This is why we need Free Software

Marie Moe (the person in the article) has a pacemaker and wants to be able to see the code that controls if she lives or dies.

Is that much to ask? I don't think it is and I think its a prime example of why code, especially code like this should be Free Software. The way it works now propriatory software is owned and controlled by the companies that hold the copyright to it, and at the end of the day these kind of companies are in it to make money within an acceptable risk factor. That means if the code isnt perfect that's find as long as its good enough.

I found it increadable that this was one of the responses by a medical doctor who works with these things.

He believes hacking is a purely theoretical risk: "The only significant effort I've seen took a team of people two days, being within 20cm of the device, and cost around $30,000.

Apparently theres no concern of assassination by wealthy people of governments, its not like the have 30k and a few day, Its not like a well known politician has the wireless functionality disabled on his pacemaker because they are vulnerable... Oh wait thats exactly what happened, by Dick Cheney in 2007.

-

To check that code is secure and bug-free, Marie would like to be able to examine the programmes that control her pacemaker. But although the pacemaker is inside her body, the vendors have not shared the code inside her pacemaker.

"It's a computer running my heart so I really have to trust this computer and it's a little bit hard for me because I don't have any way of looking into the software of this device."

1 Like

This was already covered by an 'foss-only' lawyer

1 Like

Eben Moglen? Hes the only FOSS only lawyer i know of.

It appears so however the interview I heard was a female voice

1 Like

A link would be good if you are able to find it :D

working on it
possibly here not sure (not it)


heres the eben one no download link

1 Like

I'd like to know what are these wireless functions?

Just guessing but calibrate would make sense, aaaand thats pretty straight forward kill switch dont you think? :D

From the article at least with some of them there are two wireless interfaces. One short range interface (think NFC) for communicating with the device and sending firmware changes/changing settings and one longer range wireless that connects to the internet to send data logs to the company I imagine.

Open source is almost as bad as un-encrypted software or as bad as defunct pacemaker software. I mean people are risky enough to risk their lives to an electronic device that could fail anytime if it get's overloaded with some type of electronic interference.

If I ever was to get one I'd rather get one from a company knowingly that they are the sole reason for any defects or liability that comes out of it not some software glitch I or others added on to the system.

Perhaps it wasn't a lawyer (that's it)

Your suggesting that people would upgrade there firmware themselves without proper care. Something can be open source and yet your dont have to update firmware with random changes. The code being open allows far more eyes on the code, which means better bug finding and potential fixes, better vulnerability identification and fixes.

Companies dont fix things if they dont have to be fixed, and its been shown that thats exactly how they operate with pacemakers as well. Open code would mean they would have to acknowledge problems and fix them rather than hide them until its to late. The same can be said for almost any software.

In this regard I dont think you understand how open source software works. If that was the case our economy would be crippled years ago.

I mean it's good if you switch pacemaker companies, but the thought of modding your pacemaker via bluetooth like some sort of hack like "Watch Dogs" is just creepy as hell. Imagine if someone walks up to you and pin u down with a cellphone sending your pacemaker some maleware or virus cuz it's open source.

The entire point of open source is to find said vulnerabilities that you're currently worrying about

1 Like

What I do not get is why these devices are digital at all.

The only benefit there is with digital pace makers is that they are adjustable which seems silly IMO. All you need is a little potentiality and boom, instant adjustability.

I would trust my life to a well built analog device before I ever trust a digital one.

Hideous villain calls someone, then obviously that phone goes to ear? and that android phone then flashes random crap to the pacemaker, and that person dies.
8/8 movie :D

1 Like

Again, im sorry im not trying to have a go but you dont understand what open source is.

Closed source software isnt immune to vulnerabilities. Your thinking that if you cant see the code your more protected, in security that's called 'security through obscurity' and its a terrible practice. Its like saying if i cant see you you dont exist, of course you still exist, as do exploits and vulnerabilities in code and people will find them and exploit them regardless if its closed or open source.

The difference is that open source code allows anyone to inspect the code, vulnerabilities can be found and fixed and not kept secret and sold to the highest bidder as is done with software today. More importantly bugs can be identified, and at the very least if the code is revertible then these companies will be placed in a position where they have to act rather than place people in potential danger because they dont want to support devices they have already sold (phones anyone?)

The idea is good in theory, a device that can be altered depending on need or fixed if a bug is found. Something that was completely mechanical would have to work and have no bugs from the start. I think part of the problem may be that pacemakers are configured to the individual, digital allows them to be smaller, mass produced, and easy to configure. Mechanical would have to be at least somewhat talor made and lightly bigger and more power hungry.

speaking of vulnerabilities, how much code does this need to run? I imagine the specs are on par with something like an arduino uno, so if it did go open, how much code would one need to audit, and what are the encryption capabilities of this thing in the name of security?