Seek And Exploit Security Vulnerabilities In An Infusion Pump

January 22, 2018 by Sven Gregori 16 Comments

Infusion pumps and other medical devices are not your typical everyday, off-the-shelf embedded system. Best case scenario, you will rarely, if ever, come across one in your life. So for wide-spread exploitation, chances are that they simply seem too exotic for anyone to bother exploring their weaknesses. Yet their impact on a person’s well-being makes potential security holes tremendously more severe in case someone decides to bother one day after all.

[Scott Gayou] is one of those someones, and he didn’t shy away from spending hundreds of hours of his free time inspecting the Smiths Medical Medfusion 4000 infusion pump for any possible security vulnerabilities. Looking at different angles for his threat model, he started with the physical handling of the device’s user interface. This allowed him to enable the external communication protocols settings, which in turn opened to the device’s FTP and Telnet ports. Not to give too much away, but he manages to gain access to both the file system content and — as a result of that — to the system’s login credentials. This alone can be clearly considered a success, but for [Scott], it merely opened a door that eventually resulted in desoldering the memory chips to reverse engineer the bootloader and firmware, and ultimately executing his own code on the device.

Understanding the implications of his discoveries, [Scott] waited long enough to publish his research so the manufacturer could address and handle these security issues. So kudos to him for fighting the good fight. And just in case the thought of someone gaining control over a machine that is crucial to your vitality doesn’t scare you enough yet, go ahead and imagine that device was actually implanted in your body.

Lamp Analysis Tells Sad Truth Behind The Marketing Hype

January 13, 2018 by Dan Maloney 57 Comments

Here in the northern hemisphere, winter has wrapped us in her monochromatic prison. A solid deck of gray clouds means you need a clock to tell the difference between night and day, and by about the first week of February, it gets to feeling like you’ll never see a blue sky again. It’s depressing, to be honest, and the lack of sunlight can even lead to a mood disorder known as SAD, or seasonal affective disorder.

SAD therapy is deceptively simple — bright full-spectrum light, and lots of it, to simulate the sun and stimulate the lizard brain within us. Not surprisingly, such lights are available commercially, but when [Justin Lam] bought one to help with his Vancouver blues, he decided to analyze the lamp’s output to determine whether the $70 he spent paid for therapy or marketing.

The initial teardown was not encouraging, with what appeared to be a standard CFL “curly fry” light with a proprietary base in a fancy plastic enclosure. With access to a spectrometer, [Justin] confirmed that not only does the SAD light have exactly the same spectrum as a regular CFL, the diffuser touted to provide “full UV protection” does so simply by attenuating the entire spectrum evenly so that the UV exposure falls below the standards. In short, he found that the lamp was $70 worth of marketing wrapped around a $1.50 CFL. Caveat emptor.

Hats off to [Justin] for revealing the truth behind the hype, and here’s hoping he finds a way to ameliorate his current SAD situation. Perhaps one of these DIY lamps will be effective without the gouging.

Henrietta Lacks And Immortal Cell Lines

January 9, 2018 by Adam Fabio 80 Comments

In early 1951, a woman named Henrietta Lacks visited the “colored ward” at Johns Hopkins hospital for a painful lump she found on her cervix. She was seen by Dr. Howard W. Jones, who indeed found a tumor growing on the surface of her cervix. He took a tissue sample, which confirmed Henrietta’s worst fears: She had cancer.

The treatment at the time was to irradiate the tumor with radium tubes placed in and around the cervix. The hope was that this would kill the cancerous cells while preserving the healthy tissue. Unbeknownst to Henrietta, a biopsy was taken during her radium procedure. Slivers of her tumor and of healthy cervix cells were cut away. The cancer cells were used as part of a research project. Then something amazing happened: the cancerous cells grew and continued to grow outside of her body.

As Henrietta herself lay dying, the HeLa immortal cell line was born. This cell line has been used in nearly every aspect of medical research since the polio vaccine. Millions owe their lives to it. Yet, Henrietta and her family never gave consent for any of this. Her family was not informed or compensated. In fact, until recently, they didn’t fully grasp exactly how Henrietta’s cells were being used.

Continue reading “Henrietta Lacks And Immortal Cell Lines” →

AI Prosthesis Is Music To Our Ears

January 8, 2018 by Lewin Day 12 Comments

Prostheses are a great help to those who have lost limbs, or who never had them in the first place. Over the past few decades there has been a great deal of research done to make these essential devices more useful, creating prostheses that are capable of movement and more accurately recreating the functions of human body parts. At Georgia Tech, they’re working on just that, with the help of AI.

