Radio Controlled Pacemakers Are Easily Hacked

Doctors use RF signals to adjust pacemakers so that instead of slicing a patient open, they can change the pacemakers parameters which in turn avoids unnecessary surgery. A study on security weaknesses of pacemakers (highlights) or full Report (PDF) has found that pacemakers from the main manufacturers contain security vulnerabilities that make it possible for the devices to be adjusted by anyone with a programmer and proximity. Of course, it shouldn’t be possible for anyone other than medical professionals to acquire a pacemaker programmer. The authors bought their examples on eBay.

They discovered over 8,000 known vulnerabilities in third-party libraries across four different pacemaker programmers from four manufacturers.  This highlights an industry-wide problem when it comes to security. None of the pacemaker programmers required passwords, and none of the pacemakers authenticated with the programmers. Some home pacemaker monitoring systems even included USB connections in which opens up the possibilities of introducing malware through an infected pendrive.

The programmers’ firmware update procedures were also flawed, with hard-coded credentials being very common. This allows an attacker to setup their own authentication server and upload their own firmware to the home monitoring kit. Due to the nature of the hack, the researchers are not disclosing to the public which manufacturers or devices are at fault and have redacted some information until these medical device companies can get their house in order and fix these problems.

This article only scratches the surface for an in-depth look read the full report. Let’s just hope that these medical companies take action as soon as possible and resolve these issue’s as soon as possible. This is not the first time pacemakers have been shown to be flawed.

Doubling The Capacity of Power Tool Batteries

YouTube User [Vuaeco] has come up with a novel idea, combining power tool battery packs to double the capacity.

Starting off with two slimline 2.0Ah compact battery packs, [Vuaeco] wanted a larger 4.0Ah rebuilt drill battery pack. These battery packs are different in size so it wasn’t just a case of adding in more cells in empty slots, instead he goes on to show us how to connect the batteries in parallel using some thin nickel strips. Once completed he modifies the battery casing so it fits another stack of batteries. He does this by bolting the top and bottom together with long screws, and insulating the otherwise exposed battery terminals with insulating tape. The final product isn’t as aesthetically pleasing as a real battery pack, but it looks good enough.

There are a few things we might have done differently, for instance providing some hard plastic around the insulation so should the battery get knocked in an awkward position it would still have a hard shell protecting it. Also, instead of combining the batteries together fully charged as the video suggests, we might have done the opposite approach and fully drained them, avoiding unnecessary risks. If you try this, how about giving it a 3D printed case?

Continue reading “Doubling The Capacity of Power Tool Batteries”

Blackberry Eyes Up Car Anti-Virus Market

[Reuters] reports that BlackBerry is working with at least two car manufacturers to develop a remote malware scanner for vehicles, On finding something wrong the program would then tell drivers to pull over if they were in critical danger.

The service would be able to install over-the-air patches to idle cars and is in testing phase by Aston Martin and Range Rover. The service could be active as early as next year, making BlackBerry around $10 a month per vehicle.

Since the demise of BlackBerry in the mobile phone sector, they’ve been hard at work refocusing their attention on new emerging markets. Cars are already rolling computers, and now they’re becoming more and more networked with Bluetooth and Internet connections. This obviously leaves cars open to new types of attacks as demonstrated by [Charlie Miller] and [Chris Valasek]’s hack that uncovered vulnerabilities in Jeeps and led to a U.S. recall of 1.4 million cars.

BlackBerry seem to be hedging their bets on becoming the Kingpin of vehicle anti-virus. But do our cars really belong on the Internet in the first place?

Hackaday Prize Entry: HeartyPatch

[Ashwin K Whitchurch] and [Venkatesh Bhat] Have not missed a beat entering this year’s Hackaday Prize with their possibly lifesaving gadget HeartyPatch. The project is a portable single wire ECG machine in a small footprint sporting Bluetooth Low Energy so you can use your phone or another device as an output display.

