1
00:00:00,350 --> 00:00:03,999
♪ preroll music ♪

2
00:00:03,999 --> 00:00:10,940
Angel: The next talk will start now

3
00:00:10,940 --> 00:00:12,830
and will be 'Unpatchable -

4
00:00:12,830 --> 00:00:15,250
living with a vulnerable
implanted device'

5
00:00:15,250 --> 00:00:18,240
by Dr. Marie Moe and Eireann Leverett.

6
00:00:18,240 --> 00:00:22,180
Give them a warm round
of applause please.

7
00:00:22,180 --> 00:00:29,040
<i>applause</i>

8
00:00:33,300 --> 00:00:38,799
<i>heart monitor beep sounds start</i>

9
00:00:38,799 --> 00:00:40,489
So, we are here today

10
00:00:40,489 --> 00:00:41,760
to talk to you about a subject

11
00:00:41,760 --> 00:00:44,530
that is really close to my heart.

12
00:00:44,530 --> 00:00:46,350
I have a medical implant.

13
00:00:46,350 --> 00:00:48,969
A pacemaker, that is generating

14
00:00:48,969 --> 00:00:51,690
every single beat of my heart.

15
00:00:51,690 --> 00:00:56,079
But how can I trust my own heart,

16
00:00:56,079 --> 00:00:58,350
when it's being controlled by a machine,

17
00:00:58,350 --> 00:01:00,329
running a proprietary code,

18
00:01:00,329 --> 00:01:03,530
and there is no transparency?

19
00:01:03,530 --> 00:01:05,570
So I'm a patient,

20
00:01:05,570 --> 00:01:08,630
but I'm also a security researcher.

21
00:01:08,630 --> 00:01:10,860
I'm a hacker, because I like

22
00:01:10,860 --> 00:01:13,390
to figure out how things work.

23
00:01:13,390 --> 00:01:15,009
That's why I started a project

24
00:01:15,009 --> 00:01:16,340
on breaking my own heart,

25
00:01:16,340 --> 00:01:17,299
together with Eireann

26
00:01:17,299 --> 00:01:19,799
and a couple of friends.

27
00:01:19,799 --> 00:01:22,719
Because I really want to know

28
00:01:22,719 --> 00:01:24,270
what protocols are running

29
00:01:24,270 --> 00:01:27,259
in this machine inside my body.

30
00:01:27,259 --> 00:01:29,429
Is the crypto correctly implemented?

31
00:01:29,429 --> 00:01:32,979
Does it even have crypto?

32
00:01:34,939 --> 00:01:38,140
So I'm here to inspire you today.

33
00:01:38,140 --> 00:01:40,880
I want more people
to hack to save lives.

34
00:01:40,880 --> 00:01:44,049
Because we are all becoming

35
00:01:44,049 --> 00:01:47,990
more and more dependent on machines.

36
00:01:47,990 --> 00:01:49,999
Maybe some of you in the audience

37
00:01:49,999 --> 00:01:51,929
also have medical implants,

38
00:01:51,929 --> 00:01:52,840
maybe you know someone

39
00:01:52,840 --> 00:01:57,839
that's also depending on
medical implants

40
00:01:57,839 --> 00:02:00,119
Imagine that this is your heartbeat

41
00:02:00,119 --> 00:02:04,380
and it's being controlled by a device.

42
00:02:04,380 --> 00:02:06,350
A device, that might fail.

43
00:02:06,350 --> 00:02:09,680
Due to software bugs,

44
00:02:09,680 --> 00:02:11,820
due to hardware failures.

45
00:02:11,820 --> 00:02:14,490
<i>additional background sound:
real heartbeat</i>

46
00:02:14,490 --> 00:02:17,690
Wouldn't you also like to know

47
00:02:17,690 --> 00:02:21,390
if it has security vulnerabilities?

48
00:02:21,390 --> 00:02:23,680
If it can be trusted?

49
00:02:26,950 --> 00:02:32,110
<i>sounds stop</i>
<i>beeeeep</i>

50
00:02:32,110 --> 00:02:35,940
E: Something to think about, right?

51
00:02:35,940 --> 00:02:37,230
M: Yeah.

52
00:02:37,230 --> 00:02:40,140
E: Marie is an incredibly
brave women.

53
00:02:40,140 --> 00:02:42,940
When she asked me to give this talk

54
00:02:42,940 --> 00:02:44,640
it made me nervous, right?

55
00:02:44,640 --> 00:02:46,760
It's such a personal story.

56
00:02:46,760 --> 00:02:48,860
Such a journey as well.

57
00:02:48,860 --> 00:02:49,880
And she's gonna talk to you

58
00:02:49,880 --> 00:02:51,460
about a lot of things, right?

59
00:02:51,460 --> 00:02:53,640
Not just hacking medical devices

60
00:02:53,640 --> 00:02:54,950
from a safety point of view

61
00:02:54,950 --> 00:02:57,510
but also some of the
privacy concerns,

62
00:02:57,510 --> 00:02:59,050
some of the transparency concerns,

63
00:02:59,050 --> 00:03:01,280
some of the consent concerns.

64
00:03:01,280 --> 00:03:03,420
So, there's a lot to get trough

65
00:03:03,420 --> 00:03:05,140
in the next hour.

66
00:03:05,140 --> 00:03:07,200
But I think you're gonna enjoy it

67
00:03:07,200 --> 00:03:08,110
quite a lot.

68
00:03:08,110 --> 00:03:10,890
M: So, let me tell you

69
00:03:10,890 --> 00:03:13,110
the story about my heart.

70
00:03:13,110 --> 00:03:14,730
So, 4 years ago

71
00:03:14,730 --> 00:03:17,590
I got my medical implant.

72
00:03:17,590 --> 00:03:21,010
It was a kind of emergency situation

73
00:03:21,010 --> 00:03:22,950
because my heart was starting to beat

74
00:03:22,950 --> 00:03:24,200
really slow,

75
00:03:24,200 --> 00:03:26,110
so i needed to have the pacemaker.

76
00:03:26,110 --> 00:03:28,580
I had no choice.

77
00:03:28,580 --> 00:03:31,180
After I got the implant,

78
00:03:31,180 --> 00:03:32,690
since I was a security researcher,

79
00:03:32,690 --> 00:03:33,630
of course I started to

80
00:03:33,630 --> 00:03:36,520
look up information about how it worked.

81
00:03:36,520 --> 00:03:38,000
And I googled for information.

82
00:03:38,000 --> 00:03:40,440
I found a technical manual

83
00:03:40,440 --> 00:03:41,290
of my pacemaker

84
00:03:41,290 --> 00:03:43,750
and I started to read it.

85
00:03:43,750 --> 00:03:45,930
And i was quite surprised

86
00:03:45,930 --> 00:03:47,520
when I learned that

87
00:03:47,520 --> 00:03:51,580
my pacemaker has 2 wireless interfaces.

88
00:03:51,580 --> 00:03:54,870
There is one interface, that is really

89
00:03:54,870 --> 00:03:56,490
close field communication,

90
00:03:56,490 --> 00:03:58,730
near field communication

91
00:03:58,730 --> 00:04:01,180
that is being used when I'm at checkups

92
00:04:01,180 --> 00:04:03,150
at the hospital,

93
00:04:03,150 --> 00:04:05,550
where the technician,

94
00:04:05,550 --> 00:04:07,510
the pacemaker technician or doctor

95
00:04:07,510 --> 00:04:10,030
uses a programming device

96
00:04:10,030 --> 00:04:11,820
and places it

97
00:04:11,820 --> 00:04:14,410
really close to my pacemaker.

98
00:04:14,410 --> 00:04:16,620
And it's possible to use that

99
00:04:16,620 --> 00:04:19,608
communication to adjust the settings.

100
00:04:19,608 --> 00:04:21,560
But it also has another

101
00:04:21,560 --> 00:04:22,530
wireless interface,

102
00:04:22,530 --> 00:04:24,940
that I was not aware of,

103
00:04:24,940 --> 00:04:28,390
that I was not informed of
as a patient.

104
00:04:28,390 --> 00:04:30,810
It has a possibility for remote monitoring

105
00:04:30,810 --> 00:04:31,970
or telemetry,

106
00:04:31,970 --> 00:04:35,880
where you can have an
access point in your house

107
00:04:35,880 --> 00:04:37,010
that will communicate

108
00:04:37,010 --> 00:04:39,430
with the pacemaker

109
00:04:39,430 --> 00:04:41,940
at a couple of meters distance.

110
00:04:41,940 --> 00:04:44,320
And it can collect logs from the pacemaker

111
00:04:44,320 --> 00:04:46,160
and send them to a server

112
00:04:46,160 --> 00:04:47,880
at the vendor.

113
00:04:47,880 --> 00:04:48,870
And there is a web interface

114
00:04:48,870 --> 00:04:50,150
where the doctor can log in

115
00:04:50,150 --> 00:04:52,880
and retrieve my information.

116
00:04:52,880 --> 00:04:54,790
And I have no access the data

117
00:04:54,790 --> 00:04:56,260
that is being collected

118
00:04:56,260 --> 00:04:57,970
by my device.

119
00:04:57,970 --> 00:04:59,860
E: So imagine for a moment

120
00:04:59,860 --> 00:05:02,240
that you are buying a new phone

121
00:05:02,240 --> 00:05:03,600
or buying a new laptop.

122
00:05:03,600 --> 00:05:04,860
You would do your homework, right?

123
00:05:04,860 --> 00:05:07,000
You would understand
what interfaces where there.

124
00:05:07,000 --> 00:05:09,830
But in Marie's case she's just

125
00:05:09,830 --> 00:05:12,040
given a device,
and then later she gets

126
00:05:12,040 --> 00:05:13,950
to go and read the manual, right?

127
00:05:13,950 --> 00:05:16,790
So she's the epitome
of a informed consumer

128
00:05:16,790 --> 00:05:17,850
in this space

129
00:05:17,850 --> 00:05:20,070
and we want a lot more
informed consumers

130
00:05:20,070 --> 00:05:20,780
in this space,

131
00:05:20,780 --> 00:05:22,360
which is why we are giving this talk.

132
00:05:22,360 --> 00:05:23,830
Now, I don't know about you,

133
00:05:23,830 --> 00:05:25,750
but I'm used to hacking

134
00:05:25,750 --> 00:05:26,790
industrial systems.

135
00:05:26,790 --> 00:05:29,200
I haven't done as
much medical research

136
00:05:29,200 --> 00:05:30,060
in the past.

137
00:05:30,060 --> 00:05:31,940
So, when I first
started this project

138
00:05:31,940 --> 00:05:33,270
I knew literally nothing

139
00:05:33,270 --> 00:05:35,020
about Marie's heart.

140
00:05:35,020 --> 00:05:35,980
Or even my own.

141
00:05:35,980 --> 00:05:38,750
And she had to teach me
how the heart works

142
00:05:38,750 --> 00:05:40,290
and how her pacemaker works.

143
00:05:40,290 --> 00:05:42,660
So, would you mind explaining

144
00:05:42,660 --> 00:05:44,550
some details to the audience
that will be relevant

145
00:05:44,550 --> 00:05:45,930
through the rest of the presentation?

146
00:05:45,930 --> 00:05:48,290
M: Actually I think
we're going to show you

147
00:05:48,290 --> 00:05:50,100
a video of
how the heart works.

148
00:05:50,100 --> 00:05:53,250
So, it's a little bit of
biology introduction here

149
00:05:53,250 --> 00:05:57,630
before we start
with the technical details.

150
00:05:57,630 --> 00:06:01,070
So, this.. play the video.

151
00:06:01,070 --> 00:06:03,480
Video: A normal heart beat rate

152
00:06:03,480 --> 00:06:07,470
and rhythm is called
'Normal Sinus Rhythm'.

153
00:06:07,470 --> 00:06:09,010
The heart's pumping action

154
00:06:09,010 --> 00:06:11,240
is driven by electrical stimulation

155
00:06:11,240 --> 00:06:13,570
within the heart muscle.

156
00:06:13,570 --> 00:06:15,139
the heart's electrical system

157
00:06:15,139 --> 00:06:17,120
allows it to beat in an

158
00:06:17,120 --> 00:06:20,230
organized, synchronized pattern.

159
00:06:20,230 --> 00:06:21,360
Every normal heart beat

160
00:06:21,360 --> 00:06:23,400
has 4 steps.

161
00:06:23,400 --> 00:06:24,810
Step 1:

162
00:06:24,810 --> 00:06:27,150
As blood flows into the heart

163
00:06:27,150 --> 00:06:28,360
an electrical impulse

164
00:06:28,360 --> 00:06:31,240
from an upper area of the right atrium

165
00:06:31,240 --> 00:06:33,700
also known as the sinus node

166
00:06:33,700 --> 00:06:35,900
causes the atria to contract.

167
00:06:35,900 --> 00:06:38,139
When the atria contract

168
00:06:38,139 --> 00:06:39,460
they squeeze the blood

169
00:06:39,460 --> 00:06:41,930
into the ventricles.

170
00:06:41,930 --> 00:06:43,020
Step 3:

171
00:06:43,020 --> 00:06:45,020
There is a very short pause

172
00:06:45,020 --> 00:06:48,060
only about a fraction of a second.

