The Hacker Who Poked Holes in Medical Devices
Barnaby Jack, the 36-year-old hacker with a showman's flair whose death was reported last week, set an ambitious goal a few years back: Help secure the millions of insulin pumps, pacemakers and other medical devices implanted in people around the world.
Hackers are often thought of as troublemakers and criminals, and indeed, many are, as shown in the indictment last week of five people in the theft of 160 million credit card numbers. But for security professionals such as Jack, who are paid to find and fix vulnerabilities, hacking is about helping, not hurting.
As of late Friday, we didn't know the cause of his death. But what we do know is that the computer-security community lost someone whose work was leading to safety changes for medical devices being distributed globally.
His research contributed to a growing body of evidence that as medical devices are built with wireless data connections -- for easier monitoring of patients and downloading software updates -- a new door was opening for hackers who could remotely tamper with the equipment.
Jack's work with insulin pumps helped prompt a review by the U.S. Government Accountability Office of the industry's security practices. The office said in September that the U.S. Food and Drug Administration needs to more closely track hacking vulnerabilities in wireless medical devices.
He worked with the FDA and the affected device makers to fix the security holes he found. In an interview this month, he said he was encouraged that his proposed changes were being implemented.
At this week's Black Hat security conference in Las Vegas, Jack had planned to demonstrate that he could scan a range of up to 30 feet for two certain models of pacemaker and defibrillator -- he didn’t say which ones -- override the software running on them and send high-voltage shocks to the devices, shorting out their circuitry.
Jack was known for his attention-grabbing hacking performances, which included making an ATM spit out cash and forcing an insulin pump to dispense the hormone in a see-through mannequin. He put on an entertaining show at the security conferences.
But clearly, it's a different audience that should appreciate his act. For the many millions of people who depend on these medical devices, Jack leaves behind a legacy that could one day help save their lives.