,0:47:13.710
E: I think it's also an opportunity[br]for us to mention a really scary idea,

0:47:13.710,0:47:18.200
which is, you know, should anyone[br]have a golden key to Marie's heart,

0:47:18.200,0:47:22.070
should there be backdoored[br]encryption inside of her heart?

0:47:22.070,0:47:24.910
We think no <i>laughing</i>[br]but that...

0:47:24.910,0:47:28.290
M: I don't see any reason why[br]the NSA should be able to

0:47:28.290,0:47:31.130
have a back door to my heart,[br]do you?

0:47:31.130,0:47:33.890
E: You would be an extremist,[br]that's why you don't want them

0:47:33.890,0:47:37.380
to have a back door to your heart.[br]But this is a serious question, right?

0:47:37.380,0:47:39.480
If you start backdooring[br]any kind of crypto anywhere,

0:47:39.480,0:47:41.320
how do you know,[br]where it's gonna end up.

0:47:41.320,0:47:46.550
It might end up in medical devices[br]and we think that's unacceptable.

0:47:46.550,0:47:58.410
<i>applause</i>

0:47:58.410,0:48:05.400
M: And we should also mention[br]that we're not doing this alone,

0:48:05.400,0:48:09.280
we have other researchers[br]helping us forward doing this.

0:48:09.280,0:48:12.230
Angel: So, thank you very much[br]for this thrilling talk,

0:48:12.230,0:48:15.250
we're now doing a little[br]Q&amp;A for 10 min,

0:48:15.250,0:48:19.630
and for the Q&amp;A please keep in mind[br]to respect Marie's privacy, so

0:48:19.630,0:48:23.340
don't ask for details about

0:48:23.340,0:48:24.760
the implant or[br]something like that.

0:48:24.760,0:48:26.820
E: Yeah, the brands and stuff.

0:48:26.820,0:48:29.530
We're gonna tell you, what OS[br]she's running.

0:48:29.530,0:48:35.130
Angel: People, who are now leaving[br]the room, they will not be able

0:48:35.130,0:48:41.440
to come back in, because

0:48:41.440,0:48:43.030
of measures <i>laughing</i>[br]<i>laughter</i>

0:48:43.030,0:48:48.320
So, let's start with the Q&amp;A![br]Let's start with this microphone there.

0:48:48.320,0:48:54.100
Q: Hi, first of all thank you very much[br]for a very fascinating talk.

0:48:54.100,0:48:56.640
I'm not going to ask you[br]about specific vendors.

0:48:56.640,0:49:01.340
However, I thought it was very[br]interesting what you said, that

0:49:01.340,0:49:05.720
most vendors were really supportive[br]I would like to know whether

0:49:05.720,0:49:09.100
there have been[br]exceptions to that rule,

0:49:09.100,0:49:13.760
not who it was or anything like that[br]but what kind of arguments

0:49:13.760,0:49:19.270
you may have heard from vendors[br]e. g. have they referred to anything

0:49:19.270,0:49:24.220
such as trade secrets or copyright[br]or any other legal reasons

0:49:24.220,0:49:28.100
why not to give you,[br]or not to give public access

0:49:28.100,0:49:33.210
to information about devices?[br]Thank you.

0:49:33.210,0:49:41.560
E: So, we haven't had any legal[br]issues so far in this research.

0:49:41.560,0:49:44.940
And in general they haven't been[br]concerned about copyright.

0:49:44.940,0:49:47.840
I think they're more concerned[br]about press, bad press,

0:49:47.840,0:49:51.110
and a hype, you know, what[br]they would see as hype.

0:49:51.110,0:49:55.160
they don't wanna see us scaring[br]people away from these things

0:49:55.160,0:49:56.420
with, you know, these stories.

0:49:56.420,0:50:00.290
M: Yeah, that's also something[br]I'm concerned of, of course,

0:50:00.290,0:50:03.230
as a patient. I don't want to[br]scare my fellow patients

0:50:03.230,0:50:06.000
from having life-critical[br]implants in their body.

0:50:06.000,0:50:10.700
Because a lot of people need[br]them, like me, to survive.

0:50:10.700,0:50:15.820
So, the benefit clearly[br]outweighs the risk in my case.

0:50:15.820,0:50:18.810
E: But that seems to be their[br]main concern, like, you know,

0:50:18.810,0:50:19.760
'Don't give us too[br]much bad press'

0:50:19.760,0:50:25.200
Angel: Ok, next question[br]from over there.

0:50:25.200,0:50:31.900
Q: Hello. I wanted to ask you, if you[br]know about any existing initiatives

0:50:31.900,0:50:35.480
on open sourcing[br]the medical devices,

0:50:35.480,0:50:40.250
on mandating the open sourcing[br]of the software and firmware

0:50:40.250,0:50:43.980
through the legal system,[br]in European Union, in United States

0:50:43.980,0:50:47.760
because I think I've read[br]about such initiatives

0:50:47.760,0:50:51.050
about 1 year ago or so,[br]but it was just a glimpse.

