Smartphones the new murder weapon?

Manipulation of medical devices will soon be routinely done via smartphone, putting an individual's health in the hands of every hacker. Source: AP

THE everyday smartphone could become the assassin's weapon of choice in years to come; from interfering with medical devices to sabotaging cars and homes.

Vanity Fair reports that tech-security experts are investigating the various ways phones might be used to wirelessly take over electrical systems, including hospital equipment, car computers and all manner of domestic and medical devices, such as air conditioners, security systems and pacemakers.

In a presentation delivered in Melbourne in August, security expert Barnaby Jack described how pacemakers and implantable cardioverter-defibrillators (ICDs) could be controlled from as far as nine metres away by a counterfeit signal. In an experiment, he was able to instruct an ICD to deliver 830 volts - an instantly lethal zap. More sinister still, he speculated that such a death would likely be benignly blamed on malfunction.

While there are obvious advantages to a doctor being able to regulate a patient's condition swiftly and remotely, Barnaby suspects the desire to interfere with these systems will prove irresistible to hackers. "Has there ever been a box connected to the Internet that people haven't tried to break into?," he says.

Medical devices are not the only vulnerable targets. Home electric meters, alarm clocks, refrigerators, heating and cooling systems and security cameras can be all accessed remotely. The same is true of built-in computers in cars.

There are numerous ways in which cars tap into cyberspace, including GPS systems, locking devices and tyre-pressure monitoring systems. The latter typically send out minute-by-minute reports to an Electronic Control Unit (ECU) relying on an ID specific to each tyre.

In 2010, researchers from Rutgers and the University of South Carolina discovered they could read a tyre ID from 40 metres away, meaning people 40 metres from a car can "talk to it" through its tyres.

Researchers from the University of Washington and the University of California–San Diego were able fake the signals from a tyre-pressure ECU and, emboldened, went on to take control of a vehicle by contacting the hands-free system through the built-in mobile phone and playing a special audio file; and used Bluetooth signals to start cars that were parked, locked, and alarmed - all with instructions sent from a smartphone.

Concerningly, none of this is regulated, according to Stuart McClure, chief technical officer of the anti-virus company McAfee. Medical devices alone are monitored, but not for security, just for safety. "Maybe 90 per cent" of vendors don't see security as critical, he told Vanity Fair.

Ditto computer-software companies, until credit-card numbers began to be stolen by the millions. "We live in a reactive society," McClure went on, "and something bad has to happen before we take problems seriously. Only when these embedded computers start to kill a few people - one death won't do it - will we take it seriously."