Veronica Schmitt - Next Step to Rooting the Human Being.

alright so next up we have veronika who's talking to us about instead of things the key to routing the human being anyone hear me okay so should I stand normally or my toes okay so my talk is not a presentation it's more of an interactive conversation so I'm going to ask some questions and I'm hoping you're going to talk back otherwise I'm going to put people on the spot I'm very good at it so I'm going to speak about the Internet of Things it's the buzzword it's a sexy word it's it's what's new and enticing but has anyone heard about a smart hospital it's a horror show in my opinion they are planning to connect to all medical

devices to a single card service so that anyone a physician or a nurse pharmacist radiologist can have access to your information so let's start Who am I I'm the VP's I call me Veronica that's reserved to my parents or my husband's an undershirt but generally be nice and for maybe I am a Jane one cyborg with a passion for breaking things to make them work it in so I have a pacemaker this is why I'm passionate about the medical security not to say someone's gonna hack me because I'm I'm really not a target but it's something that can affect the future of someone out there because you can tell me if the first medical device

is hacked any human being do you think someone else has got a heart problem is gonna have one implanted No so what happens the life expectancy is lower and we die younger with curable diseases or something that can help you live longer so now my question to the audience should medical devices be put on the internet of things No okay so you buy a TV no no we not but the thing is we need to identify what is convenient versus what is not just safe but secure so it's not to say this is doom and gloom this is to say we're gonna talk about what's wrong and how are we gonna fix it but now I'm going to

ask you this well I'm not gonna put my heart on the internet and I'll explain to you later and then you wouldn't want to do it either so you buy a flat-screen TV so you buy flat screen okay so that might be right for someone that's not in my shoes or someone that doesn't have a neural transmitter you're sitting on the outside thinking oh it's never gonna happen well dick dick chaney replaced his pacemaker with an older model due to him having wireless controllers but it's a theoretical thread that is what the vendors are claiming and that is what they're sticking with so as I'm seeing it's gonna be interesting I'm enjoying it carry on so I'm not gonna go and

everyone can read the internet of things what is it we all know what it is do I need to clarify that okay so medical devices medical devices is basically most of the devices in a hospital and those are the devices the doctors used to remote monitor you so he's sure that they can identify problems before they happen that's what he's used to do chased suits and so forth okay so now I'm most hospitals and and this was done on a questionaire basis we actually discussed this with hospitals decide you what's on your wireless LAN the MRI machines are on because for therm we needs to be David and I can promise you someone's not gonna sit and physically do it they

gonna remote push it that is our the vendor laughing your insulin pumps who knows how our insulin pump works so it remotely monitors you and then can adjust your dosage according to the parameters that your doctor has set to give your router's of insulin but this is then connected to a home device that is connected to your Wi-Fi that communicates back to the doctor but that's the insulin pump and it's a good thing because it ensures people are getting adequate medical care as they need it was I for example I know a diabetic that doesn't look after himself he doesn't shake his sugar so he easily goes into a coma it's just not responsible enough to do it on his own

so insulin pumps in that case would be very good then robotic surgery arms who knows what that is that is what they used to do precision surgical work and that is done by setting specific parameters like these also need firmware updates which is also pushed across a network and the same of your CT scan scanners and your heart pumps for media is a very important one those things are in put in your water and it's one pump your heart those things are all in the wireless LAN in hospital dialysis machines infusion pumps pacemakers and then the worst of them all the latest trend and medical devices called remote home monitoring system it's a little device that sits next to your bed that

communicates with your implantable device communicates back to your doctor so they can do telemedicine the my doctor effectively can access my face making a thing to guide with it for the universal token and see what's happening if he then sees something needs to be adjusted he can do it while I sleep but it's also connected to my Wi-Fi and we all know phone wi-fi's I'm not yeah you all might be but the general public not in security or not as conscious as we are now I watched a video on YouTube where they explained the concept of a smart hospital meaning that you would be given a single card that contains all your medical data that you would scan at reception

it would identify which way you would go to what treatment you opted for and that would communicate what sensors placed like a Fitbit or a medical device that you wear to tell the doctors with your state of health is for example if you have high blood pressure it would identify where you've got spikes or where medicines not working and it goes so far as to say that it will be integrated with the pharmacy so you'd unlock your medicine as you're supposed to take it it will then give you a certain amount and everything is integrated to your physician never has to see you face to face it is all done electronically which is not a bad idea

