A series of events happened lately that caused me to reflect on how simple it would be to kill someone by phone call\u2026 or instant message\u2026 or perhaps by simply watching a video on a computer or television, ala The Ring (or Ring\/\u30ea\u30f3\u30b0), where if you watch a videotape you’ll die a week after. \u00a0Or maybe tuning into do KDIE, with all the death metal hits. \u00a0Or perhaps less dramatically (at least for a movie ;)) because you didn’t install that latest patch on your laptop you’ll die.<\/p>\n
As I’ve told this to people they don’t believe me at first or think I’m jesting, but really, I’m not\u2026 it revolves around two security events, one fairly recent.<\/p>\n
First of all it’s well known you can break into cell phones remotely. \u00a0Phones are really just software in the end; like any program that listens to input it can get compromised in any number of ways (most commonly by feeding it data it doesn’t expect.)<\/p>\n
The 2nd method requires a bit of trickery. \u00a0 Earlier this year jerome radcliffe, a diabetic with an insulin pump installed, broke into his pump via a wireless connection (a little bit on this at\u00a0http:\/\/www.hanselman.com\/blog\/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx<\/a>). \u00a0By manipulating the amount of insulin that gets into his system it wouldn’t take much to expire.<\/p>\n A bit more than 20 million medical devices are running around the US, with more and more being put out there every day. \u00a0An increasing number are being put on the wireless grid (you don’t want to have to take it out to adjust the dosage, for instance, and if they find a problem with it it might be more desirable to patch your pacemaker rather than rip it out in a recall.) \u00a0And while back in the day our government carved out some space in the wireless frequency to avoid interference problems (see WMTS<\/a>\u00a0for more on this), assorted other problems have pushed more and more manufacturers:<\/p>\n Because of this, in addition to WMTS, many manufacturers have created devices that transmit data in the\u00a0ISM bands<\/a>\u00a0such as 902-928\u00a0MHz, and, more typically, 2.4-2.5\u00a0GHz, often using IEEE\u00a0802.11<\/a>\u00a0or\u00a0Bluetooth<\/a>\u00a0radios.<\/p>\n So now\u2026 a simple phone call\u2026 take over your cell phone\u2026 it looks around for a target\u2026 then sends a wireless command to your artificial heart\/whatever, and goodbye. \u00a0The fun part (if you think such mental exercises are fun) is that you can delay the death\u2026 it’s just software and you can plant the seed for later actions, so you could call someone up and say you’ll be dead in 48 hours or something.<\/p>\n Targeted attacks might be the most interesting, but pretty much everything we use to interact with media these days is software, and a TV or radio broadcast that contained code to break into your TV\/radio has probably already been done (maybe not, but it’s not rocket science, and it will happen; you just need to send out the right bits, and there is lots of bandwidth in the air\/wires), and you could broadcast such things for a mass die off. \u00a0You probably couldn’t get more than a few thousand these days, but I’m sure as time goes on and we get more and more wired up the numbers would increase.<\/p>\n So just be careful of that wireless toaster, it may try to kill you someday.<\/p>\n — d<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" A series of events happened lately that caused me to reflect on how simple it would be to kill someone by phone call\u2026 or instant message\u2026 or perhaps by simply watching a video on a computer or television, ala The Ring (or Ring\/\u30ea\u30f3\u30b0), where if you watch a videotape you’ll die a week after. \u00a0Or […]<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6],"tags":[99],"class_list":["post-412","post","type-post","status-publish","format-standard","hentry","category-security","category-tech","tag-landshark"],"_links":{"self":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=412"}],"version-history":[{"count":4,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/412\/revisions"}],"predecessor-version":[{"id":423,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/412\/revisions\/423"}],"wp:attachment":[{"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}