Nothing is secure, not even drug infusion pumps in hospitals.
You see, the Internet of Things is the rapidly arriving era when all
things are connected to each other and everything else via the Internet, from
your Nest thermostat that measures and transmits everything that’s going on
inside your house to your refrigerator that’s connected to Safeway and
automatically transmits the shopping list, to be delivered by a driverless
Internet-connected car with an Internet-connected robot that can let itself
into your house and drop off the Internet-connected groceries while
you’re at work.
Convenient? Convenient for hackers.
OK, someone hacking into your fridge and fiddling with the temperature
setting to freeze your milk is one thing…. But we already had the first
hacking and remote takeover of a car.
Researchers hacked into a Chrysler Cherokee via its Internet-connected
radio system and issued commands to its engine, steering, and brakes until it
ran into the ditch. Thankfully this exploit wasn’t published until after
Chrysler was able to work out a fix. It then recalled 1.4 million vehicles.
The “recall” was done just like the hackers had done it: via the Internet. So
if Chrysler can modify the software via the Internet, hackers can too.
That was a week ago. Today, the National Highway Traffic Safety
Administration warned that Chrysler’s supplier sold these hackable radio
systems to “a lot of other manufacturers.” NHTSA head Mark Rosekind told reporters: “A lot of our work now is trying to find out
how broad the vulnerability could be.”
Maybe better not drive your Internet-connected car for a while.
And yesterday, researchers demonstrated (video) how
hackers could exploit a security flaw in a mobile app for GM’s OnStar vehicle
communications system.
To top off the week, the Food and Drug Administration warned today that
hospitals and other healthcare facilities should stop using Hospira’s Symbiq Infusion
System, a computerized pump that continuously delivers medication into the
bloodstream because it’s vulnerable to hacking.
The FDA explained that the system communicates with a Hospital Information
System (HIS) via a wired or wireless connection. The HIS is connected to the
Internet. And thus, this pump is just one more thing on the Internet of
Things.
“We strongly encourage” hospitals to “discontinue use of these pumps,” and
do so “as soon as possible,” the FDA said.
The Department of Homeland Security’s Industrial Control Systems Cyber
Emergency Response Team (in government alphabet soup: ICS-CERT) is also
“aware” of these cybersecurity vulnerabilities.
Hospira and an independent researcher confirmed that Hospira’s Symbiq
Infusion System could be accessed remotely through a hospital’s network. This
could allow an unauthorized user to control the device and change the dosage
the pump delivers, which could lead to over- or under-infusion of critical
patient therapies.
So this could be deadly. Thank goodness, the “FDA and Hospira are
currently not aware of any patient adverse events or unauthorized access of a
Symbiq Infusion System….”
The first essential step “to reduce the risk of unauthorized system
access”: “Disconnect the affected product from the network.”
In other words, there is no fix. Hence, unplug the thing from the Internet
of Things, and then deal with the ensuing “operational impacts.”
“Cyber security” is a figment of marketing imagination. There is no such
thing as a connected device that is secure. The best security measures only
make a hacker’s job harder and more time-consuming, but not impossible.
We’ve already accepted, despite occasional outbursts, that we live in a
seamless surveillance society. But the Internet of Things goes beyond
surveillance; so this won’t be the only story of a cyber-vulnerability of a
potentially life-threatening kind. But hey, greet the Internet of Things, and
all the Silicon Valley hype and money that is sloshing around it, with open
arms. We get it. This is going to be good for us.
And there is hope. Consumers are finally “getting on with their lives” (as
Credit-Card Debt Slaves), according to Equifax. Read… This
is What We’ve Been Waiting for, the True Recovery of the American Economy