it's convenient but I don't think that convenience should trump security and safety and that is the stand that I'm taking it's it's fine to have convenient medicine but it should be conveniently safe and secure medicine and you shouldn't give up that up just because we don't want to go into a doctor's office so this is what they are planning on doing having everything integrated into a single system but we all know the healthcare system is not known for having the best updates or firmware or security we've seen it with the events we wanna crime was an example that hit the inner chai hard due to something that was easily fixable long ago legacy systems and that is a reason that

medical security is lacking this is legacy systems that are running and being forgotten about this is the mid fusion 4000 wireless syringe infusion pump that is useful the injection in terminal patients patients now this was a study done by uk-based company that have identified the following vulnerabilities in these devices now it's your buffer overflow attacks there's no justification on the devices hard-coded credentials on the device itself hard-coded passwords passwords which are stored in the configuration field to make convenience ease of easier for people to log in and proper access control now if you have a device that is responsible for giving morphine these are not the vulnerabilities that you would want to see now I know it's terrifying but it's

fixable and this is what the vendor could art in public remedial steps that hospitals can take instead of redoing their firmware in spending the time and researching and actually having the code tasted they said that the hospital should just assign a static IP address I don't really see how that's gonna help and I wanted to follow DNA's in the HTTP DHCP server traffic well this is one community working so well in the forest we gonna think of things after they've happens after a patient and got and will see in their system and let me tell you two did some too much morphine you stop breathing so that's in of these delays ensure network segmentation and this is

the most shocking part in hospital these devices on the wireless LAN but they not segregated from the rest of the network containing patient details so you get into a device you get into the network using VLANs for segmentation available applying proper password hiking because you all know that we are so all we're dealing with people we choose the passes the easiest remember or we drafted on a sticky note I spend considerable time in laughs audiences with a family member walking around watching workstations with user name and password on sticky notes I have pictures of it ask me and I'll show you but to make matters worse was the network share pass on there was their usernames enforcers

but the submission does not want to walk at this time ladies even in a sauce with the easiest most convenient way they are there to save lives they are not feasible this is your network that's not their problem but we does have fear invest their money they can see us healthcare not say to see our security and that is the problem we're facing with healthcare as a whole it's moving with technology but it's not focusing equally on before to pop I mean do not be impossible and generally most of these things you can only use six characters and no special characters as well so this is my real passion is a hacking pacemakers and it's not to kill

someone I've been like human beings but I want to fix it so my concept is I've always been I want to fix the security without taking away the veil ability Nexus ability of our services professionals those imagine this now I have an episode I'll fall down I'm not going to tell the paramedics I wait before I darling baby give you your flight isn't any password you all know that's not gonna work so we can't make it too strict or encrypt data if you in a strange country and they have to access your device it's quite the conundrum on fixing the problems without cutting the opposition's hands so I think

so basically my device is an ICD implantable cardiac defibrillator so meaning my heart stops it shocks me so if I do if anything is just no probably good shot so let's some of the work on the pacemakers name you would think is it a good idea to have hard-coded credentials on a pacemaker no they do 9 out of 10 device manufacturers hard-coded their credentials on the device itself and then you would think okay but this is not going to be in clear text or ASCII code well I'm gonna tell you wrong because it is so the firm we is not signed which is generally a bad idea so meaning if I write something that looks like firmly that matches

we've supposed to go this device is going to open up and accept it and it gets better if you know how to do the handshake there's no specific memory that I've stretching it into a ward protective storage it will just accept it so this is my theory which the vendor that I discussed it with did not enjoy I right firm when I go into a cardiologists my cardiologist has got five hundred face maker patients it's in bloom for the small town can you imagine driving okay time these machines infected it then infects my machine to beacon art on the correct handshake with all medical devices and Ansel in the hospital I reinfect other ones and a

beacons home now you've gotta solve the army of human beings irritable you know or hypothetical is what professor would say would be the correct term to use the file system is not encrypted on these devices and these are both the doctors programmer the base make itself and the home devices who can tell me what file system we're looking at this is one does XP which most of the program is run on and guess how you put it on just press the button and it'll just come on that's what the cardiologists told me I want you must I'm a cardiologist thinks there's something wrong with me because I wanna had come our own device not kill myself

but I'd rather kill myself and kill someone else see I am ethical now this one's a big one for me so any Dave herbs or anyone it does programming would say you need to tell the device what I can't accept in context it well that is the good idea however medical devices most of them don't have command whitelisting so if it looks like it smells like an X like it it will do it now this grates me so in asking the vendors why they said but we want power over security meaning our patients don't want to come in once every five years to have the device has changed you know so we kind of have big

