• sebinspace
    link
    fedilink
    English
    311 months ago

    My girlfriend has a medical implant for her gastroparresis. How concerned should we be? If that device shuts off, she can’t eat, and there’s only a handful of doctors in the country that can work on it, and the one that sees her is often booked two weeks out

    • @cheet@infosec.pub
      link
      fedilink
      English
      1011 months ago

      The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.

      The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

      Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

      I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.

      What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

      Hope that helps explain a bit

      • sebinspace
        link
        fedilink
        English
        011 months ago

        the flipper wouldn’t be the only thing able to exploit it

        No, and I never once thought these capabilities were unique to the Flipper. My concern is how much it lowers the barrier of entry to potentially dangerous behavior. When people say they got one “just to be evil”, it’s deeply concerning. If someone said the same thing about a gun, something else that can be dangerous and needs to be handled responsibly, I’d be notifying someone. It’s not the capabilities themselves, it’s how accessible it makes those capabilities to the otherwise-inept