173
00:06:48,060 --> 00:06:49,200
and Step 4:

174
00:06:49,200 --> 00:06:51,020
The ventricles contract

175
00:06:51,020 --> 00:06:55,590
pumping the blood to the body.

176
00:06:55,590 --> 00:06:56,860
A heart normally beats

177
00:06:56,860 --> 00:07:00,930
between 60-100 times/min.

178
00:07:00,930 --> 00:07:02,120
Electrical signals in your heart

179
00:07:02,120 --> 00:07:04,830
can become blocked or irregular,

180
00:07:04,830 --> 00:07:05,610
causing a disruption

181
00:07:05,610 --> 00:07:08,120
in your hearts normal rhythm.

182
00:07:08,120 --> 00:07:10,070
When the heart's rhythm is too fast,

183
00:07:10,070 --> 00:07:12,900
too slow or out of order,

184
00:07:12,900 --> 00:07:14,490
an arrhythmia,

185
00:07:14,490 --> 00:07:18,520
also called a rhythm disorder occurs.

186
00:07:18,520 --> 00:07:20,639
When your heart beats out of rhythm,

187
00:07:20,639 --> 00:07:22,180
it may not deliver enough blood

188
00:07:22,180 --> 00:07:24,790
to your body.

189
00:07:24,790 --> 00:07:26,180
Rhythm disorders can be caused

190
00:07:26,180 --> 00:07:27,800
by a number of factors

191
00:07:27,800 --> 00:07:30,710
including disease, heredity,

192
00:07:30,710 --> 00:07:33,590
medications or other factors.

193
00:07:33,590 --> 00:07:37,390
E: So for those of you
who are already aware of that,

194
00:07:37,390 --> 00:07:38,130
apologies.

195
00:07:38,130 --> 00:07:39,380
But I needed to learn that.

196
00:07:39,380 --> 00:07:40,280
I needed to learn the basics

197
00:07:40,280 --> 00:07:41,980
before we even got started, right?

198
00:07:41,980 --> 00:07:43,940
So...

199
00:07:43,940 --> 00:07:47,199
M: So this is a diagram of the

200
00:07:47,199 --> 00:07:50,169
electrical system of the heart.

201
00:07:50,169 --> 00:07:52,310
So, as you see,
this is the sinus node

202
00:07:52,310 --> 00:07:54,169
that is generating the pulse.

203
00:07:54,169 --> 00:07:56,290
And in my case

204
00:07:56,290 --> 00:07:58,850
I had a problem with the signal

205
00:07:58,850 --> 00:08:01,520
being generated by the sinus node

206
00:08:01,520 --> 00:08:05,090
not reaching the lower
heart chamber.

207
00:08:05,090 --> 00:08:10,640
It's something called an AV block
or a heart block

208
00:08:10,640 --> 00:08:13,580
So, occasionally this will cause

209
00:08:13,580 --> 00:08:17,080
an arrhythmia that makes
the heart pause.

210
00:08:17,080 --> 00:08:18,320
If you don't have a heart beat

211
00:08:18,320 --> 00:08:20,180
for, like ... 8-10 seconds,

212
00:08:20,180 --> 00:08:22,000
you lose your consciousness.

213
00:08:22,000 --> 00:08:24,260
And that was, what happened to me.

214
00:08:24,260 --> 00:08:25,620
I just suddenly found myself

215
00:08:25,620 --> 00:08:27,010
lying on the floor

216
00:08:27,010 --> 00:08:28,910
and I didn't remember how I got there.

217
00:08:28,910 --> 00:08:31,180
And it turned out that it was my heart

218
00:08:31,180 --> 00:08:34,009
that had taken a break.

219
00:08:34,009 --> 00:08:36,899
So that's how I discovered

220
00:08:36,899 --> 00:08:38,519
that I had this issue.

221
00:08:38,519 --> 00:08:40,899
So, this is where the signal is blocked

222
00:08:40,899 --> 00:08:44,279
on the way down to the lower heart chamber

223
00:08:44,279 --> 00:08:45,639
But there's a backup function

224
00:08:45,639 --> 00:08:50,600
in the heart that can make

225
00:08:50,600 --> 00:08:52,110
a so called backup pulse.

226
00:08:52,110 --> 00:08:54,759
And I had that backup pulse

227
00:08:54,759 --> 00:08:57,209
when I went to the
emergency room.

228
00:08:57,209 --> 00:08:59,579
So I had a pulse
around 30-40 beats/min.

229
00:08:59,579 --> 00:09:03,100
And that's generated by some cells

230
00:09:03,100 --> 00:09:05,449
in the lower heart chamber.

231
00:09:05,449 --> 00:09:08,259
So, after I got the pacemaker

232
00:09:08,259 --> 00:09:09,329
my heart started to become

233
00:09:09,329 --> 00:09:10,449
a little bit more lazy.

234
00:09:10,449 --> 00:09:12,220
So it is not certain,

235
00:09:12,220 --> 00:09:14,040
that I will have this backup pulse

236
00:09:14,040 --> 00:09:16,959
anymore if the pacemaker
stops working.

237
00:09:16,959 --> 00:09:17,990
So currently

238
00:09:17,990 --> 00:09:22,490
my heart is 100% running
on the pacemaker.

239
00:09:22,490 --> 00:09:27,079
So, let's also look at
how the pacemaker works.

240
00:09:27,079 --> 00:09:29,899
I have another video of that.

241
00:09:29,899 --> 00:09:31,670
So, this is my little friend

242
00:09:31,670 --> 00:09:34,449
that is running my heart.

243
00:09:34,449 --> 00:09:38,279
Video: A pacemaker
is a miniaturized computer

244
00:09:38,279 --> 00:09:40,990
that is used to treat
a slow heart beat.

245
00:09:40,990 --> 00:09:42,699
It is about the size

246
00:09:42,699 --> 00:09:45,449
of a couple of stacked silver dollars

247
00:09:45,449 --> 00:09:49,110
and weights approximately 17-25 grams.

248
00:09:49,110 --> 00:09:52,050
It is usually surgically placed

249
00:09:52,050 --> 00:09:54,449
or implanted just under the skin

250
00:09:54,449 --> 00:09:57,119
in the chest area.

251
00:09:57,119 --> 00:09:59,720
The device sends
a tiny electrical pulse

252
00:09:59,720 --> 00:10:01,730
down a thin coated wire,

253
00:10:01,730 --> 00:10:04,699
called a lead, into your heart.

254
00:10:04,699 --> 00:10:07,209
This stimulates the heart to beat.

255
00:10:07,209 --> 00:10:09,490
This impulses are very tiny

256
00:10:09,490 --> 00:10:12,499
and most people
do not feel them.

257
00:10:12,499 --> 00:10:13,929
While the device
helps your heart

258
00:10:13,929 --> 00:10:15,529
maintain its rhythm,

259
00:10:15,529 --> 00:10:17,009
it also stores information

260
00:10:17,009 --> 00:10:18,369
about your heart that can be

261
00:10:18,369 --> 00:10:20,209
retrieved by your doctor

262
00:10:20,209 --> 00:10:21,990
to program the device.

263
00:10:21,990 --> 00:10:23,629
E: Remember that!

264
00:10:23,629 --> 00:10:26,309
M: Yeah... Did you see

265
00:10:26,309 --> 00:10:28,509
the ones and zeros at the end

266
00:10:28,509 --> 00:10:29,459
of the video?

267
00:10:29,459 --> 00:10:31,240
That's what we want
to know more about.

268
00:10:31,240 --> 00:10:33,179
Because this information

269
00:10:33,179 --> 00:10:35,230
that is being collected
by the pacemaker,

270
00:10:35,230 --> 00:10:36,629
how it works,

271
00:10:36,629 --> 00:10:38,749
how the code looks like,

272
00:10:38,749 --> 00:10:40,119
it's all closed source,

273
00:10:40,119 --> 00:10:42,119
it's all proprietary information.

274
00:10:42,119 --> 00:10:44,540
And that's why we need more

275
00:10:44,540 --> 00:10:45,579
security researchers,

276
00:10:45,579 --> 00:10:48,579
we need more 3rd party testing,

277
00:10:48,579 --> 00:10:52,209
to be sure that we can trust this code.

278
00:10:52,209 --> 00:10:53,689
E: And you can imagine that

279
00:10:53,689 --> 00:10:56,029
we're doing some of
this research as well.

280
00:10:56,029 --> 00:10:58,209
But I'm not gonna break
Marie's heart on stage,

281
00:10:58,209 --> 00:10:59,189
I'm not gonna drop 0-day

282
00:10:59,189 --> 00:11:00,600
on some medical devices,

283
00:11:00,600 --> 00:11:02,999
so if you came for that,

284
00:11:02,999 --> 00:11:04,300
it's not worth staying.

285
00:11:04,300 --> 00:11:05,379
The rest of the presentation

286
00:11:05,379 --> 00:11:06,990
will be about some of
the things we found

287
00:11:06,990 --> 00:11:07,779
and how this works and

288
00:11:07,779 --> 00:11:09,529
how you might approach this research.

289
00:11:09,529 --> 00:11:11,629
And some of the people
who did this research before,

290
00:11:11,629 --> 00:11:12,279
because there's plenty of others,

291
00:11:12,279 --> 00:11:13,429
and we like to give a shout-out

292
00:11:13,429 --> 00:11:16,319
to those who've done
great research in advance.

293
00:11:16,319 --> 00:11:18,730
But essentially this point is

294
00:11:18,730 --> 00:11:19,589
very relevant.

295
00:11:19,589 --> 00:11:21,179
That the internet
of medical things

296
00:11:21,179 --> 00:11:22,850
is already here.

297
00:11:22,850 --> 00:11:24,899
And Marie is wired into it.

298
00:11:24,899 --> 00:11:27,059
She's a bit younger than the average

299
00:11:27,059 --> 00:11:30,339
pacemaker patient, but, you know,

300
00:11:30,339 --> 00:11:31,759
she was thrust into this situation

301
00:11:31,759 --> 00:11:33,249
where she had to think about things

302
00:11:33,249 --> 00:11:34,269
in a very different way.

303
00:11:34,269 --> 00:11:36,449
Like, you did a Masters,
breaking crypto,

304
00:11:36,449 --> 00:11:39,059
and also a PHD in Information Security.

305
00:11:39,059 --> 00:11:40,899
Did you imagine, that
things you learned

306
00:11:40,899 --> 00:11:42,709
about SSH and
network security

307
00:11:42,709 --> 00:11:46,689
might one day apply to your
heart and your own body?

308
00:11:46,689 --> 00:11:49,579
M: No, I never
figured out that

309
00:11:49,579 --> 00:11:52,910
my research would eventually
end up inside my own body.

310
00:11:52,910 --> 00:11:55,269
That's something I never
thought about.

311
00:11:55,269 --> 00:11:57,649
And also, there's a lot of

312
00:11:57,649 --> 00:12:00,110
people that don't think about

313
00:12:00,110 --> 00:12:02,610
how the medical devices
actually work.

314
00:12:02,610 --> 00:12:04,860
So, when I asked this question

315
00:12:04,860 --> 00:12:06,470
to health care professionals

316
00:12:06,470 --> 00:12:08,529
they look at me like I'm crazy,

317
00:12:08,529 --> 00:12:11,189
they don't ... they have never
thought about this before.

318
00:12:11,189 --> 00:12:14,699
That there's actually code
inside my body

319
00:12:14,699 --> 00:12:16,360
and someone has
programmed it,

320
00:12:16,360 --> 00:12:18,259
someone has
written this code.

321
00:12:18,259 --> 00:12:20,350
And, did they think
about, that this

322
00:12:20,350 --> 00:12:23,290
would actually control
someone's life,

323
00:12:23,290 --> 00:12:27,389
and be my own personal
critical infrastructure?

324
00:12:28,719 --> 00:12:31,009
E: Yeah, personal
infrastructure, right?

325
00:12:31,009 --> 00:12:33,189
On a physical level.

326
00:12:33,189 --> 00:12:35,220
And also, I think, it's...

327
00:12:35,220 --> 00:12:37,679
You know, the point that you made
is important to reiterate,

328
00:12:37,679 --> 00:12:38,629
that you go and see your doctor

329
00:12:38,629 --> 00:12:40,360
and you ask these questions about

330
00:12:40,360 --> 00:12:42,040
whether anyone can hack into my heart

331
00:12:42,040 --> 00:12:44,050
and they probably look
at you and go like

332
00:12:44,050 --> 00:12:46,600
'Don't you worry your pretty
little head about that', right?

333
00:12:46,600 --> 00:12:47,589
But Marie used to head up

334
00:12:47,589 --> 00:12:49,949
the Norwegian computer
emergency response team

335
00:12:49,949 --> 00:12:50,720
for a couple of years

336
00:12:50,720 --> 00:12:52,610
and knows a lot of hackers

337
00:12:52,610 --> 00:12:54,790
and knows what she's
talking about, right?

338
00:12:54,790 --> 00:12:57,199
So, when she asked her doctor
these questions,

339
00:12:57,199 --> 00:12:58,819
they're very legitimate questions.