computing power that's gonna drain a battery we want the batteries to last 20 years well I'd rather go in every 10 years or five years and have the device changed suffer for three months but know it's safe and secure we can't just give up for convenience safety because we're not talking about someone hacking a computer rendering the services unusable if you hack my device which I will explain some of their text later all physically fall down and die you don't come back from that kind of thing there is no reboot restart your ok resuscitation it's not gonna happen it'll call maybe it's not all doom and gloom no one finds a face see I told your

mother comedian okay that's a little bit scary it's called a crash attack basically means that your pacemakers going to start doing some funny funky retro stuff it's gonna start pacing and unknown speeds but once you have access to the device which is fairly easy after the fact I'll explain them to anyone that wants to know that was in a previous book it basically if you know the pattern of the RF packet that it's expecting to see and it's facing the universal the same across all devices you with a serial number you could effectively gain access it will say okay no that looks right what do you want me to do so how it works is when you access

a pacemaker it goes into debug mode which allows a physician to the in programmer so it goes from debug mode to programming mode now the very interesting factor that stays open for two hours effectively broadcasting and waiting for signals once it's been programmed I don't know why no one can answer me but effectively that's maybe a doctor changes his mind two hours phoned you back he doesn't have to go through the whole process again so when you incorrectly preservation you can go from having a baseline beat of 60 to 120 to 170 and effectively that's how it's going to carry on because it controls your top and your lower part of your heart then this is probably the most likely one to

happen anyway they drain the battery but basically overwhelming system so in regards to pacemakers it comes 1 packet 2 packets free packet and it stops at 9 now this is the interesting effect you'd think if you overflow it if it's ok now often I take it something's not right cut communication it restarts at 1 so effectively keeping it on the whole time by sending immense amounts of packets you could drain the battery low if I was doing this I would have communication off the nine and you'd have to go into the physician's office to see what's going on with the device these devices are made to go into sleep mode to conserve battery power and this is

really easy did you okay so that's the protocol that most medical devices use how did I find this on the internet because you can download the pod specification for every device so this is either ethical Google who's your friend you go to the vendor website you download read manual for the doctor which you don't need to user name of course but what's freely available you then get your pot specification and you go to that vendor and download how it works and voila now you know entire tech dot for the heck is in the room these look very familiar as we see it every day we use it every day I wonder if there's a Metasploit packet for me you

know there's a business model for someone so who knows what black boxing is most people but that's how easy it is most of the hackers that have worked on this is youth back black box techniques they reverse the protocols because they know how that imagination worked so they know what they see they know how to put it back to what it was Oh you basically have got the keys to the kingdom you've got the keys to someone's heart or neurostimulator or gastric chip the each so many medical devices arts is even a pull now that you swallow it was an amount of medicine that wirelessly controlled in a justified position yep no one said these things was

I might be gone in yet but like I said something should not be on the Internet I know we want everything on the internet but there are some things that should not be okay so basically the replay attack is reverse engineering the protocol okay that's what I explained there's no remedial steps you ask them well how do you know if something happens on a pacemaker what's your incident response plan they can't answer you so here's a hypothetical question for someone someone dies with a pacemaker or neurochip something happens there's supposed to be trace evidence there's supposed to be a trace of an EKG saying oh no he had a heart attack but there's no electrical stimulation then

you ask the vendor you say so what have you got in place identify these no we don't have anything cause the doctors will rule that you're natural causes but he's got our odd problem where we should actually be putting these devices interrogating them and actually seeing why they're failing so the whole statement of no one to our best knowledge has been hacked is a statement made by legal you sure no one gets sued because I've got no insurance response plan so they don't know if they've been hacked it's not you should never feel what you know you should feel what you don't know and we don't know of devices or medical devices that have been hacked

why because they are thinking it's natural causes because someone's got a disease anyone I'll see a problem with us well they just mean hey this is my favorite the little in the now of life attack come on I've got some excellent names you God cannot complain it's you like I'm not doing a horror show yeah it's a deathbed no one is bad you know so then we know I you know I pathetically so the other thing is winner device is in debug mode so I'm sorry day and I'm gonna make an example of you again I spoke at a conference I tried to murder me I'm still yeah thankfully magnets or a big problem for me to go devices that

interfere with communication so I'm an ex-con they give me a badge or wear it because you know proud I'm a speaker I still pretty I'm thinking I'm not nervous and you know the thing starts pulling and I think it open like how the boss that's like with magnets on and it was a strong enough mega to put my device into debug mode so meaning the signal got blocked and this thing decided nots gonna have an easy-fit gonna throw a tantrum and paste me at a faster speed but what happens when your heart beats boss took that pressure goes up sweetie yes and then we realize that if that is our sensitive the communication protocol on those devices are even helped me when