0:50:51.050,0:50:56.170
M: So, there are some patients[br]that have reverse engineered their

0:50:56.170,0:50:57.780
<i>no audio</i>

0:50:57.780,0:51:04.310
(insu)lin pumps. I know, that[br]there are groups of patients

0:51:04.310,0:51:07.740
like the parents of children[br]with insulin pumps.

0:51:07.740,0:51:10.760
They have created[br]software to be able...

0:51:10.760,0:51:14.180
to have an app on their[br]mobile phone to be able

0:51:14.180,0:51:17.410
to monitor their child's[br]blood sugar levels.

0:51:17.410,0:51:21.390
So that's one way of[br]doing this open source

0:51:21.390,0:51:23.250
and I think that's great.

0:51:23.250,0:51:26.540
Q: But nothing[br]in the legal systems,

0:51:26.540,0:51:32.640
no initiatives to mandate this,[br]e.g. on European level?

0:51:32.640,0:51:34.480
E: Not so far that we've seen,

0:51:34.480,0:51:36.280
but that's something that[br]can be discussed now, right?

0:51:36.280,0:51:38.770
M: I think it's really interesting,[br]you could look into the legal

0:51:38.770,0:51:41.760
aspects and the regulations[br]around this, yeah.

0:51:41.760,0:51:43.050
Q: Thank you.

0:51:43.050,0:51:45.510
Angel: Ok, can we have[br]a question from the internet?

0:51:45.510,0:51:49.250
Q: Yes, from the IRC someone asks:

0:51:49.250,0:51:52.890
'Does your pacemaker[br]have a biofeedback,

0:51:52.890,0:51:56.300
so in case something bad[br]happens it starts to defibrillate?

0:51:56.300,0:52:02.920
M: No, I don't have an ICD,[br]so in my case I'm not getting a shock

0:52:02.920,0:52:06.380
in case my heart stops.[br]Because I have a different condition

0:52:06.380,0:52:08.620
I only need to have[br]my rhythm corrected.

0:52:08.620,0:52:11.230
But there are other[br]types of conditions,

0:52:11.230,0:52:14.420
that require pacemakers[br]that can deliver shocks.

0:52:14.420,0:52:18.130
Angel: Ok, one question[br]from that microphone there.

0:52:18.130,0:52:20.220
Q: Thank you very much.[br]At one point you mentioned

0:52:20.220,0:52:24.870
that the connectivity in you[br]pacemaker is off. For now.

0:52:24.870,0:52:28.900
And, is that something, that patients[br]are asked during the process,

0:52:28.900,0:52:32.170
or is that something,[br]patients have to require?

0:52:32.170,0:52:35.530
And generally: What role[br]do you see for the choice

0:52:35.530,0:52:39.430
not to have any connectivity[br]or any security for that matter,

0:52:39.430,0:52:41.870
that technology would[br]make available to you?

0:52:41.870,0:52:47.120
So, how do you see the possibility[br]to choose a more risky life

0:52:47.120,0:52:49.640
in terms of trading in[br]for privacy, whatever?

0:52:49.640,0:52:52.310
M: Yeah, I think that's[br]really a relevant question.

0:52:52.310,0:52:58.130
As we mentioned[br]in the social contract,

0:52:58.130,0:53:03.640
I really would like, that the doctors[br]informed patients about

0:53:03.640,0:53:07.930
their different wireless interfaces[br]and that there's an informed decision

0:53:07.930,0:53:10.960
whether or not to switch it on.

0:53:10.960,0:53:14.560
So, in my case, I don't[br]have it switched on and ...

0:53:14.560,0:53:17.750
I don't need it, so there's no reason[br]why I need to have it switched on.

0:53:17.750,0:53:21.760
But then, again, why did I get[br]an implant that has this capability?

0:53:21.760,0:53:29.200
I should have had the option of[br]opting out of it, but I didn't get that.

0:53:29.200,0:53:31.980
They didn't ask me, or they[br]didn't inform me of that,

0:53:31.980,0:53:34.720
before I got the implant.[br]It was chosen for me.

0:53:34.720,0:53:40.740
And at that time I hadn't looked[br]into the security of medical devices,

0:53:40.740,0:53:43.470
and I needed to[br]have the implant,

0:53:43.470,0:53:46.200
so I couldn't really make[br]an informed decision.

0:53:46.200,0:53:49.140
A lot of patients that are,[br]like, older and not so...

0:53:49.140,0:53:55.240
that don't really understand[br]the technology,

0:53:55.240,0:54:00.040
they can't make that[br]informed decision, like I can.