Projects like this are what the Hackaday Prize is all about, Changing the world for the better. Medical devices cost an arm and a leg so it’s always great to see medical hardware brought to the Open Source and Open Hardware scene. We can already see many uses for this project hopefully if it does what’s claimed we will be seeing these in hospitals around the world sometime soon. The project is designed around the MAX30003 single-lead ECG monitoring chip along with an ESP32 WiFi/BLE SoC to handle the wireless data transmission side of things.

We really look forward to seeing how this one turns out. Even if this doesn’t win a prize, It’s still a winner in our books even if it only goes on to help one person.

Social Engineering is on The Rise: Protect Yourself Now

As Internet security has evolved it has gotten easier to lock your systems down. Many products come out of the box pre-configured to include decent security practices, and most of the popular online services have wised up about encryption and password storage. That’s not to say that things are perfect, but as the computer systems get tougher to crack, the bad guys will focus more on the unpatchable system in the mix — the human element.

History Repeats Itself

Ever since the days of the ancient Greeks, and probably before that, social engineering has been one option to get around your enemy’s defences. We all know the old tale of Ulysses using a giant wooden horse to trick the Trojans into allowing a small army into the city of Troy. They left the horse outside the city walls after a failed five-year siege, and the Trojans brought it in. Once inside the city walls a small army climbed out in the dead of night and captured the city.

How different is it to leave a USB flash drive loaded with malware around a large company’s car park, waiting for human curiosity to take over and an employee to plug the device into a computer hooked up to the corporate network? Both the wooden horse and the USB drive trick have one thing in common, humans are not perfect and make decisions which can be irrational. Continue reading “Social Engineering is on The Rise: Protect Yourself Now”

Coke Can Fueled Power Generator

[Experimental Fun] shows us how you can create a cola power generator that runs on nothing more than cans of cola including the container and a little bit of sodium hydroxide to speed the reaction up.

This might sound a bit crazy, but it seems you can power an engine on little more than your favorite fizzy drink and the cut-up remains of an aluminum can. What happens is that aluminum and water create a chemical reaction when mixed together, which gives off hydrogen. Normally this reaction is very slow and would take years to make any noticeable marking on the aluminum, but with a little help from sodium hydroxide the reaction is sped up to such a rate that hydrogen is produced quite quickly.

The crazy contraption they created has a reaction chamber which then feeds the hydrogen through condenser then to a bubble filter made from a bottle filled with water. After that it is on through a carbon filter to get rid of any impurities, and finally it is fed directly into a two-stroke engine’s fuel line. Then engine still needs an electric start from a battery, but after that it runs directly on the hydrogen created during the reaction from the chamber.

This is quite a cool project, however you could replace the fizzy drink with water and still get the desired effect. Since the drink comes with the aluminum cans it seems like quite a good fuel though. There are other crazy fuels out the for the avid DIY hacker, but just be careful and don’t blow yourself up.

Continue reading “Coke Can Fueled Power Generator”

Yet Another IoT Botnet

[TrendMicro] are reporting that yet another IoT botnet is emerging. This new botnet had been dubbed Persirai and targets IP cameras. Most of the victims don’t even realize their camera has access to the Internet 24/7 in the first place.

Trend Micro, have found 1,000 IP cameras of different models that have been exploited by Persirai so far. There are at least another 120,000 IP cameras that the botnet could attack using the same method. The problem starts with the IP cameras exposing themselves by default on TCP Port 81 as a web server — never a great idea.

Most IP cameras use Universal Plug and Play, which allows them to open ports from inside the router and start a web server without much in the way of security checks. This paints a giant target in cyber space complete with signs asking to be exploited. After logging into a vulnerable device the attacker can perform a command injection attack which in turn points gets the camera to download further malware.

The exploit runs in memory only, so once it has been rebooted it should all be fine again until your next drive by malware download. Check your devices, because even big named companies make mistakes. IoT is turning into a battlefield. We just hope that with all these attacks, botnets, and hacks the promise of the IoT idea isn’t destroyed because of lazy coders.

Part of feature image from Wikipedia, Creative Commons license.