I go through a magnetic scanner but that's also why UConn goes through MRIs except for the obvious at all food that out of you and it will look like a horror show it will effectively switch at all okay so once you start interrogating of the lines it's pretty much like a right they're not gonna say no it's going to be there for the picking it's like the lowest of low hanging fruit so the message is identical as I said with most devices because a doctor doesn't want to have six or seven devices for each vendor the single one for Medtronic's and Judes phillips all work on the same protocol they can all the thing to get on the same devices

so it would be pretty much like having all devices open with a single password not a good idea and you don't need to be closed because it one since you're but it's nice make a hack I need to be close to you to do it no I think the furthest away was 50 meters but if you've got Mike as Mike in the room with these antennas you know I'm saying care of him excuse me it's possible now who would have a medical device only like 19 and I mean it's murder it's murder made easy you don't have to stab someone then I have to be close to them it's machine killing and if you keep it alive for long enough

unless if they they they estimate 48 hours over the night of Logitech and your battery would just die and there's no warning there's no beacon that pops out and says oh I'm gonna die soon I won't know not that I want it don't get me wrong I don't want to be walking in the street and having a longer walk because my pacemakers about died because I probably would have a heart attack not related to my health issues so basically what this means and the specific thing is that you can extend the window for the denial of life attack instead of being on for two hours you can specify up to 72 hours that's the couple never in my life have

I seen a doctor that works even two hours straight next to one single patient again logic with security and development it's just not there but why would we use third-party libraries its proprietary but its proprietary that we bought from different libraries nothing is written specifically for that vendor okay so these are some of the changes that a doctor can make to my device or any device you can let the device beacons identify itself who's seen homelands broken heart I tried to get the episode for you guys we're they actually hacked the base making killed president that only happens in America but it was pretty accurate the research showed that that was probably one of the most accurate

hacking scenes that Hollywood got right you can be compassion doctor was again nothing's encrypted all my daughters on this little device in my chest that says Veronica Schmidt has got this disease this is how we pacing her this is what happens and this is where doctors hmm what information you want our thing like I said it discusses your cardiac daughter it can change the patient's thoughts so when they check your pacemaker the doctor would say hey I said this is what's wrong with you but most doctors as we all know don't know each patient it may be in bloom was it small not a lot of people but imagine if you change someone's disease or you shock them at a

higher level now if you shock someone and double their they like you know electricity that's needed you're gonna fry the heart muscle no one really comes back from that kind of thing it's not something like in capital for the place and you can reno if the firm wait that's probably the biggest thing for me that you can actually make us run whatever you wanted to run and this is not just enough i haven't scared you enough this is really the world's moving to an integrated City versus then eventually integrated internationally into one system yeah I know this it sounds like something no that's gonna be wonderful this is gonna be done by 2020 I think it's fallen over jeans already

started with Olympics and look what Tilly's presentation really showed that looks like I want to live there until you just take a step back and just think about some of the smaller elements Oh we put our they the Internet is great but the Internet does not make for everything there are just some things that should stay offline okay so this is one of the fictional found of a hospital room this was very accurate because sitting in emergency room for like eight hours waiting to the health and you start like scanning and listening for devices I know it's not legal I did not do it it's hypothetical these I cannot go to jail this face I'm not

going to work most of the devices or even Wi-Fi Bluetooth integrated with a pair but that the physician or the nurse has a Percy TV I know this but often why I just know all it a gut feeling into a woman's intuition is the correct word are thing so I know James thought together Angelou is boring and stupid and I kind of love it because I've actually taken micro machine I know you guys any feel sorry for this and like abused it on a live system on a large network to see what it does now you can think that devices for me can be changed without it throwing too much trouble your way along until we have the likes

