by Marc Goodman
Though no known criminal attacks against IMDs have been uncovered to date, we can fully expect that Crime, Inc. will turn its attention to these devices. Indeed Europol, the European police agency, predicted that online murder via IMDs could become reality by the end of 2014. Some of these incidents may just be potentially run-of-the-mill cyber attacks, for just as a scripted botnet attack can commandeer your computer and mobile phone (and even refrigerator as we saw in the last chapter), so too may it ensnare your pacemaker. Hacked medical devices might just look like any other available IP address on the Internet of Things, and once your implanted defibrillator or diabetic pump has been infected, the spam it has been ensnared into sending might well drain the very limited and precious battery life desperately needed to regulate your heartbeat and insulin dosages, requiring surgical intervention for replacement.
Needless to say, even more sinister plots will become possible when the numbers of connected medical devices going online grow exponentially. In effect, there will be new ways to commit murder from afar by hacking insecure medical devices, ushering in the unwanted era of medical cyber crime. Though there may be no muzzle flash with a laptop, in today’s modern world it is a device that can kill all the same. Crime, Inc. will also look for ways to monetize attacks against IMDs. Just as ransomware such as CryptoLocker can destroy your computer’s hard drive or your mobile phone, rendering it unusable, it would not be unreasonable to expect similar extortion attempts against medical devices. “You have sixty minutes to transfer $10,000 in Bitcoin to this account or we will deliver an 830-volt shock to your heart.” Tick, tock, tick, tock, might go the refrain. Worse, consider the ramifications if hackers were to infiltrate the industrial control systems at the factory where implantable defibrillators were made and insert a zero-day exploit into the devices. The minute software changes might go unnoticed for months or years, until hundreds of thousands of devices had been implanted in patients around the world. Only then might Crime, Inc. strike with the first-ever critical infrastructure assault to use information technology to attack our own human biology, demanding millions in ransom to avert a global crisis. There would be no way to operate on the thousands and thousands of individuals who had a literal ticking time bomb in their chests in any reasonable time, leaving no alternative but to accede to the demands.
Given the pace of Moore’s law, we can surely expect implantable medical devices to shrink even further in size, delivering amazing clinical benefits to patients. For instance, biomedical engineers at Stanford University have even created a wireless, battery-less robotic device so small that it can swim through the bloodstream, performing diagnostics and even microsurgery. Welcome to the world of Star Trek medicine, but even these new miracle treatments may face threats from hackers, who might be able to falsify results so that drugs are released into the bloodstream when they should not be or micro-robots attack healthy tissue instead of a tumor in the case of cancer. Should ingestible and injectable computers become compromised, how would anybody know? What detectable evidence, if any, might be left behind?
When someone with an IMD passes away, the medical examiner tasked with determining the cause of death will face multiple questions: Was this an accidental death caused by an IMD malfunction? Was the device specifically targeted for criminal purposes? Or was this a suicide wherein the patient himself subverted his own IMD to end pain and suffering, hoping that his family would receive life insurance funds for his apparent natural death? As modern medicine evolves and the proliferation of IMDs increases, one vital question must be answered: When a technologically enhanced body shows up at the morgue, who will be capable of performing the autopsy? Physicians and forensic pathologists have absolutely no training in computer forensics. How, then, will they possibly be able to determine the cause of death? They won’t, and the threat we face from medical device insecurity means that in the future it may be even more possible to get away with murder.
When Steve Austin and Jaime Sommers Get a Virus
A smartphone links patients’ bodies and doctors’ computers, which in turn are connected to the Internet, which in turn is connected to any smartphone anywhere. The new devices could put the management of an individual’s internal organs in the hands of every hacker, online scammer, and digital vandal on Earth.