340
00:12:58,819 --> 00:13:01,449
And the doctors probably
don't know anything about code,

341
00:13:01,449 --> 00:13:02,970
but they need to move
towards a place

342
00:13:02,970 --> 00:13:05,459
where they can answer
those questions with some

343
00:13:05,459 --> 00:13:08,079
honesty and certainty and
treat them with the dignity

344
00:13:08,079 --> 00:13:10,569
that they deserve.

345
00:13:10,569 --> 00:13:11,670
Should we show them
a little bit more

346
00:13:11,670 --> 00:13:13,980
about the total ecosystem
of devices

347
00:13:13,980 --> 00:13:16,649
that we are talking about,
at least in this particular talk?

348
00:13:16,649 --> 00:13:18,629
M: Yeah.

349
00:13:18,629 --> 00:13:21,929
E: So, this was
all new to me.

350
00:13:21,929 --> 00:13:24,970
I mean I've moved around
in networks and done some

351
00:13:24,970 --> 00:13:27,519
penetration testing and
some stuff in the past,

352
00:13:27,519 --> 00:13:31,540
but I didn't know much about
implantable medical devices.

353
00:13:31,540 --> 00:13:34,360
So, we've got a couple
of them there.

354
00:13:34,360 --> 00:13:38,339
The ICD, which is the
in-cardio-defibrillator,

355
00:13:38,339 --> 00:13:40,360
that's some of the work
that you saw from Barnaby Jack

356
00:13:40,360 --> 00:13:41,629
which we will mention later,

357
00:13:41,629 --> 00:13:43,170
was on those particular devices,

358
00:13:43,170 --> 00:13:45,299
We've got the pacemakers
and of course other devices

359
00:13:45,299 --> 00:13:47,269
could be in this diagram as well.

360
00:13:47,269 --> 00:13:49,079
Like, we could be talking
about insulin pumps

361
00:13:49,079 --> 00:13:51,329
or other things in the future.

362
00:13:51,329 --> 00:13:54,619
The device itself speaks
to box number 2,

363
00:13:54,619 --> 00:13:56,389
which we will tell you a little bit
more about in a moment,

364
00:13:56,389 --> 00:13:59,799
using a protocol, commonly
referred to as 'MICS'.

365
00:13:59,799 --> 00:14:02,209
A number of different
devices use this

366
00:14:02,209 --> 00:14:06,170
Medical Implant
Communication Service.

367
00:14:06,170 --> 00:14:08,649
And Marie shocked me yesterday

368
00:14:08,649 --> 00:14:10,589
when she found
a couple devices

369
00:14:10,589 --> 00:14:15,799
that potentially use Bluetooth. <i>sighing</i>
<i>laughter</i>

370
00:14:15,799 --> 00:14:19,610
So, would you like to tell them
a little bit more about the access point,

371
00:14:19,610 --> 00:14:20,709
and I'll join in?

372
00:14:20,709 --> 00:14:23,889
M: Yeah, so, the access
point is the device

373
00:14:23,889 --> 00:14:27,369
that you can typically have
on your bed stand

374
00:14:27,369 --> 00:14:32,209
and that will, depending
on your configuration,

375
00:14:32,209 --> 00:14:35,249
contact your pacemaker
as regular intervals,

376
00:14:35,249 --> 00:14:37,509
e.g. once during the night.

377
00:14:37,509 --> 00:14:41,499
It will start a communication
with the pacemaker,

378
00:14:41,499 --> 00:14:43,209
couple of meters distance,

379
00:14:43,209 --> 00:14:44,249
and will start
collecting logs.

380
00:14:44,249 --> 00:14:47,160
And this logs will
then be sent,

381
00:14:47,160 --> 00:14:51,999
it can be via SMS
or other means,

382
00:14:51,999 --> 00:14:53,730
to a server.

383
00:14:53,730 --> 00:14:58,569
So, there's a lot of my
personal information

384
00:14:58,569 --> 00:15:02,049
that can end up different
places in this diagram.

385
00:15:02,049 --> 00:15:05,679
So, of course it's
in my own device,

386
00:15:05,679 --> 00:15:10,079
it will be then communicated
via this access point

387
00:15:10,079 --> 00:15:10,889
and also then

388
00:15:10,889 --> 00:15:14,179
via the cellular network.

389
00:15:14,179 --> 00:15:19,989
And then it will also be stored
in the telemetry server.

390
00:15:19,989 --> 00:15:24,519
Potentially when I go
for the checkups

391
00:15:24,519 --> 00:15:28,939
my personal information will
also end up in my

392
00:15:28,939 --> 00:15:29,730
doctor workstation

393
00:15:29,730 --> 00:15:36,639
or in the electronic
patient records.

394
00:15:36,639 --> 00:15:40,049
And there's a lot of things
that can go wrong there.

395
00:15:40,049 --> 00:15:42,100
E: Yeah, you
can see, it's using

396
00:15:42,100 --> 00:15:46,949
famously secure methods
of communication

397
00:15:46,949 --> 00:15:51,639
that have never been backdoored or
compromised by anyone ever before,

398
00:15:51,639 --> 00:15:56,139
even here at this conference,
probably even this time around.

399
00:15:56,139 --> 00:15:59,850
So these are some things
that are concerning.

400
00:15:59,850 --> 00:16:03,439
The data also travels often
to other countries

401
00:16:03,439 --> 00:16:05,199
and so there are questions
about the jurisdiction

402
00:16:05,199 --> 00:16:09,689
in terms of privacy laws
in terms of some of this data.

403
00:16:09,689 --> 00:16:13,049
And some of you can go and
look deeper into that as well.

404
00:16:13,049 --> 00:16:15,439
The telemetry store thing
I think is important,

405
00:16:15,439 --> 00:16:20,009
some of this is a telemetry store,
such as the server at the vendor.

406
00:16:20,009 --> 00:16:21,709
So the vendor owns some
machines somewhere

407
00:16:21,709 --> 00:16:23,859
that collect data
from Marie's heart.

408
00:16:23,859 --> 00:16:26,910
So you can imagine she goes to see her
doctor and the doctor is like:

409
00:16:26,910 --> 00:16:30,649
'Hey, Marie, last weekend, did you, ...
run a half marathon or something?'

410
00:16:30,649 --> 00:16:32,839
And she hasn't told him, right?

411
00:16:32,839 --> 00:16:35,410
Like, he just can look
at the data and see,

412
00:16:35,410 --> 00:16:38,529
that her heart rate was up
for a couple hours.

413
00:16:38,529 --> 00:16:40,609
That's true though, right? You
did actually run a half marathon.

414
00:16:40,609 --> 00:16:43,639
M: Yeah, I did run a half marathon.
<i>laughing</i>

415
00:16:43,639 --> 00:16:46,829
E: So, the telemetry
store is one part,

416
00:16:46,829 --> 00:16:48,420
but there's also the
doctors work station

417
00:16:48,420 --> 00:16:50,579
which contains a lot of
this medical data.

418
00:16:50,579 --> 00:16:54,040
So, from privacy perspective
that's part of the attack surface.

419
00:16:54,040 --> 00:16:55,489
But there's also the programmers, right?

420
00:16:55,489 --> 00:16:57,879
There's the device's programmers.

421
00:16:57,879 --> 00:17:00,850
So that's an interesting point, that
I hope a lot of you are interested in

422
00:17:00,850 --> 00:17:04,929
already, that there
is a programmer

423
00:17:04,929 --> 00:17:06,339
for these devices.

424
00:17:06,339 --> 00:17:10,299
M: So, we actually
went shopping on eBay

425
00:17:10,299 --> 00:17:12,189
and we found some
of these devices.

426
00:17:12,189 --> 00:17:13,319
E: You can buy them on eBay?

427
00:17:13,319 --> 00:17:14,429
M: Yeah.
E: <i>laughing</i>

428
00:17:14,429 --> 00:17:16,740
M: So, I found
a programmer

429
00:17:16,740 --> 00:17:19,369
that can program
my device, on eBay

430
00:17:19,369 --> 00:17:20,599
and I bought it.

431
00:17:20,599 --> 00:17:22,500
And I also found a couple of
these access points.

432
00:17:22,500 --> 00:17:26,319
So, that's what we're
now starting to look at.

433
00:17:26,319 --> 00:17:29,320
E: We just wanna to give
you an overview of this system,

434
00:17:29,320 --> 00:17:31,720
and it's fairly similar across the
different device vendors,

435
00:17:31,720 --> 00:17:34,549
and we're not going to talk
about individual vendors.

436
00:17:34,549 --> 00:17:36,600
But if you're gonna go and
do this kind of research

437
00:17:36,600 --> 00:17:39,789
you can see that some of the research
you've already done in the past

438
00:17:39,789 --> 00:17:43,110
applies to different parts
of this process.

439
00:17:43,110 --> 00:17:46,730
M: And talking about
patient privacy,

440
00:17:46,730 --> 00:17:50,710
when we got the
programmer from ebay

441
00:17:50,710 --> 00:17:54,159
it actually contained
patient information.

442
00:17:54,159 --> 00:17:56,779
So, that's the
really bad thing.

443
00:17:56,779 --> 00:17:58,919
E: So, I found
this very odd.

444
00:17:58,919 --> 00:18:01,100
I had a similar reaction
to yourselves because

445
00:18:01,100 --> 00:18:03,080
I usually do industrial
system stuff.

446
00:18:03,080 --> 00:18:06,299
One of my friends picked up
some PLCs recently and

447
00:18:06,299 --> 00:18:09,679
they had data from the nuclear plant,
that the PLCs had been used in.

448
00:18:09,679 --> 00:18:13,789
So, decommissioning is a problem
in industrial systems

449
00:18:13,789 --> 00:18:18,080
but it turns out also
in medical devices, right?

450
00:18:18,080 --> 00:18:20,480
I guess that's a useful point
to make as well,

451
00:18:20,480 --> 00:18:22,820
about the costs of doing
this kind of research.

452
00:18:22,820 --> 00:18:26,260
It is possible to get some
devices, some implants

453
00:18:26,260 --> 00:18:29,000
from people who have sadly
passed on,

454
00:18:29,000 --> 00:18:33,429
but that comes with a very high
cost of biomedical decontamination.

455
00:18:33,429 --> 00:18:35,549
So that raises the cost
of doing this research

456
00:18:35,549 --> 00:18:38,070
on the implants themselves,
not necessarily on the rest

457
00:18:38,070 --> 00:18:38,710
of the devices.

458
00:18:38,710 --> 00:18:42,700
M: Yeah, so, also want
to say, that in this research

459
00:18:42,700 --> 00:18:44,059
I had not have not tinkered
with my own device.

460
00:18:44,059 --> 00:18:46,630
So, that would not be a good thing ...

461
00:18:46,630 --> 00:18:49,679
E: You're not gonna let me,
like, SSH into your heart and just ...

462
00:18:49,679 --> 00:18:52,330
M: Um.. No.
E: ... just delete some stuff.. No?

463
00:18:52,330 --> 00:18:54,990
M: No.
E: I wouldn't do it anyway,

464
00:18:54,990 --> 00:18:56,860
but it's an interesting point, right?

465
00:18:56,860 --> 00:18:59,019
So, like, there are a lot of
safety percussions

466
00:18:59,019 --> 00:19:00,960
that we and the rest
of the team have to take

467
00:19:00,960 --> 00:19:02,380
when we are doing this research.

468
00:19:02,380 --> 00:19:06,039
And one of them is
not pairing Marie's pacemaker

469
00:19:06,039 --> 00:19:09,289
with any of the devices
that are under test.

470
00:19:09,289 --> 00:19:13,519
Do you wanna say a bit more
about connectivity and vulnerability?

471
00:19:13,519 --> 00:19:15,200
M: Yeah, so...

472
00:19:15,200 --> 00:19:18,620
I was worried
when I discovered that

473
00:19:18,620 --> 00:19:23,850
I had this possible connectivity
to the medical internet of things.

474
00:19:23,850 --> 00:19:28,830
In my case this is switched off
in the configurations

475
00:19:28,830 --> 00:19:29,679
but it's there.

476
00:19:29,679 --> 00:19:32,750
It's possible to turn it on,
it's possible for me to be

477
00:19:32,750 --> 00:19:36,970
hooked up to the,
this internet of medical things.

478
00:19:36,970 --> 00:19:40,500
And for some patients
this is really benefit.

479
00:19:40,500 --> 00:19:43,090
So you always have to make
a risk-based decision

480
00:19:43,090 --> 00:19:47,510
on whether or not to
make use of this

481
00:19:47,510 --> 00:19:48,529
connectivity.

482
00:19:48,529 --> 00:19:52,490
But I think it's really important
that you make an informed decision

483
00:19:52,490 --> 00:19:55,480
about that and that the patient

484
00:19:55,480 --> 00:20:01,919
is informed and has given
his or her consent

485
00:20:01,919 --> 00:20:04,120
to have this feature.

486
00:20:04,120 --> 00:20:08,200
The battery lifetime of my pacemaker
is around 10 years.

487
00:20:08,200 --> 00:20:10,450
So in 6 years time

488
00:20:10,450 --> 00:20:12,870
I will have to have a
replacement surgery

489
00:20:12,870 --> 00:20:16,409
and I'm going to be
a really difficult patient <i>laughing</i>

490
00:20:16,409 --> 00:20:17,840
<i>laughter</i>

491
00:20:17,840 --> 00:20:23,980
So, ...
<i>applause</i>

492
00:20:23,980 --> 00:20:25,039
E: Right on.