of Lockean server locked up just my jigsaw closet suck on a medical device so I don't know if anyone has studied at Rhodes University okay so some interesting conversations happen around the dinner table there we discussed and did our own plan of ransomware I imagine the scenario you ran some way the physicians machine he infects his patients you charge him a higher amount of Bitcoin versus the patient then pays you monthly or use of their organs because if they date they don't need them it's a profitable market it's not a good one if not ethical it's not nice we don't kill human beings I just want to emphasize it please don't go killing someone I'm not gonna take

responsibility for that so there's on Cheney saying you know you might not have our goal before this pacemaker maybe we'll have a heart of Bitcoin it's possible these devices are powerful those lithium batteries and the processing capabilities are fairly good for a little computer with an antenna was that effectively what's placed inside your body so someone said to me why would someone try good healthcare I don't know because his bad people on the internet that's what they do know they've never been very secure it's unfortunate truth that's a sad truth but we know it they haven't made catchable to all okay it's a high-value target because they're gonna want to fix things sooner rather than later cause

people are gonna die health your daughter's lucrative what is the biggest committed commodity on the door with information something that you can constantly sell the healthy daughter is very important it's an application here the environment everything runs on a backing you've got oncology radiology pathology histology and a lot of other apologies that I'm not even gonna mention there's just too many and it uses out-of-date system with most vendors have got specific chips that only run X be lucky not older than that much like the days before actually but this is because at all to those and access is placed above security we want to make it easy the last thing you as an archivist needs

is a notice phoning it's at you know this workstation I cannot remember my password but I need to give a patient's medicine that's that's why I keep faces the sticky notes on I thought the nurses it's because we want to make it easy to access information so these are some of the vulnerabilities that have been found in healthcare it's not all hospitals or bed there are some that are really doing some good work some of a questionable look we won't name names and disgrace people is it you know I'm working in a health care no one so I'm not offending anyone in tomatoes anyone have any more toes that's all so hey they're not really a way of network

safety if you ask a doctor so is my pacemaker hackable he rolls his eyes and say no but what kind of person would hack a pacemaker and these I'm not making this up this is what I've been told you know monitoring and logging it's time to monitor and log in sometime when you're half time you're gonna look at these things but then the incident has happened so we actively looking for things that have happened you should be looking now I don't even think hospitals do pain case or medical devices maybe there's a business model someone that should be done these devices should be pain tasted collaboration is the biggest key in security we collaborate on code and we test these devices we

know what the weaknesses are it's it's the same you know your enemy at the stage we don't know what the enemy is we waiting for it to happen and obviously we all know I'm not I don't even want to go into all of it little things that everyone knows but it is just in healthcare the main thing is I want access immediately again if you employ security you take away immediate access but that's not the best thing you know everyone said configure was they'd okay hmm Hospital go ahead for the last year again why because I still didn't catch the vulnerabilities and I still run a legacy system as I had Kenna paint is that what's the first thing you look

for all vulnerabilities and we know most of Isis on segmented in hospitals so if you get to when you get to another thing is your biggest to health game okay another pretty graphic to show how they hope to integrate everything okay another fun stuff oh I would do it I'm not saying it's the only way or the right way you know I kind of not did all from thinking how am I gonna hack the hospitals and then going to them and killing them and then watching like that drop you know when a bomb drops schwa and it happens so you so convinced the parameter which is you know doing this is stuff that you guys teach every day

okay so most of these things I've got patient websites that you log into so how has your experience been those things are all on the wireless and it's not like someone's gonna peep of your shoulder and say what are you doing - once you circumvent that you can perfect and you scan for internal connections and yeah this is not the medical devices and then you can just effective eise can you see what devices are out there and you already know there's no username a password we already know there's nothing it's gonna stop you it's not like there's a firewall on a morphine system or AV not that I think that would help but those are one possibility that might happen

and you compromise the device by for example your different bernetta machines in the ER on the wireless LAN why because they connect in statistics they want to know that this machine as a vendor is optimally functioning now you have patient a I've got an into your network I have compromised the device and I've switched it off so you can actually take it and go gonna happen and effectively a lot is lost the waiting room attack but this worked in the cardiologists office as well by just sniffing the RF signals between the program and the devices you could actually intercept them I mean that's done with a backpack on your back reading a book now if you

in a waiting room and all these wireless devices are open and they connected to the land on the hospital side you can imagine one bad guy sitting there and effectively pivot around in your network and this is probably the biggest problem is that most websites are not very secure or most internal systems used by hospitals I still open to old legacy hacks effectively tricking the website to think your physician and physicians have got high level access they can do anything and you can effectively download data so they can so while I'm at in Lourdes in hospital I am if people said was a keen USB I just want to make that decision it's a workstation and you would think I

