iStan Hacked and Killed

iStan is “the most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems,” according to CAE Healthcare. iStan costs about $100,000 and is regularly used by hospitals to teach medical school students how to perform procedures without murdering people.

That’s nice, but here is the interesting part.

At the University of South Alabama, a group of undergrad students were given access to iStan.  The students had been taking a cybersecurity class.

Within a few hours they were able to take over most of iStan’s functions.  They could speed up his heart rate or slow it down.  Whatever they wanted to do.

Including killing iStan.

But as the manufacturer said, iStan is good for teaching med students without murdering people so iStan came back from to life.

What is interesting here:  we are dealing with a bunch of undergrads taking a cybersecurity class, not a group of professional hackers.

They were able to take over iStan in just a few hours.

And they were able to virtually kill him.

What would happen if professional hackers wanted to do this.  We know that doctors took special precautions with Dick Cheney’s pacemaker for this very reason.  What about people who don’t have a secret service detail?  I guess they better hope no one wants to do them in.

From the University’s viewpoint, they want to understand the vulnerabilities so that they can improve the security of medical devices.

THAT can’t happen too soon.

Information for this post came from Motherboard.

by