A series of events happened lately that caused me to reflect on how simple it would be to kill someone by phone call… or instant message… or perhaps by simply watching a video on a computer or television, ala The Ring (or Ring/リング), where if you watch a videotape you’ll die a week after. Or maybe tuning into do KDIE, with all the death metal hits. Or perhaps less dramatically (at least for a movie ;)) because you didn’t install that latest patch on your laptop you’ll die.
As I’ve told this to people they don’t believe me at first or think I’m jesting, but really, I’m not… it revolves around two security events, one fairly recent.
First of all it’s well known you can break into cell phones remotely. Phones are really just software in the end; like any program that listens to input it can get compromised in any number of ways (most commonly by feeding it data it doesn’t expect.)
The 2nd method requires a bit of trickery. Earlier this year jerome radcliffe, a diabetic with an insulin pump installed, broke into his pump via a wireless connection (a little bit on this at http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx). By manipulating the amount of insulin that gets into his system it wouldn’t take much to expire.
A bit more than 20 million medical devices are running around the US, with more and more being put out there every day. An increasing number are being put on the wireless grid (you don’t want to have to take it out to adjust the dosage, for instance, and if they find a problem with it it might be more desirable to patch your pacemaker rather than rip it out in a recall.) And while back in the day our government carved out some space in the wireless frequency to avoid interference problems (see WMTS for more on this), assorted other problems have pushed more and more manufacturers:
Because of this, in addition to WMTS, many manufacturers have created devices that transmit data in the ISM bands such as 902-928 MHz, and, more typically, 2.4-2.5 GHz, often using IEEE 802.11 or Bluetooth radios.
So now… a simple phone call… take over your cell phone… it looks around for a target… then sends a wireless command to your artificial heart/whatever, and goodbye. The fun part (if you think such mental exercises are fun) is that you can delay the death… it’s just software and you can plant the seed for later actions, so you could call someone up and say you’ll be dead in 48 hours or something.
Targeted attacks might be the most interesting, but pretty much everything we use to interact with media these days is software, and a TV or radio broadcast that contained code to break into your TV/radio has probably already been done (maybe not, but it’s not rocket science, and it will happen; you just need to send out the right bits, and there is lots of bandwidth in the air/wires), and you could broadcast such things for a mass die off. You probably couldn’t get more than a few thousand these days, but I’m sure as time goes on and we get more and more wired up the numbers would increase.
So just be careful of that wireless toaster, it may try to kill you someday.
— d
Sorry, the comment form is closed at this time.