[Jason Barnes] lost his arm in a work accident, which prevented him from playing the piano the way he used to. The researchers at Georgia Tech worked with him, eventually producing a prosthetic arm that, unlike most, actually has individual finger control. This is achieved through the use of an ultrasound probe, which is used to detect muscle movements elsewhere on his body, with enough detail to allow the control of individual fingers. This is done through a TensorFlow-based neural network which analyses the ultrasound data to determine which finger the user is trying to move. The use of ultrasound was the major breakthrough which made this possible; previous projects have often relied on electromyogram sensors to read muscle impulses but these lack the resolution required.

The prosthesis is nicknamed the “Skywalker arm”, after its similarities to the prostheses seen in the Star Wars films. It’s not [Jason]’s first advanced prosthetic, either – Georgia Tech has also equipped him with an advanced drumming prosthesis. This allows him to use two sticks with a single arm, the second stick using advanced AI routines to drum along with the music in the room.

It’s great to see music being used as a driver to create high-performance prosthetics and push the state of the art forward. We’re sure [Jason] enjoys performing with the new hardware, too. But perhaps you’d like to try something similar, even though you’ve got two hands already? Try this on for size.

Continue reading “AI Prosthesis Is Music To Our Ears” →

Ask Hackaday: Preserving Electronic Devices

December 20, 2017 by Dan Maloney 62 Comments

Conventional wisdom holds that we no longer make things to last for the long haul, and that we live in a disposable world. It’s understandable — after all, most of us have a cell phone in our pocket that’s no more than a year or two old, and it’s often cheaper to buy a new printer than replace the ink cartridges. But most of that disposability is driven by market forces, like new software that makes a device obsolete long before it breaks down, or the razor and blades model that makes you pay through the nose for ink. It turns out that most electronic devices are actually pretty well engineered, and as long as they’re not abused can still be operating decades down the road.

But what happens when you want to put an electromechanical device away and preserve it for a rainy day? What can you do to make sure the device will operate again a few years down the road? Are there steps one can take beyond the typical “keep it in a cool, dry place” advice? In short, how do you preserve electronic devices?

Continue reading “Ask Hackaday: Preserving Electronic Devices” →

Retractable Console Allows Wheelchair User To Get Up Close And Personal

December 15, 2017 by Dan Maloney 5 Comments

[Rhonda] has multiple sclerosis (MS), a disease that limits her ability to walk and use her arms. She and the other residents of The Boston Home, an extended care facility for people with MS and other neuromuscular diseases, rely on their wheelchairs for mobility. [Rhonda]’s chair comes with a control console that swings out of the way to allow her to come up close to tables and counters, but she has problems applying enough force to manually position it.

Sadly, [Rhonda]’s insurance doesn’t cover a commercial solution to her problem. But The Boston Home has a fully equipped shop to extend and enhance residents’ wheelchairs, and they got together with students from MIT’s Principles and Practices of Assistive Technology (PPAT) course to hack a solution that’s not only useful for [Rhonda] but should be generally applicable to other chairs. The students analyzed the problem, measured the forces needed and the clearances required, and built a prototype pantograph mount for the control console. They’ve made the device simple to replicate and kept the BOM as inexpensive as possible since patients are often out-of-pocket for enhancements like these. The video below shows a little about the problem and the solution.

Wheelchair hacks are pretty common, like the 2015 Hackaday Prize-winning Eyedrivomatic. We’ve also covered totally open-source wheelchairs, both manual and electric.

Continue reading “Retractable Console Allows Wheelchair User To Get Up Close And Personal” →

Woman Gets Diabetes, Builds Own Pancreas

December 6, 2017 by Will Sweatman 64 Comments

For the most part, when we break out the soldering iron to make a project for ourselves – we do so for fun. Sometimes we do so for necessity. Rarely do we, however, do so to save our own lives. [Dana Lewis] is one of the 30 million people in the US who suffer from diabetes. It’s a condition where the pancreas fails to make insulin, resulting in a buildup of sugar in the bloodstream. Managing the levels of insulin and sugar in their bodies is a day-to-day struggle for the millions of diabetics in the world. It’s a great deal more for [Dana], however. She sleeps with machines that monitor the glucose levels in her blood, but lives with constant worry.

“I was afraid at night because I am a super-deep, champion sleeper,” Lewis said, “I sleep through the alarms on the device that are supposed to wake me up and save my life…”

What she needed was the glucose data from the device and use it to trigger a louder alarm. It wasn’t long until she found someone who had done just this. Using a Raspberry Pi, she was able to capture the data and then alarm her via her phone. She then setup a web interface so others could see her data and call her if she didn’t wake.

The next step is obvious. Why not make the state of the insulin pump a function of the data? And thus, a sort of artificial pancreas.

The project is open source for anyone to use and improve upon. She was placed on a list for the 100 most creative people in the US for 2017. We’re not strangers to the idea of an artificial pancreas, but it’s always great to see people using things we make video game consoles out of to save lives.

Thanks to [Dave Zzzz] for the tip!