CHARLES C. MANN
Shortly after television audiences in the 1970s fell in love with Steve Austin, the rebuilt astronaut star of The Six Million Dollar Man, he received a female companion in the form of Jaime Sommers, the world’s first bionic woman. While both faced and defeated a variety of villains, none ever attempted to thwart the superheroes by compromising the electronics of their bionics. Why not? Perhaps because computer viruses and wireless technologies were not in the zeitgeist at the time, but as we saw with Bertolt Meyer, when your hand, leg, or arm is wirelessly controlled and online, it, like all other objects in the Internet of Things, can be targeted by hackers. Though relatively uncommon today, bionic prosthetics will grow tremendously in the coming years, particularly spurred on by the unfortunate needs of thousands of young soldiers returning from Iraq and Afghanistan who have been gravely injured in war.
In response, the Pentagon and DARPA, the Defense Advanced Research Projects Agency, have launched the Revolutionizing Prosthetics program, a $100 million investment with over three hundred scientists to completely transform the world of bionics. One such triumph has been the inventor Dean Kamen’s Luke Arm/DEKA prosthesis, whose name was inspired by Luke Skywalker’s robotic arm in Star Wars. The device is controlled by electrical signals from electrodes connected to the wearer’s muscles and is so precise its fingers can pick up a quarter lying flat on a table. Other efforts are under way as well, including MIT’s Human Bionic Project, which catalogs a “repository of every FDA-approved replacement part for amputees, to make it easier for them to find the best ways to rebuild their bodies.” Even implantable bionic organs, such as the bionic pancreas, have been created to help diabetics regulate their glucose levels, conveniently driven by an app on their smart phones that wirelessly connects to the bionic organ.
Another field of bionics that is developing rapidly is the commercialization of exoskeletons or wearable robots, such as the Ekso Bionics system, which, when worn externally, can allow those paralyzed because of stroke, spinal cord injury, or disease to actually walk again. The exoskeletal suit supports those who cannot walk and actually moves their limbs for them, smoothly allowing them to stand and ambulate. Ekso’s designs can also be used by those who are not physically impaired, providing tremendous support and strength by lightening the workload on functioning muscles, allowing soldiers, for example, to carry hundreds of pounds of weight over extended distances without tiring. Graduate students at NYU’s Interactive Telecommunications Program have even developed “an open-source API that allows you to move someone else’s arm remotely using a keyboard, a joystick or even an iPhone,” in order to help those with paralysis or limited control of their own limbs function normally. The result is nonautonomous body control, allowing others to control your own arm or leg via the Net.
Of course the future of bionics won’t merely be limited to restoring human capabilities lost to illness or injury. The much larger market opportunity will be focused on enhancing human capabilities, giving us powers we never had before and augmenting others we already have. Who wouldn’t want the superhuman powers envisioned by Iron Man’s Tony Stark? But our growing ability to transform the human body by enhancing our own biology through information technology brings with it a host of risks and ethical questions that will have to be addressed in the future. Sure, your robo-legs may get a virus and your bionic hand can be hacked, but what happens when robotic exoskeletons are available to the common man and crooks begin using the superhuman strength to rob others? Imagine the future of street gang warfare when both Crips and Bloods have access to those tools and begin battling it out on the streets of your city or when Crime, Inc. sends an exoskeleton-clad enforcer knocking on
your door to collect on that gambling debt you owe. Though those scenarios may seem fantastical, there is a long history of military technology eventually being adopted by the general public, whether it be firearms, night-vision goggles, GPS navigation, or the Internet itself. In the future, it is clear that there will be numerous ways for hackers to take advantage of present and forthcoming developments in both wearable and implantable computing. But there are other ways in which our biology is being used for identification and security purposes, and here is where the next battlefield for control of our bodies and ourselves will take place.
Identity Crisis: Hacking Biometrics
We tend to think of our face, eyes, voice, fingers, heartbeat, legs, and palms as unique elements of our own biology and anatomy that, without question, belong to us and us alone. If only it were true. Whether we realize it or not, we are sharing growing volumes of information about our physical and behavioral traits with others. These biometric identifiers are distinctive physical characteristics, the most common of which is the standard fingerprint, which police have used for more than 125 years to identify criminals.
