Hackers Remotely Kill a Jeep on the Highway

[jim bell]

  From: Cathal Garvey <cathalgarvey at cathalgarvey.me>
>Without getting into the issue of whether patents encourage innovation.. 
>I do think that medical devices are a special case. If you have a heart 
>implant, that thing needs to be "unhackable", but also totally 
>verifiably safe. So there should be firmware signing, no mutable state, 
>verifiable memory safety...but the code should be open source, and if 
>need be the firmware signing key for each device (needs to be different 
>for each device!) should be accessible by a legitimate owner.

>So, no more remote-hackable heart implants, but doctors and cardiac 
>technicians can still apply critical patches and inspect the source for 
>sanity.

It should be fairly simple to protect against heart-implant hacks.  First, communication with them is probably limited to inductively-coupled signalling, at a fairly high level.  Secondly, it should be based on a two-way challenge/response system:  The external device signals a code, call it a password, to which the implant would respond with a reply, which itself includes a randomized code.  The external device reads that randomized code, processes it in some way (presumably a hash), and retransmits it to the implant.  Only if the implanted device receives what it considers the correct code, would it allow further manipulation.  Presumably, any attempt to illegitimately access such a device wouldn't be close enough to read the implant's reply signals, and thus couldn't proceed further.
"Do you have have a match?".   "No, but I have a lighter".  "Even better".   "Until they go wrong".

         Jim Bell
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4079 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150724/19d7387f/attachment-0002.txt>