493
00:20:25,039 --> 00:20:27,710
M: I really want to know

494
00:20:27,710 --> 00:20:30,269
how the devices work
by then and

495
00:20:30,269 --> 00:20:33,830
I want to make an informed
decision on whether or not

496
00:20:33,830 --> 00:20:35,659
to have this connectivity.

497
00:20:35,659 --> 00:20:38,970
But of course for lot of patients
the benefit of having this

498
00:20:38,970 --> 00:20:40,850
outweighs the risk.

499
00:20:40,850 --> 00:20:44,630
Because people that had other
heart problems than me

500
00:20:44,630 --> 00:20:47,070
they have to go for more
frequent checkups.

501
00:20:47,070 --> 00:20:49,759
I only have to go once a year.

502
00:20:49,759 --> 00:20:53,130
So, for patients that need to go
frequently for checkups,

503
00:20:53,130 --> 00:20:55,710
it's really good for them
to have the possibility

504
00:20:55,710 --> 00:20:58,039
of having telemetry and
having connectivity to

505
00:20:58,039 --> 00:21:00,370
have remote patient monitoring.

506
00:21:00,370 --> 00:21:04,059
E: Yeah, imagine you
have mobility problems or

507
00:21:04,059 --> 00:21:06,029
you even just live far

508
00:21:06,029 --> 00:21:08,639
from a major city.

509
00:21:08,639 --> 00:21:11,360
And making the journey
to the hospital is quite arduous,

510
00:21:11,360 --> 00:21:15,159
then this kind of remote
telemetry allows your doctor

511
00:21:15,159 --> 00:21:17,070
to keep track of
what's going on.

512
00:21:17,070 --> 00:21:19,570
And that's very important,
we don't wanna, like...

513
00:21:19,570 --> 00:21:22,440
have a big scary testosterone
filled talk where we, like,

514
00:21:22,440 --> 00:21:23,389
hack some pacemakers.

515
00:21:23,389 --> 00:21:26,720
We wanna talk about
how there's a dual use thing

516
00:21:26,720 --> 00:21:28,090
going on here.

517
00:21:28,090 --> 00:21:31,649
And that there is a lot of value
in having this devices

518
00:21:31,649 --> 00:21:35,830
but we also want them to be safe
and secure and preserve our privacy

519
00:21:35,830 --> 00:21:39,320
and a lot of other things.

520
00:21:39,320 --> 00:21:43,789
So, these are some
of the issues.

521
00:21:43,789 --> 00:21:46,139
Of course the last one,
the remote assassination scenario,

522
00:21:46,139 --> 00:21:49,340
that' s everyone favorite one
to fantasize about

523
00:21:49,340 --> 00:21:53,250
or talk about, or make
movies about, but

524
00:21:53,250 --> 00:21:54,980
we think there's a lot of
other issues in here

525
00:21:54,980 --> 00:21:56,620
that are more interesting,

526
00:21:56,620 --> 00:21:59,009
some quality issues even, right,

527
00:21:59,009 --> 00:22:02,070
that we'll talk about
in a little bit.

528
00:22:02,070 --> 00:22:02,649
Battery exhaustion,

529
00:22:02,649 --> 00:22:06,600
again something many people
don't think about. But...

530
00:22:06,600 --> 00:22:09,200
I'm very interested in
cyber-physical exploitation

531
00:22:09,200 --> 00:22:12,789
and so some of this elements
were interesting to me

532
00:22:12,789 --> 00:22:15,960
that you might use the device
in a way that wasn't expected.

533
00:22:15,960 --> 00:22:20,700
M: So personally I'm not afraid
of being remotely assassinated.

534
00:22:20,700 --> 00:22:23,370
E: I've actually never known
you to be afraid of anything

535
00:22:23,370 --> 00:22:24,549
M: <i>laughing</i>

536
00:22:24,549 --> 00:22:29,130
I'm more worried about
software bugs in my device,

537
00:22:29,130 --> 00:22:31,759
the things that can malfunction,

538
00:22:31,759 --> 00:22:34,049
E: Is that just theoretical?

539
00:22:34,049 --> 00:22:36,850
M: No, actually software bugs

540
00:22:36,850 --> 00:22:38,940
have killed people.

541
00:22:38,940 --> 00:22:41,340
So, think about that!

542
00:22:41,340 --> 00:22:42,130
People that are not here,

543
00:22:42,130 --> 00:22:44,700
they don't have their voice
and they can't really

544
00:22:44,700 --> 00:22:46,340
give there story.

545
00:22:46,340 --> 00:22:51,100
But there are stories about persons
depending on medical devices

546
00:22:51,100 --> 00:22:54,240
dying because their
device malfunctioned.

547
00:22:54,240 --> 00:22:57,830
E: There's even some
great research

548
00:22:57,830 --> 00:23:01,940
from academics about
how the user interface design

549
00:23:01,940 --> 00:23:05,100
of medical devices can have
an impact on patients safety

550
00:23:05,100 --> 00:23:07,399
and how designing UX

551
00:23:07,399 --> 00:23:10,139
much more clearly
and concisely

552
00:23:10,139 --> 00:23:11,840
specifically for the
medical profession

553
00:23:11,840 --> 00:23:17,809
might improve
the care of patients.

554
00:23:17,809 --> 00:23:19,889
Do you wanna say more
about this slide or should we

555
00:23:19,889 --> 00:23:22,370
go on to the previous work,
should we... go ahead!

556
00:23:22,370 --> 00:23:25,190
M: Yeah, I think it's really
important also to...

557
00:23:25,190 --> 00:23:27,639
the issue of trusting the vendors.

558
00:23:27,639 --> 00:23:31,480
So, as a patient I'm
expected to just, you know,

559
00:23:31,480 --> 00:23:34,720
trust, that my device
is working correctly,

560
00:23:34,720 --> 00:23:38,860
every security vulnerability
has been corrected by the vendor

561
00:23:38,860 --> 00:23:39,650
and it's safe.

562
00:23:39,650 --> 00:23:42,659
But I want to have more
third party testing,

563
00:23:42,659 --> 00:23:48,210
I want to have more security
research on medical implants.

564
00:23:48,210 --> 00:23:52,379
And as a lot things, like ...
history has shown

565
00:23:52,379 --> 00:23:57,580
we can't always trust that
the vendors do the right thing.

566
00:23:57,580 --> 00:24:00,179
E: I think this is a good
opportunity for us to ask

567
00:24:00,179 --> 00:24:03,279
a very fun question, which is:

568
00:24:03,279 --> 00:24:05,700
Any fans of DMCA in the room?

569
00:24:05,700 --> 00:24:08,330
<i>laughter</i>

570
00:24:08,330 --> 00:24:09,379
No? No fans? Alright.

571
00:24:09,379 --> 00:24:12,779
Well, you then you'll really enjoy this.

572
00:24:12,779 --> 00:24:17,129
Marie has some very exciting news
about DMCA exemptions.

573
00:24:17,129 --> 00:24:21,350
M: Yeah, so... October, this year

574
00:24:21,350 --> 00:24:27,909
there was a ruling of
an DMCA exemption for

575
00:24:27,909 --> 00:24:30,710
security research
on medical devices

576
00:24:30,710 --> 00:24:33,529
also for automotive security research.

577
00:24:33,529 --> 00:24:34,860
So, this means, that

578
00:24:34,860 --> 00:24:39,289
as researchers you can

579
00:24:39,289 --> 00:24:41,919
actually do reverse engineering
of medical implants

580
00:24:41,919 --> 00:24:46,169
without infringing copyright laws.

581
00:24:46,169 --> 00:24:48,220
It will take effect
I think October next year.

582
00:24:48,220 --> 00:24:50,710
E: Yeah.
M: That is really a big

583
00:24:50,710 --> 00:24:53,529
step forward in my opinion.

584
00:24:53,529 --> 00:24:56,009
And I hope that this will
encourage more research.

585
00:24:56,009 --> 00:24:59,649
And I also want to mention
that there are

586
00:24:59,649 --> 00:25:02,720
fellow activist patients
like myself

587
00:25:02,720 --> 00:25:06,649
that was behind that proposal
of having this exemptions.

588
00:25:06,649 --> 00:25:11,529
So, Jay Radcliff who hacked
his own insulin pump,

589
00:25:11,529 --> 00:25:16,299
Karen Sandler, who is a free and
open software advocat.

590
00:25:16,299 --> 00:25:21,190
And Hugo Campos, who has
an ICD implant, he is very ...

591
00:25:21,190 --> 00:25:24,580
he wants to have access
to his own data

592
00:25:24,580 --> 00:25:27,669
for quantified self reasons.

593
00:25:27,669 --> 00:25:31,210
So this patients,
they actually

594
00:25:31,210 --> 00:25:36,409
made this happen,
that you're allowed to do

595
00:25:36,409 --> 00:25:38,870
security research
on medical devices.

596
00:25:38,870 --> 00:25:40,859
I think that's really great.

597
00:25:40,859 --> 00:25:48,029
<i>applause</i>

598
00:25:48,029 --> 00:25:51,639
E: Do you wanna say something
about Scott Erven's presentation

599
00:25:51,639 --> 00:25:52,419
that you saw at DEF CON?

600
00:25:52,419 --> 00:25:54,419
M: Yeah, that was a really
interesting presentation about

601
00:25:54,419 --> 00:25:59,899
how medical devices have
really poor security.

602
00:25:59,899 --> 00:26:02,399
And they have, like,
hard coded credentials,

603
00:26:02,399 --> 00:26:06,059
and you can find them
using Shodan on the internet.

604
00:26:06,059 --> 00:26:09,500
This were not pacemakers,
but other types of

605
00:26:09,500 --> 00:26:10,809
different medical devices.

606
00:26:10,809 --> 00:26:17,029
There are, like, hospital networks
that are completely open

607
00:26:17,029 --> 00:26:20,799
and you can access
the medical equipment

608
00:26:20,799 --> 00:26:26,240
using default passwords that
you can find in the manuals.

609
00:26:26,240 --> 00:26:27,240
And the vendors claim that

610
00:26:27,240 --> 00:26:30,159
no, these are not hard coded,
these are default,

611
00:26:30,159 --> 00:26:33,809
but then the manuals say:
Do not change this password...

612
00:26:33,809 --> 00:26:37,269
E: Because they want to
integrate with other stuff, right? So...

613
00:26:37,269 --> 00:26:40,950
I've heard that excuse from SCADA,
so I wasn't having it.

614
00:26:40,950 --> 00:26:43,759
M: They also put up some
medical device honeypots

615
00:26:43,759 --> 00:26:48,889
to see if there were
targeted hacking attempts

616
00:26:48,889 --> 00:26:55,009
but they only picked up regular malware
on them, which is also ...

617
00:26:55,009 --> 00:26:57,309
E: Only!
M: ... of course of a concern <i>laughing</i>

618
00:26:57,309 --> 00:27:01,389
E: Anything else,
about prior art, Kevin?

619
00:27:01,389 --> 00:27:04,889
M: I guess we should mention
that the academic research

620
00:27:04,889 --> 00:27:08,019
on hacking pacemakers,
which was started by

621
00:27:08,019 --> 00:27:11,090
a group led by Kevin Fu

622
00:27:11,090 --> 00:27:13,840
and they had this
first paper in 2008

623
00:27:13,840 --> 00:27:15,210
that they also followed up
with more academic research

624
00:27:15,210 --> 00:27:17,909
and they showed that it's
possible to hack a pacemaker.

625
00:27:17,909 --> 00:27:21,220
They showed that...
this was possible on a, like

626
00:27:21,220 --> 00:27:23,460
a couple of centimeters
distance only,

627
00:27:23,460 --> 00:27:28,289
so, like, the attack scenario
would be, if you have a

628
00:27:28,289 --> 00:27:30,330
device similar to the
programmers device

629
00:27:30,330 --> 00:27:33,610
and you attack me with it
you can <i>laughing</i>

630
00:27:33,610 --> 00:27:34,289
turn off my pacemaker.

631
00:27:34,289 --> 00:27:36,019
That's not really scary,

632
00:27:36,019 --> 00:27:39,840
but then we have the research
by Barnaby Jack

633
00:27:39,840 --> 00:27:45,529
where this range of the attack
is extended to several meters

634
00:27:45,529 --> 00:27:48,549
so you have someone with
an antenna in a room

635
00:27:48,549 --> 00:27:51,360
scanning for pacemakers

636
00:27:51,360 --> 00:27:54,059
and starting to program them.

637
00:27:54,059 --> 00:28:00,210
E: We have a saying
at Cambridge about that.

638
00:28:00,210 --> 00:28:01,929
Some of the other people at the
university have been doing attacks

639
00:28:01,929 --> 00:28:04,799
a lot longer than I have, and
one of the things they say is:

640
00:28:04,799 --> 00:28:07,059
'Attacks only get worse,
they never get better.'

641
00:28:07,059 --> 00:28:11,169
So, the range might be short one year,
then a couple of years later it's worse.

642
00:28:11,169 --> 00:28:15,889
M: The worst case scenario
I think would be remotely,

643
00:28:15,889 --> 00:28:19,549
via the internet being able to
hack pacemakers.

