Researchers operating out of the University of Birmingham working in cooperation with fellow researchers in Belgium have recently published the results of an intensive study which revealed critical vulnerabilities in ten different “smart” medical devices so far, all of which can be potentially life-threatening.
Insulin pumps can be remotely ordered to trigger a fatal dose. Pacemakers can be shut off entirely, or set to shock the heart constantly until the patient dies, and more.
In addition to killing the people who depend on these devices, of course, the same bugs can be used to intercept and steal all manner of personal health information to sell to the highest bidder.
None of this should come as a surprise to anyone. We’ve known for quite some time now that most of the “smart” devices that currently constitute the Internet of Things lack even the most basic security protocols, which make them notoriously easy for hackers to get control of.
So far, the hackers have been content with simply enslaving these devices to construct huge ‘botnets, like the one used to cripple much of the US Internet for the better part of a day recently. That, however, is just the tip of the iceberg, and with more and more internet objects being added to the IoT every day, the problem is bound to get much worse before it starts to improve.
One of the chief reasons the problem won’t be going away anytime soon is the simple fact that device manufacturers have shown almost no interest in beefing up security on the devices they make and sell.
In large part, this is because they don’t have any financial interest in doing so. Once the device is sold, their association with it ends, leaving tens of millions and the entire architecture of the internet vulnerable.
Sadly, it will probably take a few deaths before we start getting serious about IoT security, but by then, we’ll be facing an uphill battle, given how many internet objects are already in use, and how rapidly that number continues to grow.