[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: interesting



Dear Jaime,

Am 26. Mai. 2010 um 17:37 Uhr schrieb Jaime Undurraga:
>An interesting new about implantable devices and certainly something that CI
>companies will have to consider.
>http://news.bbc.co.uk/2/hi/technology/10158517.stm

You are raising an interesting point. Fortunately, there is a
fundamental difference between CIs and RFID tags. RFID tags are designed
to store small amounts of data which can be used for identification.
That the RFID system is flawed is well known and has been demonstrated
e.g., by L. Grunwald at the Black Hat Briefing 2004 in Las Vegas:

  http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grunwald.pdf

(Sorry, no paper!)

The fine BBC article doesn't say much about the applied technique, but I
guess its similar to Grunwald's attack on the ePassport (2007). This is
less an attack on the tag itself but rather an attack against the RFID
tag reader. By storing specially crafted data on the tag, he succeeded
in triggering a bug in the software of the tag reader. This allowed him
to execute arbitrary instructions on the tag reader like instructions
for replicating the malicious RFID data.
This is not directly applicable to CIs. But you are right. Companies who
add a communication interface to their medical devices - especially if
its wireless - should be very carefull.


Best regards,
Christian
-- 
Christian Borß, Dipl.-Ing.          ||   Institut für Kommunikationsakustik
http://www.ika.ruhr-uni-bochum.de   ||   Ruhr-Universität Bochum
Tel.: +49-(0)234-32-22470           ||   Universitätsstr. 150, IC1/33
Fax.: +49-(0)234-32-14165           ||   D-44780 Bochum (Germany)