644
00:28:19,549 --> 00:28:24,490
but there's no research so far
indicating that that's possible.

645
00:28:24,490 --> 00:28:26,970
E: And we don't wanna
hype that up. We don't wanna...

646
00:28:26,970 --> 00:28:28,929
M: No.
E: ... get that kind of an angle

647
00:28:28,929 --> 00:28:31,720
on this talk. We wanna make the
point that hacking can save lives,

648
00:28:31,720 --> 00:28:38,779
that hackers are global citizen's
resource to save lives, right? So...

649
00:28:38,779 --> 00:28:45,200
M: Yeah, so, this is the result
of hacking of the drug infusion pumps.

650
00:28:45,200 --> 00:28:48,659
Earlier this year

651
00:28:48,659 --> 00:28:55,190
the FDA actually issued the first ever
recall of a medical device

652
00:28:55,190 --> 00:28:57,730
based on cyber security concerns.

653
00:28:57,730 --> 00:29:02,190
E: I think that's amazing, right?
They've recalled products

654
00:29:02,190 --> 00:29:05,509
because of cyber security concerns. They
used to have to wait until someone died.

655
00:29:05,509 --> 00:29:09,840
In fact, they had to show
something like 500 deaths

656
00:29:09,840 --> 00:29:13,360
before you could recall a product.
So now they can ...

657
00:29:13,360 --> 00:29:16,080
the FDA, at least in the US,
they can recall products

658
00:29:16,080 --> 00:29:18,570
just based on security
considerations.

659
00:29:18,570 --> 00:29:20,519
M: So, this is also,

660
00:29:20,519 --> 00:29:26,730
I guess the first example
of that type of pro-active

661
00:29:26,730 --> 00:29:29,450
security research,
where you can

662
00:29:29,450 --> 00:29:33,049
make a proof of concept
without killing any patients

663
00:29:33,049 --> 00:29:36,740
and then that closes
the security holes.

664
00:29:36,740 --> 00:29:38,240
And that potentially
saves lives.

665
00:29:38,240 --> 00:29:41,169
And no one has been hurt
in the research.

666
00:29:41,169 --> 00:29:42,110
I think that's great.

667
00:29:42,110 --> 00:29:45,019
E: I'm also really excited
because we give a lot of presentations

668
00:29:45,019 --> 00:29:48,610
about security that are filled with
doom and gloom and depression,

669
00:29:48,610 --> 00:29:52,190
so it's nice to have two major victories
in medical device research

670
00:29:52,190 --> 00:29:54,610
in the last few years.
One being the DMCA exemptions

671
00:29:54,610 --> 00:29:57,299
and the other being
actual product recalls.

672
00:29:57,299 --> 00:30:01,879
M: Yeah, and the FDA are starting
to take these issues seriously and

673
00:30:01,879 --> 00:30:05,700
they are really focusing on the cyber
security of medical implants now.

674
00:30:05,700 --> 00:30:09,980
I'm going to go to a workshop
arranged by the FDA in January

675
00:30:09,980 --> 00:30:15,639
and participate on a panel discussing
cyber security of medical implants.

676
00:30:15,639 --> 00:30:18,789
And it's great to have this
type of interaction between

677
00:30:18,789 --> 00:30:23,269
the security committee, medical
device vendors and the regulators.

678
00:30:23,269 --> 00:30:24,950
So, things are happening.

679
00:30:24,950 --> 00:30:26,820
E: Yeah. How do you feel
as an audience,

680
00:30:26,820 --> 00:30:29,759
are you glad that she's going to be
your representative in Washington

681
00:30:29,759 --> 00:30:31,749
for some of these issues?

682
00:30:31,749 --> 00:30:38,679
<i>applause</i>

683
00:30:38,679 --> 00:30:41,330
And we want you to get
involved as well, right?

684
00:30:41,330 --> 00:30:44,950
This is not just about Marie
and myself and the other people

685
00:30:44,950 --> 00:30:47,499
who worked on this
project, it's meant say

686
00:30:47,499 --> 00:30:50,200
you too can do this research.
And you should be.

687
00:30:50,200 --> 00:30:53,499
You have to be a little sensitive,
a little bit precise and articulate

688
00:30:53,499 --> 00:30:55,029
about concerns.

689
00:30:55,029 --> 00:30:58,509
We take some inspiration from the
former research around hygiene.

690
00:30:58,509 --> 00:31:01,419
Imagine the first time some scientist
went to some other scientist and said

691
00:31:01,419 --> 00:31:04,960
'There is this invisible stuff,
and it's on your hands,

692
00:31:04,960 --> 00:31:07,210
and if you don't wash your hands
people get infections!'

693
00:31:07,210 --> 00:31:08,240
And everyone thought
they were crazy.

694
00:31:08,240 --> 00:31:12,049
Well, it's kind of the same with us
talking about industrial systems

695
00:31:12,049 --> 00:31:15,840
or talking about medical devices
or talking about hacking in general.

696
00:31:15,840 --> 00:31:18,200
People just didn't, sort of,
believe it was possible at first.

697
00:31:18,200 --> 00:31:21,019
And so we have to articulate ourselves
very, very carefully.

698
00:31:21,019 --> 00:31:25,200
So, we draw inspiration from
that early hygiene movement

699
00:31:25,200 --> 00:31:28,730
where they had a couple simple rules
that started to save people's lives

700
00:31:28,730 --> 00:31:31,529
while they explained germ theory
to the masses.

701
00:31:31,529 --> 00:31:38,139
M: Yeah, so, this type of research
is kind of low hanging fruits

702
00:31:38,139 --> 00:31:41,149
where you just, so...

703
00:31:41,149 --> 00:31:46,320
what we show here is an example,

704
00:31:46,320 --> 00:31:50,440
where there's a lot of medical
device networks in hospitals

705
00:31:50,440 --> 00:31:53,720
that are open to the internet
and that can get infected

706
00:31:53,720 --> 00:31:59,429
by normal type of malware,
like banking trojans or whatever.

707
00:31:59,429 --> 00:32:03,200
And this is potentially a safety issue.

708
00:32:03,200 --> 00:32:08,460
So, if your MR scanner or some other

709
00:32:08,460 --> 00:32:12,970
more life-critical device
is being unavailable because of

710
00:32:12,970 --> 00:32:16,919
a virus on it,

711
00:32:16,919 --> 00:32:21,360
that's a real concern for patient
security and safety.

712
00:32:21,360 --> 00:32:26,419
So we need to think more about
the hygiene also in terms of

713
00:32:26,419 --> 00:32:29,860
computer viruses, not only
just normal viruses.

714
00:32:29,860 --> 00:32:33,129
E: Yeah. So, you know, some
times people will treat you like

715
00:32:33,129 --> 00:32:35,639
this is an entirely theoretical
concern, but

716
00:32:35,639 --> 00:32:39,379
I think this is one of the best
illustrations that we've found

717
00:32:39,379 --> 00:32:42,210
of how that should
be a concern,

718
00:32:42,210 --> 00:32:43,740
and I think all of you will get it,

719
00:32:43,740 --> 00:32:47,320
but I wanna give you a moment to kind of
read what's about to come up on the slides.

720
00:32:47,320 --> 00:32:59,200
So I'll just let you enjoy
that for a moment.

721
00:32:59,200 --> 00:33:02,009
So if it's not clear or it's not your
first language or something,

722
00:33:02,009 --> 00:33:07,659
this guy basically sharded patient data
across a bunch of amazon clusters.

723
00:33:07,659 --> 00:33:11,309
And then it was unavailable.
And they were very concerned

724
00:33:11,309 --> 00:33:14,029
about the unavailability of their
costumer patient data

725
00:33:14,029 --> 00:33:17,629
sharded across amazon instances.

726
00:33:17,629 --> 00:33:23,289
He was complaining to support, like
'Can I get support to fix this?' <i>laughing</i>

727
00:33:23,289 --> 00:33:27,149
M: So, all the data of the ...

728
00:33:27,149 --> 00:33:31,580
... the monitoring data of the cardiac
patients is unavailable to them

729
00:33:31,580 --> 00:33:35,129
because of the service
being downed.

730
00:33:35,129 --> 00:33:43,060
And, well, do you want to outsource your
patient's safety to the cloud? Really?

731
00:33:43,060 --> 00:33:45,360
I don't want that.
Okay.

732
00:33:45,360 --> 00:33:50,039
E: I wanna get into some other details.
We have sort of 10 min left if we can ...

733
00:33:50,039 --> 00:33:53,179
so we can have a lot of questions,
and I'm sure there will be some.

734
00:33:53,179 --> 00:33:57,990
But I want you to talk to them about
this very personal story.

735
00:33:57,990 --> 00:34:00,769
This is... Remember before, when we
said, is this stuff theoretical?

736
00:34:00,769 --> 00:34:02,299
I want you to pay a lot of
attention to this story.

737
00:34:02,299 --> 00:34:04,299
It really moved me
when she first told me.

738
00:34:04,299 --> 00:34:08,650
M: I know how it feels to have
my body controlled by a device

739
00:34:08,650 --> 00:34:12,360
that is not working correctly.

740
00:34:12,360 --> 00:34:18,429
So, I think it was around 2 or 3
weeks after I had the surgery.

741
00:34:18,429 --> 00:34:19,480
I felt fine.

742
00:34:19,480 --> 00:34:23,409
But I hadn't really done
any exercise yet.

743
00:34:23,409 --> 00:34:28,090
The surgery was pretty easy,
I only had 2 weeks sick leave

744
00:34:28,090 --> 00:34:29,730
and then I came back to work

745
00:34:29,730 --> 00:34:30,960
and I went to London

746
00:34:30,960 --> 00:34:35,449
to participate in a course
in ethical hacking and

747
00:34:35,449 --> 00:34:39,770
I did take the London Underground
together with some of my colleges

748
00:34:39,770 --> 00:34:42,840
and we went of at this station
at Covent Garden

749
00:34:42,840 --> 00:34:46,050
And I don't know if you
have been there but

750
00:34:46,050 --> 00:34:49,100
that particular station is
really low underground.

751
00:34:49,100 --> 00:34:51,980
They have elevators that you
can use to get up,

752
00:34:51,980 --> 00:34:55,139
but usually there are, like,
long queues to the elevators...

753
00:34:55,139 --> 00:34:57,050
E: You always have to do
things the hard way, right?

754
00:34:57,050 --> 00:34:58,120
M: You had to take the stairs, or

755
00:34:58,120 --> 00:35:00,830
they were just heading for the stairs
and I was following them and

756
00:35:00,830 --> 00:35:05,700
we were starting to climb the stairs and
I didn't read this warning sign, which is:

757
00:35:05,700 --> 00:35:09,850
'Those with luggage, pushchairs & heart
conditions, please use the lift' <i>laughing</i>

758
00:35:09,850 --> 00:35:11,610
Because I was feeling fine,

759
00:35:11,610 --> 00:35:15,570
and this was the first time that I
figured out there's something wrong

760
00:35:15,570 --> 00:35:17,860
with my pacemaker or with my heart.

761
00:35:17,860 --> 00:35:20,330
Because I came like
half way up this stairs

762
00:35:20,330 --> 00:35:23,120
and I felt like I was going to die.

763
00:35:23,120 --> 00:35:24,610
It was a really horrible feeling.

764
00:35:24,610 --> 00:35:26,430
I didn't have any more breath left,

765
00:35:26,430 --> 00:35:30,740
I felt like I wasn't able
to complete the stairs.

766
00:35:30,740 --> 00:35:33,650
I didn't know what was
happening to me, but

767
00:35:33,650 --> 00:35:37,440
somehow I managed to
drag myself up the stairs

768
00:35:37,440 --> 00:35:38,700
and my heart was really...

769
00:35:38,700 --> 00:35:40,830
it didn't feel right.

770
00:35:40,830 --> 00:35:45,040
So, first thing when I came
back from this course

771
00:35:45,040 --> 00:35:46,250
I went to my doctor

772
00:35:46,250 --> 00:35:49,230
and we started to try
debug me, tried to find out

773
00:35:49,230 --> 00:35:51,670
what was wrong with my pacemaker.

774
00:35:51,670 --> 00:35:54,610
And this is how that looks like.
E: <i>laughing</i>

775
00:35:54,610 --> 00:35:58,370
M: So, there's a stack
of different programmers

776
00:35:58,370 --> 00:36:02,410
- this is not me by the way, but it's
a very similar situation.

777
00:36:02,410 --> 00:36:04,130
E: And we'll come back to those
programmers in a moment.

778
00:36:04,130 --> 00:36:05,180
M: Yeah.
E: But the bit I want you

779
00:36:05,180 --> 00:36:08,930
to focus on is, like, they're
debugging your pacemaker?

780
00:36:08,930 --> 00:36:11,730
Inside you?
M: Yeah, I didn't know

781
00:36:11,730 --> 00:36:12,890
what was happening
at the time.

782
00:36:12,890 --> 00:36:15,260
We were just trying to
get the settings right

783
00:36:15,260 --> 00:36:19,030
and it took like 2 or 3 months before
we figured out what was wrong.

