From: Cathal Garvey <cathalgarvey@cathalgarvey.me>
   >Without getting into the issue of whether patents encourage
   innovation..
   >I do think that medical devices are a special case. If you have a
   heart
   >implant, that thing needs to be "unhackable", but also totally
   >verifiably safe. So there should be firmware signing, no mutable
   state,
   >verifiable memory safety...but the code should be open source, and if
   >need be the firmware signing key for each device (needs to be
   different
   >for each device!) should be accessible by a legitimate owner.
   >So, no more remote-hackable heart implants, but doctors and cardiac
   >technicians can still apply critical patches and inspect the source
   for
   >sanity.
   It should be fairly simple to protect against heart-implant hacks.
   First, communication with them is probably limited to
   inductively-coupled signalling, at a fairly high level.  Secondly, it
   should be based on a two-way challenge/response system:  The external
   device signals a code, call it a password, to which the implant would
   respond with a reply, which itself includes a randomized code.  The
   external device reads that randomized code, processes it in some way
   (presumably a hash), and retransmits it to the implant.  Only if the
   implanted device receives what it considers the correct code, would it
   allow further manipulation.  Presumably, any attempt to illegitimately
   access such a device wouldn't be close enough to read the implant's
   reply signals, and thus couldn't proceed further.
   "Do you have have a match?".   "No, but I have a lighter".  "Even
   better".   "Until they go wrong".
            Jim Bell