EmTech 2009 news round-up

EmTech 2009 brought the world's technology experts together in Boston

The Emerging Technologies conference at the Massachusetts Institute of Technology (MIT) in Boston brings together research laboratories, companies and entrepreneurs from around the world to showcase a host of new technologies, offering demonstrations, keynotes, interactive breakout sessions, and networking opportunities. The show covers fields including energy, biotechnology, IT and the internet. In this special show report we round up the key announcements.

Killer hackers
One of the most important developments at the show was a US researcher calling for legislation to enforce tighter security on implanted cardiac devices after he hacked into one wirelessly to produce a potentially fatal electric shock.

The scenario may sound like something out of a detective novel or far-fetched thriller movie script, but the danger is real and should be taken seriously, according to Kevin Fu, an assistant professor of computer science at the University of Massachusetts, who specialises in the security of radio frequency identification (RFID) systems.

Judges at the EmTech conference in Boston took Fu's work seriously enough to give him an Innovator of the Year award.

Doctors can access modern pacemakers and defibrillators over the internet via a short-range wireless link similar to those used in RFID devices. The system allows them to monitor patients remotely and install software updates.

This means that a hacker could access confidential medical information as well as reprogram the devices, Fu said.

"Manufacturers point out that implanted medical devices [IMDs] have used radio communication for decades, and that they are not aware of any unreported security problems," he wrote in a recent paper.

"Spam and viruses were also not prevalent on the internet during its many-decade childhood. Firewalls, encryption and proprietary techniques did not stop the eventual onslaught."

Fu and his team used off-the-shelf components to build a device that could write to a defibrillator and read the signals being sent to it. They deciphered the signals by exploiting the fact that they knew the patient's name.

They could then reprogram the device to give an electric shock. Another possibility is that a hacker could disable the power-saving mode so that the device's battery ran down in days rather than years.

The hacking device could be built into something the size of a mobile phone, and infect IMDs with malware randomly as the killer walked down the street. Millions of people use pacemaker/defibrillator devices.

Fu pointed out that such random attacks are not unknown. Vandals have caused people to have seizures by implanting flashing lights on a web site used by epileptics, for example, and seven people died when a killer put cyanide-laced painkillers on supermarket shelves in Chicago.

Nevertheless, some doctors resisted when Fu first started making inquiries about IMD security. Has he any idea of how many of the devices in use are vulnerable? "That's the point," he said. "We just don't know."