get locked it's not it's open and you would think I go so it's only gonna have trusted devices that's what makes it so who would like to guess what happened without that maybes being exactly so nothing you imagine if I had one of my dodgy ones very like that in I didn't think I would have liked very much and these are the problems that are faced facing but I think if they start taking these singles the Internet of Things perhaps taking a step back and saying okay fundamentals in security you know let's apply those principles that we were all taught not that odd but the problem is they're facing legacy legacies the nitramene security that

everyone faces now I feel like I'm walking on it but it is the problem we're facing you know somewhat a company is not going to go in and say okay I'm gonna replace all my servers because it doesn't make sense and Finance doesn't want to spend money on IT and security because it's not really a cost seeing tour doesn't bring in money but then I must say there are companies that are spending the time on research for example my device thank goodness for there has got a fail-safe in so it's got protective memory that's firmwares in their memory section so for you to change it you effectively have to know where to write to a first-strike

soft B Bob for two hours then counter ticks second time hard webrick that makes me feel a little bit better doesn't make me feel better that the schneid me by saying it doesn't have a wireless controller when technically it does it's just software switch tool but they need to fix the fundamentals it comes back to that the whole thing that we've been taught not everything needs to be on the internet you know it's not like you undress yourself and face yourself and what I don't some people do but it's the same thing your life is your most secure thing okay so for me to kill you now I need to do something physically to you

so why God's right knots way do you want to put your body on the Internet if someone can reach you because you have a medical device it's the same with the foot but there's been cases where that has been forensic ly used to put someone in jail someone's pacemaker data has been used to convict him because they said if you were running away your heart with a speed up you were calm while you were killing your wife no it's a real case generally I don't think we know where to draw the line anymore it's a new thing the Internet of Things are are they like a new toy everyone wants it but common sense has

to say yeah where do we draw the line you know everyone's in that uproar about AI seen ten beings coming to kill us no a hacker is going to come and kill you with your own medical device because you've put it on the internet so for me the conversation needs to be we now know what's wrong how do we fix it and that's collaboration between industries it should not be a secret how my devices programmed what the software is Myriam oh that's a PhD professor the does the same research says you cannot have security and obscurity and it is right we need to be able to be open about it USB attack what would happen if someone

in office lock drops a USB and walks away nine out of ten people would put it in their machines and this has happened in a hospital in bloom not funny I'm innocent when you maintain it but someone spread malware in that manner and these are things that every day from little views okay some interesting statistics is that 6.4 billion devices will be connected by the Wi-Fi by the end of this year which is now but all so that's six point four billion potential targets it's getting interesting this landscape is you know it's no longer and in the previous days before my time I suppose you'd have like minimum landscape you know a lot a lot of

devices when the internet that was a commodity that was expensive unless your dad work for telecom then you had it from a young age it's becoming quite worrisome to me by the end of 2020 that's 21 billion devices and this includes medical devices so most hospitals will effectively have gone wireless 85 percent of the enterprises bang they ready only 10% already confidence but are you gonna visit a hospital so are you confident that you are safe and secure what do you think they're gonna say we unhackable cuz that's the trend it's never gonna happen to us hey we're forward it comes down to the vendors it comes down to taking the vulnerable medical devices and actually

fixing the problems they need to figure out hard to detect in real time we need to be proactive not reactive they need to be able to quickly respond and recover from attacks but see it's a double-edged sword the remote monitoring would enable us to know something's gone wrong but it's also getting able an attacker to make things go wrong it's generally alive you know what is wonderful technologically can be used to your detriment you know I suppose in the ever design Stuxnet food it was going to be very beneficial for them and some got out of control it is always a double-edged sword and firmly needs to be updated regularly when lost you think generally most hospitals update medical

equipment firmware every 36 months that's when the vendors come in to do maintenance I can tell you though firmware updates on face makers are fun I had to have one I had some software bugs it's not due to being with magnets they decided that machine learning was a good thing to have in a pacemaker I don't quite know yet why so it learns from my heart what's wrong with my heart to fix it no the physician knows what's wrong with my heart it should tell the face maker what it's supposed to do and it should just do it so the since yeah you can just hear from the name is a smart pacemaker that does not

work and these things on cheap I think it's a handful in eighty thousand for my one thank goodness I've got medical aid otherwise I would have to take out a bond on my house next basically is the horror shows over

[Applause]