|
|
To the long list of objects vulnerable to attack by computer hackers, add the human heart.
在易被计算机骇客攻击的对象的长名单中,又增加了人类心脏病。
The threat seems largely theoreical. But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.
这种威胁似乎大半为理论性。但是一个计算机安全研究人员团队星期三计划报告,骇客很可能可以无线进入心脏除颤器和起搏器。
They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal — if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory.
如果这样的装置被移植入人体,骇客可能重新给心脏起搏器或除颤器编程来关掉它并且传递足以致命的电击。在这种情况下,研究人员在实验室侵入了一个装置。
The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device’s maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
研究人员声称他们已经能够通过从极小的无线电来窃听信号的方式来搜集患者的个人数据,美敦力,这种无线电的制造商,已经将它嵌入种植体可以让医生不用手术就可以监听和调整设备。
The report, to published at www.secure-medicine.org, makes clear that the hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts — they include Vice President Dick Cheney — have no need yet to fear hackers. The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant’s signals. And the device the researchers tested, a combination defibrillator and pacemaker called the Maximo, was placed within two inches of the test gear.
在www.secure-medicine.org上发表的报告解释,在这座城市几十万的人通过安装植入性除颤器或起搏器来管理他们受损的心脏――他们中也包括副总统迪克.切尼――没有必要担心骇客。实验需要价值超过30,000美金的实验设备和来自华盛顿大学和马萨诸塞大学的团队专家的持久性努力来解释从植入装置信号收集的数据。并且,研究人员测试用的装置,是合并有除颤器和起搏器被称作Maximo,Maximo被置有两英寸的试验装置里。
Defibrillators shock hearts that are beating chaotically and dangerously back into normal rhythms. Pacemakers use gentle stimulation to slow or speed up the heart. Federal regulators said no security breaches of such medical implants had ever been reported to them.
除颤器电击跳动紊乱并有危险情况的心脏使其转变为正常节率。起搏器运用轻柔的刺激来减慢或加快心脏节律。联邦政府管理者声称已经报告给他们这样的医学装置并没有安全漏洞。
The researchers said they chose Medtronic’s Maximo because they considered the device typical of many implants with wireless communications features. Radios have been used in implants for decades to enable doctors to test them during office visits. But device makers have begun designing them to connect to the Internet, which allows doctors to monitor patients from remote locations.
研究人员声称他们之所以选择美敦力的Maximo是因为他们认为这种装置代表许多有着无线特征的植入物。无线电已经被使用在植入物中数十年使医生能够在办公期间测试它们。但是设备制造商已经开始计划将它们联接互联网,这样就使得医生可以远距离监控患者。
The researchers said the test results suggested that too little attention was being paid to security in the growing number of medical implants being equipped with communications capabilities.
研究者声称,测试结果暗示随着配备能力的医学植入物数量的增加,对安全却没有投入更多的注意。
“The risks to patients now are very low, but I worry that they could increase in the future,” said Tadayoshi Kohno, a lead researcher on the project at the University of Washington, who has studied vulnerability to hacking of networked computers and voting machines.
“现在对患者的风险非常低,但是我担心未来将增加,” Tadayoshi Kohno说,他是华盛顿大学这个计划的领头研究人员,他研究了易受骇客侵袭的网络计算机和投票机。
The paper summarizing the research is called “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.” The last part refers to defensive possibilities the researchers outlined that they say would enhance security without draining an implant’s battery. They include methods for warning a patient of tampering or requiring that an incoming signal be authenticated, using energy harvested from the incoming signals.
这项研究的摘要记录被称做“起搏器和植入式心脏除颤器:软件无线攻击和零功率防范。”研究人员概括的最后一部分指不明不白防范的可能性,他们说将不用卸下植入物的电池就能加强安全性。包括收到篡改或请求病人的信号被证实时发出警告,通过进来的信号使用能源收获的方法
But Mr. Kohno and Kevin Fu, who led the University of Massachusetts arm of the project, said they had not tried to test the defenses in an actual implant or to learn if anyone trying to use them might run afoul of existing patent claims.
但是Kohno先生和Kevin Fu,领导这个计划的马萨诸塞大学的枝干力量,声称他们还没有用一个实际的植入物确实试验这些防范措施或者得知如果任何人试图即用它们或许和已经存在的专利声明冲突。
Another participant in the project, Dr. William H. Maisel, a cardiologist who is director of the Medical Device Safety Institute at the Beth Israel Deaconess Medical Center in Boston, said that the results had been shared last month with the F.D.A., but not with Medtronic.
这项计划的另一个参与者,William H. Maisel博士,是在波士顿的贝丝以色列女执事医学中心的医学设备安全协会的会长,他声称结果在上星期一已经和食品与药品管理局分享,但是没有给美敦力。
“We feel this is an industry-wide issue best handled by the F.D.A.,” Dr. Maisel said.
Maisel博士说:“我们认为这是被食品与药品管理局处理的最好的宽工业成绩。”
The F.D.A. had already begun stepping up scrutiny of radio devices in implants. But the agency’s focus has been primarily on whether unintentional interference from other equipment might compromise the safety or reliability of the radio-equipped medical implants. In a document published in January, the agency included security in a list of concerns about wireless technology that device makers needed to address.
食品与药品管理局已经开始逐步增加对植入物的无线设备的考查。但是代理机构的焦点主要在是否从其它设备的无意干涉或许危及到配备无线系统的医学植入物的安全性和可靠性。
Medtronic, the industry leader in cardiac regulating implants, said Tuesday that it welcomed the chance to look at security issues with doctors, regulators and researchers, adding that it had never encountered illegal or unauthorized hacking of its devices that have telemetry, or wireless control, capabilities.
美敦力,心脏管理植入物的工业领导者,星期二声称感谢有机会看到医生,管理者和研究人员的安全结果,补充有遥测或无线控制,潜在能力的装置中还没有遇到非法或未经批准的骇客潜入。
“To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,” a Medtronic spokesman, Robert Clark, said. Mr. Clark added that newer implants with longer transmission ranges than Maximo also had enhanced security.
“据我们了解在超过30年的设备遥测术的使用中还没有报告发生那样事件的信号,包括世界上百万的植入物。”美敦力的代言人,罗伯特.克拉克声称。克拉克先生补充比Maximo有更长的传递范围的新的植入物也加强了安全措施。
Boston Scientific, whose Guidant division ranks second behind Medtronic, said its implants “incorporate encryption and security technologies designed to mitigate these risks.”
波士顿科学,它的遥控部门是在美敦力后排行第二,声称它的植入物“结合编有密码和安全技术设计以减轻这些危险。”
St. Jude Medical, the third major defibrillator company, said it used “proprietary techniques” to protect the security of its implants and had not heard of any unauthorized or illegal manipulation of them.
St. Jude Medical,第三个主要的心脏除颤器公司,声称它使用了“专利技术”来保护它的植入物的安全并且没有听到任何未经批准的或非法的对植入物的操纵。
Dr. Maisel urged that patients not be alarmed by the discussion of security flaws. “Patients who have the devices are far better off having these devices than not having them,” he said. “If I needed a defibrillator, I’d ask for one with wireless technology.”
Maisel博士号召患者不要被安全缺陷的讨论惊吓。“有这些装置的患者远比没有的好,”他说。“如果我需要一个心脏除颤器,我就要求一个带无线技术的除颤器。” |
|
发表于 2008-3-21 15:01:15