For over a century, biometric fingerprint analysis could only be performed manually by specially trained human technicians. Times are changing, however, and rapid advances in data-processing power and sensor technology mean that computers too can now perform biometric identification. As a result, biometric systems are proliferating and becoming much more common in our everyday lives. Biometrics will fundamentally shift the way we are identified in the future. Unlike traditional forms of identification where you needed to carry something with you such as your driver’s license or passport or remember something, such as your password or PIN, biometrics are something you always have on you and never have to worry about forgetting. Biometrics are you.
Biometric identification systems use computer sensors to measure things such as the ridges on your fingerprints, the distance between features on your face, or the tone and quality of your voice. All of this information is translated into ones and zeros that can be compared, sorted, and reidentified so that your particular set of fingerprints can be matched against a database of hundreds of millions of others in mere seconds. Given their falling costs and growing capabilities, biometrics is expected to grow to a $23 billion global market by 2019, with more than 500 million biometric sensors potentially joining the Internet of Things by 2018. Biometrics will be massive, they will be everywhere, and the movement has already begun.
Today gym goers at 24 Hour Fitness locations are encouraged to use their fingerprints for identification at the chain’s clubs. Patients at New York University’s medical center needn’t carry their insurance cards anymore, because the hospital has enrolled more than 125,000 individuals in its PatientSecure system, which uses a specialized biometric scanner to measure the unique vein patterns in the palm of the hand as the primary means of identifying patients. But if hospitals can’t keep malware out of their MRI machines, why would they be any more successful in protecting your biometric information? And is it really a good idea for the staff at your local gym (whose expertise is unlikely to be in biometric security) to have access to your fingerprints?
The biometric scanners we see in Hollywood spy thrillers such as Mission Impossible all look so high-tech and capable—eye scanners, fingerprint readers, and facial-recognition systems that perfectly distinguish friend from foe. With press like this, it is easy to understand why people think biometric authentication systems are impossible to defeat. As it turns out, biometrics are not as safe or foolproof as is often thought, and a 2010 report from the National Research Council concluded that such systems are “inherently fallible.” Not only can certain biological markers be copied, but the databases where all of the biometric information is stored (the digital representations of your eyes, face, and fingers), like all other information systems, can be compromised. Risks aside, both government and the private sector are racing to wring any possible security advantage or economic benefit from the collection of your biometric details, data that can be gathered without your permission or knowledge.
The largest government biometric identity database in the world is run by the Indian government. The project, known as Aadhaar (meaning “Foundation”) is an ambitious attempt to fingerprint, photograph, and capture iris scans on the nation’s 1.2 billion citizens. Over 500 million Indian nationals have already received their Aadhaar identification numbers and had their biometric details conveniently stored in a national database. Not to be outdone, the U.S. government has dedicated significant resources across Homeland Security, the Department of Defense, and the Department of Justice, each of which has established vast biometric programs in the post 9/11 world.
While a national government biometrics database sounds as if it might be a useful tool in catching criminals and terrorists, it is not without its own privacy and security risks, as the government of Israel discovered in 2011. Authorities in the Middle Eastern country announced that its entire national biometrics database had been stolen, including the names, dates of birth, social security numbers, family members, adoption details, immigration dates, and medical records of nine million Israelis. The information was stolen by a contractor and sold to Crime, Inc., eventually ending up posted in full online in the digital underground. The obvious opportunities for a wide variety of fraud, identity theft, and security issues are manifest.
By 2016, Gartner estimates that 30 percent of companies will be using biometric identification on their employees. Biometric sensors will be built into most high-end mobile phones by the end of 2015, and by 2018 it is estimated that 3.4 billion smart-phone users will unlock their phones with their fingers, faces, eyes, and voices. Biometrics are the future of identity, security, and authentication. They will replace the common password, which, as we have seen throughout this book, is easily hacked, can be stolen by the millions, and has long outlived its useful life span.
