Subject: Re: interesting From: Christian Borss <christian.borss@xxxxxxxx> Date: Thu, 27 May 2010 10:54:50 +0200 List-Archive:<http://lists.mcgill.ca/scripts/wa.exe?LIST=AUDITORY>Dear Jaime, Am 26. Mai. 2010 um 17:37 Uhr schrieb Jaime Undurraga: >An interesting new about implantable devices and certainly something that CI >companies will have to consider. >http://news.bbc.co.uk/2/hi/technology/10158517.stm You are raising an interesting point. Fortunately, there is a fundamental difference between CIs and RFID tags. RFID tags are designed to store small amounts of data which can be used for identification. That the RFID system is flawed is well known and has been demonstrated e.g., by L. Grunwald at the Black Hat Briefing 2004 in Las Vegas: http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grunwald.pdf (Sorry, no paper!) The fine BBC article doesn't say much about the applied technique, but I guess its similar to Grunwald's attack on the ePassport (2007). This is less an attack on the tag itself but rather an attack against the RFID tag reader. By storing specially crafted data on the tag, he succeeded in triggering a bug in the software of the tag reader. This allowed him to execute arbitrary instructions on the tag reader like instructions for replicating the malicious RFID data. This is not directly applicable to CIs. But you are right. Companies who add a communication interface to their medical devices - especially if its wireless - should be very carefull. Best regards, Christian -- Christian Borß, Dipl.-Ing. || Institut für Kommunikationsakustik http://www.ika.ruhr-uni-bochum.de || Ruhr-Universität Bochum Tel.: +49-(0)234-32-22470 || Universitätsstr. 150, IC1/33 Fax.: +49-(0)234-32-14165 || D-44780 Bochum (Germany)