784
00:36:19,030 --> 00:36:23,860
And what happened was, that my
operate limit was set to low for me,

785
00:36:23,860 --> 00:36:29,930
for my age. So, the normal pacemaker
patient is maybe around 80 years old

786
00:36:29,930 --> 00:36:34,050
and the default operate
limit was 160 beats/min.

787
00:36:34,050 --> 00:36:36,750
And that's pretty low for
a young person.

788
00:36:36,750 --> 00:36:40,420
E: So, imagine, like, you're younger
and you're really fit and you know

789
00:36:40,420 --> 00:36:43,930
how to do something really well,
like swimming or skiing or skateboarding

790
00:36:43,930 --> 00:36:47,180
or whatever. You're fantastic at it.
And then a couple years go past

791
00:36:47,180 --> 00:36:49,870
and you know, you gain some weight
and you're not as good at it, right?

792
00:36:49,870 --> 00:36:53,040
But now imagine that
happens in 3 seconds.

793
00:36:53,040 --> 00:36:54,580
While you're walking
up a set of stairs.

794
00:36:54,580 --> 00:36:57,470
M: So, what happens is that
the pacemaker detects

795
00:36:57,470 --> 00:37:01,570
'Oh, you have a really high pulse'.
And there's a safety mechanism

796
00:37:01,570 --> 00:37:04,690
that will cut your pulse in half ...
E: In half!

797
00:37:04,690 --> 00:37:07,380
<i>laughter</i>
M: <i>laughing</i> So in my case it went

798
00:37:07,380 --> 00:37:11,050
from 160 beats/min to 80 beats/min.
In a second, or less than a second,

799
00:37:11,050 --> 00:37:14,370
and that felt really, really horrible.

800
00:37:14,370 --> 00:37:16,480
And it took a long time
to figure out what was wrong.

801
00:37:16,480 --> 00:37:20,890
It wasn't until they put me on
an exercise bike and

802
00:37:20,890 --> 00:37:24,520
had me on monitoring that they
figured out what was wrong, because

803
00:37:24,520 --> 00:37:31,400
the thing was, that what was displayed
on the pacemaker technician's view

804
00:37:31,400 --> 00:37:35,730
was not the same settings that
my pacemaker actually had.

805
00:37:35,730 --> 00:37:41,340
There was a software bug in the
programmer, that caused this problem.

806
00:37:41,340 --> 00:37:45,610
E: So they thought they had updated
her settings to be that of a young person.

807
00:37:45,610 --> 00:37:47,080
They were like
'Oh, we've already changed it'.

808
00:37:47,080 --> 00:37:51,390
But they lost the view. They couldn't
see the actual state of the pacemaker.

809
00:37:51,390 --> 00:37:53,980
And the only way to figure that out
was to put her on a bike

810
00:37:53,980 --> 00:37:57,190
and let her cycle until her
heart rate was high enough.

811
00:37:57,190 --> 00:38:00,230
You know, literally physically
debugging her to figure out

812
00:38:00,230 --> 00:38:00,850
what was wrong.

813
00:38:00,850 --> 00:38:04,250
Now stop and think about whether or not
you would trust your doctor

814
00:38:04,250 --> 00:38:06,890
to debug software.

815
00:38:06,890 --> 00:38:10,800
<i>laughter</i>

816
00:38:10,800 --> 00:38:14,050
So, say a little bit more about those
programmers and then we'll move on

817
00:38:14,050 --> 00:38:14,860
towards the future.

818
00:38:14,860 --> 00:38:19,240
M: Yeah, so, we got hold of one of these
programmers, as mentioned

819
00:38:19,240 --> 00:38:20,500
and looked inside it.

820
00:38:20,500 --> 00:38:24,160
And, well, we named this talk
'Unpatchable', because

821
00:38:24,160 --> 00:38:29,930
originally my hypothesis was that,
if you find a bug in a pacemaker

822
00:38:29,930 --> 00:38:32,630
it will be hard to patch it.

823
00:38:32,630 --> 00:38:34,550
Maybe it would require surgery.

824
00:38:34,550 --> 00:38:37,370
But then when we looked
inside the programmer

825
00:38:37,370 --> 00:38:42,520
and we saw that it contained firmware
for pacemakers we realized that

826
00:38:42,520 --> 00:38:46,170
it's possible to actually patch the
pacemaker via this programmer.

827
00:38:46,170 --> 00:38:49,500
E: One of the other researchers
finds these firmware blobs inside

828
00:38:49,500 --> 00:38:53,290
the programmer code and, like,
my heart stopped at that point, right?

829
00:38:53,290 --> 00:39:00,160
I was just going 'Really, you can just
update the code on someones pacemaker?'

830
00:39:00,160 --> 00:39:01,920
We also wanna say something
about standardization.

831
00:39:01,920 --> 00:39:02,840
Look at all those
different programmers.

832
00:39:02,840 --> 00:39:05,680
Someone goes into a hospital
with one of these devices

833
00:39:05,680 --> 00:39:08,940
they have may different programmers
so they have to make an estimation

834
00:39:08,940 --> 00:39:12,730
of which... you know, which
programmer for which device.

835
00:39:12,730 --> 00:39:14,000
Like, which one are you running.

836
00:39:14,000 --> 00:39:18,070
And, so, some standardization
would be an option <i>laughing</i>

837
00:39:18,070 --> 00:39:20,410
perhaps, in this case.
M: Yeah.

838
00:39:20,410 --> 00:39:23,110
E: Alright. So, we gonna need
to move quickly through

839
00:39:23,110 --> 00:39:25,400
the next few slides to talk
to you about the future,

840
00:39:25,400 --> 00:39:28,940
but I hope that drives home that
this is a very real issue for real people.

841
00:39:28,940 --> 00:39:32,770
M: So, pacemakers are evolving and
they are getting smaller

842
00:39:32,770 --> 00:39:36,060
and this is the type of pacemaker
that you can actually implant

843
00:39:36,060 --> 00:39:37,070
inside the heart.

844
00:39:37,070 --> 00:39:42,130
So, the pacemaker I have today
is outside the heart and it has

845
00:39:42,130 --> 00:39:44,360
leads that are wired to my heart.

846
00:39:44,360 --> 00:39:50,600
But in future they are getting
smaller and more sophisticated and

847
00:39:50,600 --> 00:39:52,730
I think this is exciting!

848
00:39:52,730 --> 00:39:54,950
I think that a lot of you,
also in the audience will

849
00:39:54,950 --> 00:39:58,060
benefit from having this type of
technology when you grow older

850
00:39:58,060 --> 00:40:02,050
and we can have longer lives and
we can live more healthier lives

851
00:40:02,050 --> 00:40:04,680
because of the technology
E: And keep in mind, right?

852
00:40:04,680 --> 00:40:06,900
Some of you may already have devices
and already have this issues,

853
00:40:06,900 --> 00:40:09,550
but others of you will think 'Ah, that
won't happen to me for quite a long time'

854
00:40:09,550 --> 00:40:13,200
But it can be a sudden thing, that,
you know, you don't necessarily

855
00:40:13,200 --> 00:40:17,140
have a choice to run code
inside your body.

856
00:40:17,140 --> 00:40:21,340
Which OS do you wanna implant?
<i>laughing</i>

857
00:40:21,340 --> 00:40:25,220
You wanna tell them about the..

858
00:40:25,220 --> 00:40:27,080
M: This is also a quite exciting

859
00:40:27,080 --> 00:40:29,610
maybe future type of implants
that you can have.

860
00:40:29,610 --> 00:40:34,320
So, this is actually a cardiac sock,
it's 3D-printed and it's making

861
00:40:34,320 --> 00:40:38,370
a rabbit's heart beat outside
the body of the rabbit.

862
00:40:38,370 --> 00:40:41,270
So, there's a lot of technology
and sensors and things that

863
00:40:41,270 --> 00:40:44,170
are going to be implanted
in our bodies

864
00:40:44,170 --> 00:40:46,840
and I think more of you will become
cyborgs like me in the future

865
00:40:46,840 --> 00:40:49,800
E: And there's a lot of work
that you could be doing.

866
00:40:49,800 --> 00:40:51,400
You know, 3D-printing
this devices,

867
00:40:51,400 --> 00:40:57,110
and open sourcing as much
of this as possible.

868
00:40:57,110 --> 00:40:58,860
There's a lot to say here, right?

869
00:40:58,860 --> 00:41:02,860
I think it's time to address
the really scary issue.

870
00:41:02,860 --> 00:41:07,550
The informed consent issue
around patching, right?

871
00:41:07,550 --> 00:41:09,750
Remember earlier we were
talking about the programmers

872
00:41:09,750 --> 00:41:11,980
and we pointed out that there
were firmware blobs in there

873
00:41:11,980 --> 00:41:14,280
and that these people,
you know, your doctor or nurse

874
00:41:14,280 --> 00:41:18,950
could upgrade the code
running on your medical implant.

875
00:41:18,950 --> 00:41:23,760
Now, is there a legal requirement
for them to inform you,

876
00:41:23,760 --> 00:41:26,650
before they alter the code
that's running inside your body?

877
00:41:26,650 --> 00:41:27,490
As far as we can tell

878
00:41:27,490 --> 00:41:30,480
- and we need to look at a lot of
different countries at the same time,

879
00:41:30,480 --> 00:41:32,330
so we gonna ask you to help us -

880
00:41:32,330 --> 00:41:34,690
as far as we can tell there are not
laws requiring your doctor

881
00:41:34,690 --> 00:41:40,360
to tell you that they are upgrading
the firmware in your device.

882
00:41:40,360 --> 00:41:43,780
M: Yeah, think about that <i> laughs</i>

883
00:41:43,780 --> 00:41:44,780
It's a quite scary thing.

884
00:41:44,780 --> 00:41:48,970
I want to know what's happening
to my implant, the code,

885
00:41:48,970 --> 00:41:53,070
if someone wants to alter the code
inside my body, I would like to know

886
00:41:53,070 --> 00:41:57,250
and I would like to make
an informed decision on that

887
00:41:57,250 --> 00:41:59,470
and give my consent
before it happens.

888
00:41:59,470 --> 00:42:02,230
E: You might even choose a device
where that's possible or not possible

889
00:42:02,230 --> 00:42:05,640
because you're making a risk-based
decision and you're an informed consumer

890
00:42:05,640 --> 00:42:07,800
but how do we help people,
who don't wanna understand

891
00:42:07,800 --> 00:42:11,190
software and firmware and upgrades
make those decisions in the future as well.

892
00:42:11,190 --> 00:42:15,570
Alright.

893
00:42:15,570 --> 00:42:17,320
M: So now, if we're going to go through

894
00:42:17,320 --> 00:42:21,950
all this, but there's a lot of reasons
why we're in the situations of having

895
00:42:21,950 --> 00:42:23,870
insecure medical devices.

896
00:42:23,870 --> 00:42:29,040
There's a lot of legacy technology because
there's a long lifetime of this devices

897
00:42:29,040 --> 00:42:31,910
and it takes a long time
to get them on the market.

898
00:42:31,910 --> 00:42:35,680
And they can be patched,
but in some cases

899
00:42:35,680 --> 00:42:40,790
they are not patched or there are
no software updates applied to them.

900
00:42:40,790 --> 00:42:48,030
We don't have any third party
security testing of the devices,

901
00:42:48,030 --> 00:42:49,490
and that's really needed in my opinion.

902
00:42:49,490 --> 00:42:50,770
E: Right, an underwriters laboratory

903
00:42:50,770 --> 00:42:55,190
or consumer laboratory that's there
to check some of these details.

904
00:42:55,190 --> 00:42:58,590
And I don't think that's unreasonable,
right? That sort of approach.

905
00:42:58,590 --> 00:43:02,040
M: And there's a lack of regulations,
also. So there's a lot of things

906
00:43:02,040 --> 00:43:04,610
that should be worked on.

907
00:43:04,610 --> 00:43:07,270
E: So, there's a lot of
ways to solve this

908
00:43:07,270 --> 00:43:09,640
and we're not gonna give you
<i>the</i> answer, because we're not

909
00:43:09,640 --> 00:43:13,420
geniuses, so we're
gonna say that

910
00:43:13,420 --> 00:43:16,370
these are some different
approaches that we see all

911
00:43:16,370 --> 00:43:19,700
playing in a solution space.

912
00:43:19,700 --> 00:43:22,270
So, vendor awareness is
obviously important, but

913
00:43:22,270 --> 00:43:23,950
that's not the only thing.
A lot of the vendors have been

914
00:43:23,950 --> 00:43:27,890
very supportive and
very open to discussion,

915
00:43:27,890 --> 00:43:31,750
of transparency, that needs to
happen more in the future, right?

916
00:43:31,750 --> 00:43:34,390
Security risk monitoring,
I've been working in the field

917
00:43:34,390 --> 00:43:38,600
of cyber insurance, which I'm sure
sounds like insanity to the rest of you,

918
00:43:38,600 --> 00:43:42,880
and it is, there are bad days.
But that could play a part

919
00:43:42,880 --> 00:43:45,530
in this risk equation in the future.

920
00:43:45,530 --> 00:43:49,710
What about medical incidence response,
right? Or medical device forensics.

921
00:43:49,710 --> 00:43:53,660
M: If I suddenly drop dead
I really would like to have

922
00:43:53,660 --> 00:43:57,160
a forensic analysis
of my pacemaker, to ...