Biometric security will offer many advantages; while you may forget your password or driver’s license, you’ll always have your fingerprints on you. Though biometrics will solve some problems, they will create others. Today if you are one of the tens of millions of victims affected by identity theft, it is possible to get a new credit card or even Social Security number. If your Facebook or bank account is hacked, you can reset your password. But when your fingerprints are stolen, there is no reset. They are permanent identification markers and, once snagged by hackers, are out of your control forever. When your gym, mobile phone company, and doctor all have your biometric details and those systems become hacked—as they undoubtedly will—remediation of the problem will prove much more difficult, if not impossible. If the future of identity is all about biometrics, then the future of identity theft will involve stealing and compromising biometrics, and thieves and scammers are already hard at work circumventing these systems.
Fingers Crossed (and Hacked)
If someone hacks your password, you can change it—as many times as you want. You can’t change your fingerprints. You have only ten of them. And you leave them on everything you touch.
SENATOR AL FRANKEN
Apple’s decision to launch its flagship iPhone 5s in late 2013 with fingerprint authentication was a seminal moment in biometric identification. Known as Touch ID, the embedded fingerprint sensor could be used to unlock the phone as well as make online purchases. Beginning with iOS 8, Apple has made the technology available to third-party vendors, allowing you to use your finger in lieu of a log-in to many other services and apps. The potential convenience of using a swipe of your finger to instantly authenticate yourself and securely access myriad other online services is appealing. Similarly, Samsung launched a fingerprint scanner with its top-of-the-line Galaxy S5 phone, and just like the iPhone it was hacked. Samsung’s biometric scanner allowed mobile phone users to use their fingerprints to authenticate services such as a PayPal account stored on the device—thus a hacked fingerprint could open a biometric wallet to an unauthorized
money transfer to the accounts of Crime, Inc.
Fingerprint sensors have dropped significantly in cost over the past ten years, and some low-end models can be purchased for about $10. The decline in prices means more manufacturers are embedding these security technologies in a wide variety of devices, including laptop computers. Samsung, Dell, Lenovo, Sony, Acer, and ASUS have all embedded fingerprint readers into their laptops and encouraged consumers to use fingerprint biometrics to lock their Windows machines and even encrypt their hard drives. Great in theory, but the implementation was poor, and hackers were able to see the digital representations of the fingerprints in plain, unencrypted text, making them easy to crack. Crime U has dozens of online videos showing how to hack fingerprint scanners, and Crime, Inc. figured out long ago how to hack fingers—by hacking them off. Gangs in Malaysia, for example, have defeated the fingerprint-recognition ignition systems in Mercedes S-Class vehicles by cutting off the fingers of the luxury cars’ owners with machetes. Though stunts like this have been commonplace on TV shows like 24, the days of cutting off an adversary’s finger to get into a secret building or log in to a computer may soon no longer be necessary. Tsutomu Matsumoto, a security researcher at Yokohama National University, has devised a method allowing him to “take a photograph of a latent fingerprint (on a wineglass, for example)” and re-create it in molded gelatin. The technique is good enough to fool biometric scanners 80 percent of the time. Other hackers have used everyday child’s Play-Doh to create a fingerprint mold good enough to fool 90 percent of fingerprint readers. As biometric access controls become more prevalent, so too will the reasons to defeat them.
Though government and business are trying to persuade the public of the superior safety and security offered by biometrics, many remain unconvinced, citing a wide array of privacy and vulnerability concerns. In Germany in 2008, a public debate erupted over the issue when the country’s chief cop and interior minister, Wolfgang Schäuble, began strongly advocating for the greater use of fingerprint biometrics. In response, our friends at the Chaos Computer Club were able to lift the minister’s fingerprint off a water glass that he had left behind after delivering a public speech at a local university. The hackers successfully copied the print and reproduced it in molded plastic—four thousand times. The replica prints were distributed as a special insert in the club’s hacker magazine along with an article encouraging readers to use the print to impersonate the minister, opening the door to planting his fingerprints at crime scenes.