March 23, 2008
If your victim has a Pacemaker, there is an almost untraceable attack vector according to the study “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” from the universities Washington and Massachusetts.
Some pacemakers have a wireless interface to extract patient data, which the devices records. Ok that’s a information leak but not a possibility to kill someone, but it was also possible to change settings of the device like disabling the device, or the triggering current pulse of the defibrillator. And what doctor will look at the pacemaker if a human with a know heart problem died by a heart attack? Sure currently the attack range is under 30cm, but this is enough. Manufacturers are claiming that this is a theoretical attack, but I think that’s not true. It is not an attack for a common murderer, but for someone who went to the university and studied something like electrical engineering or informatics it is a valid option. You need just a crowd to come close to the victim, like in a bus/train at rush hour, a big sport event or at a party.
This shows again that more and more information technology is silently intruding into our lives without most noticing it. But the people you’re working on it are often not experts in the informatics and therefore make the same mistakes as we did some years ago in the more commonly recognized information technology. The difference is that at that time the IT was not that omnipresent and the backbone of our daily lives. IT security is not only for networks and IT departments!