923
00:43:57,160 --> 00:44:00,960
E: Please remember that, all of you!
Like, if anything is going to happen

924
00:44:00,960 --> 00:44:04,660
to Marie... everyone asked that, right?
Like, 'Aren't you afraid of giving this talk?'

925
00:44:04,660 --> 00:44:06,950
And we thought about it,
we talked about it a lot and

926
00:44:06,950 --> 00:44:09,500
she's got a lot of support
from her husband and her son

927
00:44:09,500 --> 00:44:12,880
and her family and a bunch of us.
If anything happens to this woman

928
00:44:12,880 --> 00:44:15,380
I hope that we will all be doing
forensic analysis

929
00:44:15,380 --> 00:44:17,110
of everything.

930
00:44:17,110 --> 00:44:24,580
<i>applause</i>

931
00:44:24,580 --> 00:44:32,470
Cool. So, we'll say a little bit about
'I Am The Cavalry' and social contract

932
00:44:32,470 --> 00:44:34,590
and then we'll wrap it up, okay?

933
00:44:34,590 --> 00:44:37,840
So, 'I Am The Cavalry' does
a lot of grassroots research

934
00:44:37,840 --> 00:44:41,450
and support and lobbying and
tries to articulate these messages.

935
00:44:41,450 --> 00:44:44,230
They have a medical implant
arm that has a bunch of

936
00:44:44,230 --> 00:44:46,350
different researchers doing
this kind of stuff.

937
00:44:46,350 --> 00:44:48,580
Do you wanna say more about them?

938
00:44:48,580 --> 00:44:52,430
M: Yeah, so we are both
part of the Cavalry,

939
00:44:52,430 --> 00:44:56,000
because no one is coming
to save us from the future

940
00:44:56,000 --> 00:44:59,840
of being more depended on
trusting our lives on machines

941
00:44:59,840 --> 00:45:04,390
so, that's why we need to step up
and do the research and

942
00:45:04,390 --> 00:45:06,550
encourage and inspire the research.

943
00:45:06,550 --> 00:45:09,460
So, that's why I joined
'I Am The Cavalry'

944
00:45:09,460 --> 00:45:12,750
and I think it's a
good thing to have

945
00:45:12,750 --> 00:45:15,660
a collaboration effort between
researchers, between the vendors

946
00:45:15,660 --> 00:45:21,060
and the regulators, as they are,
or we are working with.

947
00:45:21,060 --> 00:45:25,010
E: We also think that even if you
don't do reverse engineering

948
00:45:25,010 --> 00:45:28,040
or you're not interested in
security details or the opcodes

949
00:45:28,040 --> 00:45:30,130
that are inside the firmwares
or whatever,

950
00:45:30,130 --> 00:45:33,060
this question is a question that
any of you here can talk about

951
00:45:33,060 --> 00:45:36,310
for the rest of the congress and
going forward into the future.

952
00:45:36,310 --> 00:45:37,240
Right?

953
00:45:37,240 --> 00:45:39,990
This is Marie's, so go ahead.

954
00:45:39,990 --> 00:45:47,820
M: Yeah, so, I really want to know
what code is running inside my body.

955
00:45:47,820 --> 00:45:49,030
And I want to know ...

956
00:45:49,030 --> 00:45:55,390
or I want to have a social contract
with my medical doctors and

957
00:45:55,390 --> 00:45:58,780
my physician that is giving me
this implants.

958
00:45:58,780 --> 00:46:05,570
It needs to be based on a
patient-to-doctor trust relationship.

959
00:46:05,570 --> 00:46:08,620
And also between
me and the vendors.

960
00:46:08,620 --> 00:46:13,210
So I really want to know that
I can trust this machine inside...

961
00:46:13,210 --> 00:46:15,510
E: And we think many of you will
be facing similar questions

962
00:46:15,510 --> 00:46:17,000
to these in the future.

963
00:46:17,000 --> 00:46:20,240
I have questions.
Some of my questions are serious,

964
00:46:20,240 --> 00:46:25,260
some of my questions are
not serious, like this one:

965
00:46:25,260 --> 00:46:27,770
Is the code on your dress
from your pacemaker?

966
00:46:27,770 --> 00:46:31,660
M: No, actually it's from the
computer game 'Doom'.

967
00:46:31,660 --> 00:46:33,090
But ...
<i>laughter</i>

968
00:46:33,090 --> 00:46:36,180
once I have the <i>laughing</i>
code of my pacemaker

969
00:46:36,180 --> 00:46:38,790
I'm going to make a custom-
ordered dress and get it...

970
00:46:38,790 --> 00:46:44,970
E: Which is pretty cool, right?
M: ... get it with my own code.

971
00:46:44,970 --> 00:46:48,710
<i>applause</i>

972
00:46:48,710 --> 00:46:53,710
So, let's wrap up with... what we
want to have of future research.

973
00:46:53,710 --> 00:46:57,190
So, we encourage more research,
and these are some things that

974
00:46:57,190 --> 00:46:59,220
could be looked into.

975
00:46:59,220 --> 00:47:02,970
Like open source medical devices,
that doesn't really exist,

976
00:47:02,970 --> 00:47:05,320
at least not for pacemakers.

977
00:47:05,320 --> 00:47:09,180
But I think that's one way
of going forward.

978
00:47:09,180 --> 00:47:13,710
E: I think it's also an opportunity
for us to mention a really scary idea,

979
00:47:13,710 --> 00:47:18,200
which is, you know, should anyone
have a golden key to Marie's heart,

980
00:47:18,200 --> 00:47:22,070
should there be backdoored
encryption inside of her heart?

981
00:47:22,070 --> 00:47:24,910
We think no <i>laughing</i>
but that...

982
00:47:24,910 --> 00:47:28,290
M: I don't see any reason why
the NSA should be able to

983
00:47:28,290 --> 00:47:31,130
have a back door to my heart,
do you?

984
00:47:31,130 --> 00:47:33,890
E: You would be an extremist,
that's why you don't want them

985
00:47:33,890 --> 00:47:37,380
to have a back door to your heart.
But this is a serious question, right?

986
00:47:37,380 --> 00:47:39,480
If you start backdooring
any kind of crypto anywhere,

987
00:47:39,480 --> 00:47:41,320
how do you know,
where it's gonna end up.

988
00:47:41,320 --> 00:47:46,550
It might end up in medical devices
and we think that's unacceptable.

989
00:47:46,550 --> 00:47:58,410
<i>applause</i>

990
00:47:58,410 --> 00:48:05,400
M: And we should also mention
that we're not doing this alone,

991
00:48:05,400 --> 00:48:09,280
we have other researchers
helping us forward doing this.

992
00:48:09,280 --> 00:48:12,230
Angel: So, thank you very much
for this thrilling talk,

993
00:48:12,230 --> 00:48:15,250
we're now doing a little
Q&A for 10 min,

994
00:48:15,250 --> 00:48:19,630
and for the Q&A please keep in mind
to respect Marie's privacy, so

995
00:48:19,630 --> 00:48:23,340
don't ask for details about

996
00:48:23,340 --> 00:48:24,760
the implant or
something like that.

997
00:48:24,760 --> 00:48:26,820
E: Yeah, the brands and stuff.

998
00:48:26,820 --> 00:48:29,530
We're gonna tell you, what OS
she's running.

999
00:48:29,530 --> 00:48:35,130
Angel: People, who are now leaving
the room, they will not be able

1000
00:48:35,130 --> 00:48:41,440
to come back in, because

1001
00:48:41,440 --> 00:48:43,030
of measures <i>laughing</i>
<i>laughter</i>

1002
00:48:43,030 --> 00:48:48,320
So, let's start with the Q&A!
Let's start with this microphone there.

1003
00:48:48,320 --> 00:48:54,100
Q: Hi, first of all thank you very much
for a very fascinating talk.

1004
00:48:54,100 --> 00:48:56,640
I'm not going to ask you
about specific vendors.

1005
00:48:56,640 --> 00:49:01,340
However, I thought it was very
interesting what you said, that

1006
00:49:01,340 --> 00:49:05,720
most vendors were really supportive
I would like to know whether

1007
00:49:05,720 --> 00:49:09,100
there have been
exceptions to that rule,

1008
00:49:09,100 --> 00:49:13,760
not who it was or anything like that
but what kind of arguments

1009
00:49:13,760 --> 00:49:19,270
you may have heard from vendors
e. g. have they referred to anything

1010
00:49:19,270 --> 00:49:24,220
such as trade secrets or copyright
or any other legal reasons

1011
00:49:24,220 --> 00:49:28,100
why not to give you,
or not to give public access

1012
00:49:28,100 --> 00:49:33,210
to information about devices?
Thank you.

1013
00:49:33,210 --> 00:49:41,560
E: So, we haven't had any legal
issues so far in this research.

1014
00:49:41,560 --> 00:49:44,940
And in general they haven't been
concerned about copyright.

1015
00:49:44,940 --> 00:49:47,840
I think they're more concerned
about press, bad press,

1016
00:49:47,840 --> 00:49:51,110
and a hype, you know, what
they would see as hype.

1017
00:49:51,110 --> 00:49:55,160
they don't wanna see us scaring
people away from these things

1018
00:49:55,160 --> 00:49:56,420
with, you know, these stories.

1019
00:49:56,420 --> 00:50:00,290
M: Yeah, that's also something
I'm concerned of, of course,

1020
00:50:00,290 --> 00:50:03,230
as a patient. I don't want to
scare my fellow patients

1021
00:50:03,230 --> 00:50:06,000
from having life-critical
implants in their body.

1022
00:50:06,000 --> 00:50:10,700
Because a lot of people need
them, like me, to survive.

1023
00:50:10,700 --> 00:50:15,820
So, the benefit clearly
outweighs the risk in my case.

1024
00:50:15,820 --> 00:50:18,810
E: But that seems to be their
main concern, like, you know,

1025
00:50:18,810 --> 00:50:19,760
'Don't give us too
much bad press'

1026
00:50:19,760 --> 00:50:25,200
Angel: Ok, next question
from over there.

1027
00:50:25,200 --> 00:50:31,900
Q: Hello. I wanted to ask you, if you
know about any existing initiatives

1028
00:50:31,900 --> 00:50:35,480
on open sourcing
the medical devices,

1029
00:50:35,480 --> 00:50:40,250
on mandating the open sourcing
of the software and firmware

1030
00:50:40,250 --> 00:50:43,980
through the legal system,
in European Union, in United States

1031
00:50:43,980 --> 00:50:47,760
because I think I've read
about such initiatives

1032
00:50:47,760 --> 00:50:51,050
about 1 year ago or so,
but it was just a glimpse.

1033
00:50:51,050 --> 00:50:56,170
M: So, there are some patients
that have reverse engineered their

1034
00:50:56,170 --> 00:50:57,780
<i>no audio</i>

1035
00:50:57,780 --> 00:51:04,310
(insu)lin pumps. I know, that
there are groups of patients

1036
00:51:04,310 --> 00:51:07,740
like the parents of children
with insulin pumps.

1037
00:51:07,740 --> 00:51:10,760
They have created
software to be able...

1038
00:51:10,760 --> 00:51:14,180
to have an app on their
mobile phone to be able

1039
00:51:14,180 --> 00:51:17,410
to monitor their child's
blood sugar levels.

1040
00:51:17,410 --> 00:51:21,390
So that's one way of
doing this open source

1041
00:51:21,390 --> 00:51:23,250
and I think that's great.

1042
00:51:23,250 --> 00:51:26,540
Q: But nothing
in the legal systems,

1043
00:51:26,540 --> 00:51:32,640
no initiatives to mandate this,
e.g. on European level?

1044
00:51:32,640 --> 00:51:34,480
E: Not so far that we've seen,

1045
00:51:34,480 --> 00:51:36,280
but that's something that
can be discussed now, right?

1046
00:51:36,280 --> 00:51:38,770
M: I think it's really interesting,
you could look into the legal

1047
00:51:38,770 --> 00:51:41,760
aspects and the regulations
around this, yeah.

1048
00:51:41,760 --> 00:51:43,050
Q: Thank you.

1049
00:51:43,050 --> 00:51:45,510
Angel: Ok, can we have
a question from the internet?

1050
00:51:45,510 --> 00:51:49,250
Q: Yes, from the IRC someone asks:

1051
00:51:49,250 --> 00:51:52,890
'Does your pacemaker
have a biofeedback,

1052
00:51:52,890 --> 00:51:56,300
so in case something bad
happens it starts to defibrillate?

1053
00:51:56,300 --> 00:52:02,920
M: No, I don't have an ICD,
so in my case I'm not getting a shock

1054
00:52:02,920 --> 00:52:06,380
in case my heart stops.
Because I have a different condition

1055
00:52:06,380 --> 00:52:08,620
I only need to have
my rhythm corrected.

1056
00:52:08,620 --> 00:52:11,230
But there are other
types of conditions,

1057
00:52:11,230 --> 00:52:14,420
that require pacemakers
that can deliver shocks.

1058
00:52:14,420 --> 00:52:18,130
Angel: Ok, one question
from that microphone there.

1059
00:52:18,130 --> 00:52:20,220
Q: Thank you very much.
At one point you mentioned

1060
00:52:20,220 --> 00:52:24,870
that the connectivity in you
pacemaker is off. For now.