0:54:00.040,0:54:02.590
So, it's really a[br]complex issue

0:54:02.590,0:54:06.480
and something that we[br]need to discuss more.

0:54:06.480,0:54:09.270
Angel: Ok, another[br]question from there.

0:54:09.270,0:54:11.490
Q: Yeah, thanks.

0:54:11.490,0:54:14.430
As a hacker, connected personally

0:54:14.430,0:54:19.290
and professionally[br]to the medical world:

0:54:19.290,0:54:25.300
How can I educate doctors,[br]nurses, medical people

0:54:25.300,0:54:30.530
about the security risks presented[br]by connected medical devices?

0:54:30.530,0:54:34.870
What can I tell them?[br]Do you have something

0:54:34.870,0:54:37.670
from your own experience[br]I could somehow ...

0:54:37.670,0:54:42.230
M: Yeah, so, the issue of[br]software bugs in the devices

0:54:42.230,0:54:48.220
I think is a real scenario[br]that can happen and ...

0:54:48.220,0:54:50.380
E: Yeah, if you can repeat[br]that story of debugging her,

0:54:50.380,0:54:53.790
like, I think, that makes the point.[br]And then try in adopt that

0:54:53.790,0:54:56.690
hygiene-metaphor that we[br]had before, where, you know,

0:54:56.690,0:54:59.560
people didn't believe in germs,[br]and these problems before,

0:54:59.560,0:55:01.990
we're in that sort of era,[br]and we're still figuring out

0:55:01.990,0:55:05.170
what the scope of potential[br]security and privacy problems are

0:55:05.170,0:55:07.440
for medical devices.[br]In the meantime

0:55:07.440,0:55:10.290
please be open to new research[br]on this subject, right?

0:55:10.290,0:55:12.330
And that story is[br]a fantastic illustration,

0:55:12.330,0:55:16.980
that we don't need evil hacker[br]typer, you know, bond villain,

0:55:16.980,0:55:22.150
we just need failure to debug[br]programming station, properly, right?

0:55:22.150,0:55:23.580
Q: Thank you very much.

0:55:23.580,0:55:26.150
Angel: Ok, another question[br]from the internet.

0:55:26.150,0:55:28.510
Q: Yes, from the IRC:

0:55:28.510,0:55:34.240
'20 years ago it was common,[br]that a magnet had to be placed

0:55:34.240,0:55:40.300
on the patients chest to activate the[br]pacemakers remote configuration interface.

0:55:40.300,0:55:42.250
Is that no longer the case today?'

0:55:42.250,0:55:45.910
E: It's still the case with some devices,[br]but not with all of them I think.

0:55:45.910,0:55:52.240
M: Yeah, it varies between the devices,[br]how they are programmed and

0:55:52.240,0:55:58.200
how long distance you[br]can be from the device.

0:55:58.200,0:56:02.640
Q: Thank you for the talk.[br]I've some medical devices

0:56:02.640,0:56:10.220
in myself to, an insulin pump and[br]sensors to measure the blood sugar levels,

0:56:10.220,0:56:15.640
I'm busy with hacking that and[br]to write the software for myself,

0:56:15.640,0:56:17.940
because the *** doesn't[br]have the software.

0:56:17.940,0:56:24.790
Have you ever think about it, to write[br]your own software for your pacemaker?

0:56:24.790,0:56:27.190
E: <i>laughing</i>[br]M: <i>laughing</i>

0:56:27.190,0:56:33.800
M: No, I haven't thought about[br]that until now. No. <i>laughing</i>

0:56:33.800,0:56:37.820
E: Fantastic, I think that deserves[br]a round of applause, though,

0:56:37.820,0:56:40.130
because that's exactly[br]what we're talking about.

0:56:40.130,0:56:42.340
<i>applause</i>

0:56:42.340,0:56:46.400
Angel: Another question[br]from there.

0:56:46.400,0:56:52.850
Q: First off, I want to say thank you[br]that you gave this talk, because

0:56:52.850,0:56:55.700
once it's quite interesting,[br]but it's not that talk,

0:56:55.700,0:56:59.870
anyone of that is effected could hold,

0:56:59.870,0:57:04.530
so, it takes quiet some courage and

0:57:04.530,0:57:06.740
I want to say thank you. So

0:57:06.740,0:57:12.370
<i>applause</i>

0:57:12.370,0:57:15.010
Secondly, thank you for giving me the

0:57:15.010,0:57:18.350
update. I started medical technology but

0:57:18.350,0:57:21.740
I finished ten years ago and I didn't work

0:57:21.740,0:57:22.150
in the area and it's quiet interesting to

0:57:22.150,0:57:24.020
see what happened in the meantime, but

0:57:24.020,0:57:24.800
now for my actual question:

0:57:24.800,0:57:28.300
You said you got devices on ebay, is it

0:57:28.300,0:57:29.720
possible to get the hole

0:57:29.720,0:57:30.980
communication chain?