1061
00:52:24,870 --> 00:52:28,900
And, is that something, that patients
are asked during the process,

1062
00:52:28,900 --> 00:52:32,170
or is that something,
patients have to require?

1063
00:52:32,170 --> 00:52:35,530
And generally: What role
do you see for the choice

1064
00:52:35,530 --> 00:52:39,430
not to have any connectivity
or any security for that matter,

1065
00:52:39,430 --> 00:52:41,870
that technology would
make available to you?

1066
00:52:41,870 --> 00:52:47,120
So, how do you see the possibility
to choose a more risky life

1067
00:52:47,120 --> 00:52:49,640
in terms of trading in
for privacy, whatever?

1068
00:52:49,640 --> 00:52:52,310
M: Yeah, I think that's
really a relevant question.

1069
00:52:52,310 --> 00:52:58,130
As we mentioned
in the social contract,

1070
00:52:58,130 --> 00:53:03,640
I really would like, that the doctors
informed patients about

1071
00:53:03,640 --> 00:53:07,930
their different wireless interfaces
and that there's an informed decision

1072
00:53:07,930 --> 00:53:10,960
whether or not to switch it on.

1073
00:53:10,960 --> 00:53:14,560
So, in my case, I don't
have it switched on and ...

1074
00:53:14,560 --> 00:53:17,750
I don't need it, so there's no reason
why I need to have it switched on.

1075
00:53:17,750 --> 00:53:21,760
But then, again, why did I get
an implant that has this capability?

1076
00:53:21,760 --> 00:53:29,200
I should have had the option of
opting out of it, but I didn't get that.

1077
00:53:29,200 --> 00:53:31,980
They didn't ask me, or they
didn't inform me of that,

1078
00:53:31,980 --> 00:53:34,720
before I got the implant.
It was chosen for me.

1079
00:53:34,720 --> 00:53:40,740
And at that time I hadn't looked
into the security of medical devices,

1080
00:53:40,740 --> 00:53:43,470
and I needed to
have the implant,

1081
00:53:43,470 --> 00:53:46,200
so I couldn't really make
an informed decision.

1082
00:53:46,200 --> 00:53:49,140
A lot of patients that are,
like, older and not so...

1083
00:53:49,140 --> 00:53:55,240
that don't really understand
the technology,

1084
00:53:55,240 --> 00:54:00,040
they can't make that
informed decision, like I can.

1085
00:54:00,040 --> 00:54:02,590
So, it's really a
complex issue

1086
00:54:02,590 --> 00:54:06,480
and something that we
need to discuss more.

1087
00:54:06,480 --> 00:54:09,270
Angel: Ok, another
question from there.

1088
00:54:09,270 --> 00:54:11,490
Q: Yeah, thanks.

1089
00:54:11,490 --> 00:54:14,430
As a hacker, connected personally

1090
00:54:14,430 --> 00:54:19,290
and professionally
to the medical world:

1091
00:54:19,290 --> 00:54:25,300
How can I educate doctors,
nurses, medical people

1092
00:54:25,300 --> 00:54:30,530
about the security risks presented
by connected medical devices?

1093
00:54:30,530 --> 00:54:34,870
What can I tell them?
Do you have something

1094
00:54:34,870 --> 00:54:37,670
from your own experience
I could somehow ...

1095
00:54:37,670 --> 00:54:42,230
M: Yeah, so, the issue of
software bugs in the devices

1096
00:54:42,230 --> 00:54:48,220
I think is a real scenario
that can happen and ...

1097
00:54:48,220 --> 00:54:50,380
E: Yeah, if you can repeat
that story of debugging her,

1098
00:54:50,380 --> 00:54:53,790
like, I think, that makes the point.
And then try in adopt that

1099
00:54:53,790 --> 00:54:56,690
hygiene-metaphor that we
had before, where, you know,

1100
00:54:56,690 --> 00:54:59,560
people didn't believe in germs,
and these problems before,

1101
00:54:59,560 --> 00:55:01,990
we're in that sort of era,
and we're still figuring out

1102
00:55:01,990 --> 00:55:05,170
what the scope of potential
security and privacy problems are

1103
00:55:05,170 --> 00:55:07,440
for medical devices.
In the meantime

1104
00:55:07,440 --> 00:55:10,290
please be open to new research
on this subject, right?

1105
00:55:10,290 --> 00:55:12,330
And that story is
a fantastic illustration,

1106
00:55:12,330 --> 00:55:16,980
that we don't need evil hacker
typer, you know, bond villain,

1107
00:55:16,980 --> 00:55:22,150
we just need failure to debug
programming station, properly, right?

1108
00:55:22,150 --> 00:55:23,580
Q: Thank you very much.

1109
00:55:23,580 --> 00:55:26,150
Angel: Ok, another question
from the internet.

1110
00:55:26,150 --> 00:55:28,510
Q: Yes, from the IRC:

1111
00:55:28,510 --> 00:55:34,240
'20 years ago it was common,
that a magnet had to be placed

1112
00:55:34,240 --> 00:55:40,300
on the patients chest to activate the
pacemakers remote configuration interface.

1113
00:55:40,300 --> 00:55:42,250
Is that no longer the case today?'

1114
00:55:42,250 --> 00:55:45,910
E: It's still the case with some devices,
but not with all of them I think.

1115
00:55:45,910 --> 00:55:52,240
M: Yeah, it varies between the devices,
how they are programmed and

1116
00:55:52,240 --> 00:55:58,200
how long distance you
can be from the device.

1117
00:55:58,200 --> 00:56:02,640
Q: Thank you for the talk.
I've some medical devices

1118
00:56:02,640 --> 00:56:10,220
in myself to, an insulin pump and
sensors to measure the blood sugar levels,

1119
00:56:10,220 --> 00:56:15,640
I'm busy with hacking that and
to write the software for myself,

1120
00:56:15,640 --> 00:56:17,940
because the *** doesn't
have the software.

1121
00:56:17,940 --> 00:56:24,790
Have you ever think about it, to write
your own software for your pacemaker?

1122
00:56:24,790 --> 00:56:27,190
E: <i>laughing</i>
M: <i>laughing</i>

1123
00:56:27,190 --> 00:56:33,800
M: No, I haven't thought about
that until now. No. <i>laughing</i>

1124
00:56:33,800 --> 00:56:37,820
E: Fantastic, I think that deserves
a round of applause, though,

1125
00:56:37,820 --> 00:56:40,130
because that's exactly
what we're talking about.

1126
00:56:40,130 --> 00:56:42,340
<i>applause</i>

1127
00:56:42,340 --> 00:56:46,400
Angel: Another question
from there.

1128
00:56:46,400 --> 00:56:52,850
Q: First off, I want to say thank you
that you gave this talk, because

1129
00:56:52,850 --> 00:56:55,700
once it's quite interesting,
but it's not that talk,

1130
00:56:55,700 --> 00:56:59,870
anyone of that is effected could hold,

1131
00:56:59,870 --> 00:57:04,530
so, it takes quiet some courage and

1132
00:57:04,530 --> 00:57:06,740
I want to say thank you. So

1133
00:57:06,740 --> 00:57:12,370
<i>applause</i>

1134
00:57:12,370 --> 00:57:15,010
Secondly, thank you for giving me the

1135
00:57:15,010 --> 00:57:18,350
update. I started medical technology but

1136
00:57:18,350 --> 00:57:21,740
I finished ten years ago and I didn't work

1137
00:57:21,740 --> 00:57:22,150
in the area and it's quiet interesting to

1138
00:57:22,150 --> 00:57:24,020
see what happened in the meantime, but

1139
00:57:24,020 --> 00:57:24,800
now for my actual question:

1140
00:57:24,800 --> 00:57:28,300
You said you got devices on ebay, is it

1141
00:57:28,300 --> 00:57:29,720
possible to get the hole

1142
00:57:29,720 --> 00:57:30,980
communication chain?

1143
00:57:30,980 --> 00:57:34,680
So you can make a sandbox test or ..

1144
00:57:34,680 --> 00:57:37,810
M: Yes it's possible to get devices,

1145
00:57:37,810 --> 00:57:40,240
it's not so easy to get the pacemaker

1146
00:57:40,240 --> 00:57:42,080
itself , it's quite expensive.

1147
00:57:42,080 --> 00:57:44,130
E: And even when we get one,

1148
00:57:44,130 --> 00:57:46,310
we have some paring issues and like

1149
00:57:46,310 --> 00:57:48,020
Marie can't be in the same room , when

1150
00:57:48,020 --> 00:57:49,500
we were doing a curtain types of testing

1151
00:57:49,500 --> 00:57:52,910
and right, so that last piece is difficult

1152
00:57:52,910 --> 00:57:54,590
but the rest of the chain is pretty

1153
00:57:54,590 --> 00:57:56,230
available for the research.

1154
00:57:56,230 --> 00:57:57,460
Q: Ok, thank you.

1155
00:57:57,460 --> 00:57:59,690
Angel: So, time is running out, so we,

1156
00:57:59,690 --> 00:58:02,500
only time left for one question and from

1157
00:58:02,500 --> 00:58:03,110
there please.

1158
00:58:03,110 --> 00:58:06,340
Q: Thank you. I'm also involved in

1159
00:58:06,340 --> 00:58:09,620
software quality checks and software qs

1160
00:58:09,620 --> 00:58:13,070
here in Germany also
with medical developments

1161
00:58:13,070 --> 00:58:15,900
and as far as I know, it is the most

1162
00:58:15,900 --> 00:58:18,580
restricted area of developing products

1163
00:58:18,580 --> 00:58:21,180
I think in the world,

1164
00:58:21,180 --> 00:58:24,710
it's just easier to manipulate software

1165
00:58:24,710 --> 00:58:27,750
in a car X-source system or breaking guard

1166
00:58:27,750 --> 00:58:29,590
or something like this, where you don't

1167
00:58:29,590 --> 00:58:34,020
have to show any testing certificate or

1168
00:58:34,020 --> 00:58:35,940
something like this, the FDA is a very

1169
00:58:35,940 --> 00:58:37,980
high regulation part there.

1170
00:58:37,980 --> 00:58:41,920
Do you have the feeling that it's a

1171
00:58:41,920 --> 00:58:44,590
general issue that patients do not have

1172
00:58:44,590 --> 00:58:47,670
access to these FDA compliant tests and

1173
00:58:47,670 --> 00:58:48,800
software q-a-systems?

1174
00:58:48,800 --> 00:58:53,330
M: Yeah, I think that we should have

1175
00:58:53,330 --> 00:58:56,160
more openness and more transparency

1176
00:58:56,160 --> 00:58:58,320
about, around this issues , really.

1177
00:58:58,320 --> 00:59:01,680
E: I mean, it's fantastic you do quality

1178
00:59:01,680 --> 00:59:03,060
assurance, i used to be in quality assurance

1179
00:59:03,060 --> 00:59:06,260
at a large cooperation and I got tiered

1180
00:59:06,260 --> 00:59:08,620
and landed in strategy and pen testing and

1181
00:59:08,620 --> 00:59:10,420
then I just thought of myself as paramilitary

1182
00:59:10,420 --> 00:59:11,130
quality assurence , ..

1183
00:59:11,130 --> 00:59:15,870
now I just do it on ever I wanne test, so

1184
00:59:15,870 --> 00:59:17,790
thank you for doing q-a and keep doing it

1185
00:59:17,790 --> 00:59:19,790
and hopefull you don't have to many regulations

1186
00:59:19,790 --> 00:59:21,570
but companies sharing more of this

1187
00:59:21,570 --> 00:59:23,590
information, its really the transparency

1188
00:59:23,590 --> 00:59:25,370
and the discussion, the open dialogue

1189
00:59:25,370 --> 00:59:28,070
with patients and doctor and a vendor is

1190
00:59:28,070 --> 00:59:30,650
really what we wanna focus on and make

1191
00:59:30,650 --> 00:59:32,840
our final note ?
M: Yeah.

1192
00:59:32,840 --> 00:59:35,570
M: We see some problems already

1193
00:59:35,570 --> 00:59:37,540
the last year, the MI Undercover Group has

1194
00:59:37,540 --> 00:59:42,040
had some great progress on having good

1195
00:59:42,040 --> 00:59:46,390
discussions with the FDA and also involving

1196
00:59:46,390 --> 00:59:49,090
the medical device vendors in the discussions

1197
00:59:49,090 --> 00:59:51,440
about cyber security of medical devices

1198
00:59:51,440 --> 00:59:52,850
and implants. so thats great and I hope

1199
00:59:52,850 --> 00:59:54,800
that this will be even better the next year.

1200
00:59:54,800 --> 00:59:57,170
E: And I think you wanne to say

1201
00:59:57,170 --> 00:59:59,000
one more thing to congress before we leave

1202
00:59:59,000 --> 00:59:59,490
which is:

1203
00:59:59,490 --> 01:00:01,280
M: Hack to save lives!

1204
01:00:01,280 --> 01:00:04,709
<i>applaus</i>

1205
01:00:04,709 --> 01:00:09,428
♪ postroll music ♪

1206
01:00:09,428 --> 01:00:16,000
subtitles created by c3subtitles.de
Join, and help us!