0:57:30.980,0:57:34.680
So you can make a sandbox test or ..

0:57:34.680,0:57:37.810
M: Yes it's possible to get devices,

0:57:37.810,0:57:40.240
it's not so easy to get the pacemaker

0:57:40.240,0:57:42.080
itself , it's quite expensive.

0:57:42.080,0:57:44.130
E: And even when we get one,

0:57:44.130,0:57:46.310
we have some paring issues and like

0:57:46.310,0:57:48.020
Marie can't be in the same room , when

0:57:48.020,0:57:49.500
we were doing a curtain types of testing

0:57:49.500,0:57:52.910
and right, so that last piece is difficult

0:57:52.910,0:57:54.590
but the rest of the chain is pretty

0:57:54.590,0:57:56.230
available for the research.

0:57:56.230,0:57:57.460
Q: Ok, thank you.

0:57:57.460,0:57:59.690
Angel: So, time is running out, so we,

0:57:59.690,0:58:02.500
only time left for one question and from

0:58:02.500,0:58:03.110
there please.

0:58:03.110,0:58:06.340
Q: Thank you. I'm also involved in

0:58:06.340,0:58:09.620
software quality checks and software qs

0:58:09.620,0:58:13.070
here in Germany also[br]with medical developments

0:58:13.070,0:58:15.900
and as far as I know, it is the most

0:58:15.900,0:58:18.580
restricted area of developing products

0:58:18.580,0:58:21.180
I think in the world,

0:58:21.180,0:58:24.710
it's just easier to manipulate software

0:58:24.710,0:58:27.750
in a car X-source system or breaking guard

0:58:27.750,0:58:29.590
or something like this, where you don't

0:58:29.590,0:58:34.020
have to show any testing certificate or

0:58:34.020,0:58:35.940
something like this, the FDA is a very

0:58:35.940,0:58:37.980
high regulation part there.

0:58:37.980,0:58:41.920
Do you have the feeling that it's a

0:58:41.920,0:58:44.590
general issue that patients do not have

0:58:44.590,0:58:47.670
access to these FDA compliant tests and

0:58:47.670,0:58:48.800
software q-a-systems?

0:58:48.800,0:58:53.330
M: Yeah, I think that we should have

0:58:53.330,0:58:56.160
more openness and more transparency

0:58:56.160,0:58:58.320
about, around this issues , really.

0:58:58.320,0:59:01.680
E: I mean, it's fantastic you do quality

0:59:01.680,0:59:03.060
assurance, i used to be in quality assurance

0:59:03.060,0:59:06.260
at a large cooperation and I got tiered

0:59:06.260,0:59:08.620
and landed in strategy and pen testing and

0:59:08.620,0:59:10.420
then I just thought of myself as paramilitary

0:59:10.420,0:59:11.130
quality assurence , ..

0:59:11.130,0:59:15.870
now I just do it on ever I wanne test, so

0:59:15.870,0:59:17.790
thank you for doing q-a and keep doing it

0:59:17.790,0:59:19.790
and hopefull you don't have to many regulations

0:59:19.790,0:59:21.570
but companies sharing more of this

0:59:21.570,0:59:23.590
information, its really the transparency

0:59:23.590,0:59:25.370
and the discussion, the open dialogue

0:59:25.370,0:59:28.070
with patients and doctor and a vendor is

0:59:28.070,0:59:30.650
really what we wanna focus on and make

0:59:30.650,0:59:32.840
our final note ?[br]M: Yeah.

0:59:32.840,0:59:35.570
M: We see some problems already

0:59:35.570,0:59:37.540
the last year, the MI Undercover Group has

0:59:37.540,0:59:42.040
had some great progress on having good

0:59:42.040,0:59:46.390
discussions with the FDA and also involving

0:59:46.390,0:59:49.090
the medical device vendors in the discussions

0:59:49.090,0:59:51.440
about cyber security of medical devices

0:59:51.440,0:59:52.850
and implants. so thats great and I hope

0:59:52.850,0:59:54.800
that this will be even better the next year.

0:59:54.800,0:59:57.170
E: And I think you wanne to say

0:59:57.170,0:59:59.000
one more thing to congress before we leave

0:59:59.000,0:59:59.490
which is:

0:59:59.490,1:00:01.280
M: Hack to save lives!

1:00:01.280,1:00:04.709
<i>applaus</i>

1:00:04.709,1:00:09.428
♪ postroll music ♪

1:00:09.428,1:00:16.000
subtitles created by c3subtitles.de[br]Join, and help us!