1. jope28's Avatar
    The headline "Hackers (security researchers) Control Medical Pumps to Administer Fatal Doses" grabbed my attention.

    Saw this article Hackers control medical pumps to administer fatal doses | ZDNet and thought that it would be great for Chen to mention at the security event that BlackBerry has coming up.
    The push in the Health Care sector is something Chen has mentioned quite a few times.

    Attachment 356664

    [Hopefully NOT edited by admin to be fair lol. ] Frosty White Q10/10.3.2.798 CB10
    Last edited by jope28; 06-09-15 at 11:18 AM.
    06-09-15 08:09 AM
  2. Dunt Dunt Dunt's Avatar
    Agree that security within the Health Care sector is a big opportunity.

    But this article is just trying to use fear to grab some headlines. These pumps can't be controlled remotely, all a hacker could do would be to change the data in it library which would cause an error between the manually imputed dosage and the the library version. A good nurse would check the dosage and see the machine was broken... most likely.

    The real question is does QNX have a working product yet....
    06-09-15 08:53 AM
  3. Cozz4ever's Avatar
    I would be surprised if qnx for health already didn't have security features built in. One of the key features that hospitals were looking for is remote logging which was said it had and that itself was secure.

    Posted via CB10
    06-09-15 09:50 AM
  4. peter0328's Avatar
    Not going to click article, since screenshot looks like click bait. Something tells me hackers HAVE NOT administered fatal doses and that the article doesn't even provide good evidence to support that doing so is even possible.

    Posted via CB10
    06-09-15 09:51 AM
  5. jope28's Avatar
    Not going to click article, since screenshot looks like click bait. Something tells me hackers HAVE NOT administered fatal doses and that the article doesn't even provide good evidence to support that doing so is even possible.

    Posted via CB10
    It's ZDNET.
    It's not the New England Journal of Medicine, but isn't exactly TheOnion or BGR either lol

    [Hopefully NOT edited by admin to be fair lol. ] Frosty White Q10/10.3.2.798 CB10
    06-09-15 10:00 AM
  6. LoganSix's Avatar
    Agree that security within the Health Care sector is a big opportunity.

    But this article is just trying to use fear to grab some headlines. These pumps can't be controlled remotely, all a hacker could do would be to change the data in it library which would cause an error between the manually imputed dosage and the the library version. A good nurse would check the dosage and see the machine was broken... most likely.

    The real question is does QNX have a working product yet....
    You mean, the HBox?
    06-09-15 04:09 PM
  7. Dunt Dunt Dunt's Avatar
    You mean, the HBox?
    No as the HBox is used to transmit data...

    The issue here is someone "could" hack the OS on the connected medical device (if they could access it). Don't know what all QNX is working on or what product they already have in the market. But I imagine that each manufacture is using their own embedded software to run their equipment.
    06-09-15 04:46 PM
  8. LoganSix's Avatar
    No as the HBox is used to transmit data...

    The issue here is someone "could" hack the OS on the connected medical device (if they could access it). Don't know what all QNX is working on or what product they already have in the market. But I imagine that each manufacture is using their own embedded software to run their equipment.
    QNX is on blood pressure monitors and medicine pumps, plus a bunch of other items. I think that's why they are focusing on the health market first and the fact that a lot of money pours into it.
    06-09-15 04:52 PM
  9. rthonpm's Avatar
    The real avenue for BlackBerry isn't through QNX as much as it is creating a secure network for these types of devices to transmit data to.

    I'm surprised we haven't seen BlackBerry announce a 'BES Embedded' or similar offering that allows for embedded operating systems to connect to, and be managed by, a BES. Obviously there are challenges in the implementation since many embedded operating systems are very simple in their makeup. Just like the mobile BES, this could open up BlackBerry to a cross platform market of managing Windows CE, NetBSD, and even Android embedded devices. Plus, your license costs per device could be much lower because you make your price on volume.

    There's a need for this out there, the question is how robust can a system like that truly be, and how much development would it take?

    Posted via CB10
    06-10-15 06:37 AM
  10. LoganSix's Avatar
    The real avenue for BlackBerry isn't through QNX as much as it is creating a secure network for these types of devices to transmit data to.

    I'm surprised we haven't seen BlackBerry announce a 'BES Embedded' or similar offering that allows for embedded operating systems to connect to, and be managed by, a BES. Obviously there are challenges in the implementation since many embedded operating systems are very simple in their makeup. Just like the mobile BES, this could open up BlackBerry to a cross platform market of managing Windows CE, NetBSD, and even Android embedded devices. Plus, your license costs per device could be much lower because you make your price on volume.

    There's a need for this out there, the question is how robust can a system like that truly be, and how much development would it take?

    Posted via CB10
    They announced that last year with Project ION.
    06-10-15 09:00 AM
  11. rthonpm's Avatar
    That is Project ION, but at this point it's still vapourware...
    06-10-15 10:22 AM
  12. AluminiumRims's Avatar
    I really don't think this is security threat as such. In the article it suggests that you can access the micro controller via a serial cable. It's not like the thing is connected to the internet or something.

    Many times these kind of equipment has simple micro controllers and they can be accessed using some sort of serial cable for updating the firmware or debugging. The systems are usually simple and don't have a complex operating system in them. This is also how I would like it as the more complex systems like Linux OS would just make the system complex and open up for more bugs.

    So if you are at the hospital accessing some equipment with a serial cable in order to kill somebody, you are already there so you might just as well inject the substance yourself in the victim.

    The security I would want in these kind of systems is a signed firmware update ensuring that the firmware is authentic. Also any debugging should be disabled in a live product. You certainly don't need QNX for such simple things.
    06-10-15 04:02 PM
  13. Prem WatsApp's Avatar
    That is Project ION, but at this point it's still vapourware...
    I hope the whole thing will be ported and won't need a crumbling Windows Server to run on and administer it... :-)

    Team up with SUSE, RedHat or Ubuntu, hey...

      Pastaporto aglio e olio... Mmmhhh!  
    06-15-15 12:40 AM
  14. Dunt Dunt Dunt's Avatar
    I hope the whole thing will be ported and won't need a crumbling Windows Server to run on and administer it... :-)

    Team up with SUSE, RedHat or Ubuntu, hey...

    •   Pastaporto aglio e olio... Mmmhhh!   •
    Or just make your own... QNX Server?
    But then that is a very complicated task that might be even more difficult than building a smartphone OS, as it would need to communicate with all these other systems.

    But as this all seems like it is going to work with BES, which is a Windows product..... how hard would it be to develop for both Windows and Linux? Would there be a benefit to BlackBerry? Or do you purpose they just ignore the Windows platform and all of the current BES installations?
    While I think there might be some concerns with using Windows - both security and licensing fees. I think for now Windows is still the best solution for BES Administrators.
    06-15-15 09:05 AM
  15. fgcmfg's Avatar
    Hlo
    P up

    Posted via CB10
    06-15-15 11:30 AM
  16. Prem WatsApp's Avatar
    Or just make your own... QNX Server?
    But then that is a very complicated task that might be even more difficult than building a smartphone OS, as it would need to communicate with all these other systems.

    But as this all seems like it is going to work with BES, which is a Windows product..... how hard would it be to develop for both Windows and Linux? Would there be a benefit to BlackBerry? Or do you purpose they just ignore the Windows platform and all of the current BES installations?
    While I think there might be some concerns with using Windows - both security and licensing fees. I think for now Windows is still the best solution for BES Administrators.
    Windows Server software is expensive, the community editions of the respective commercial Linux distributions are free.

    But really, it's not about this kind of cost. It's the liability that Windows carries with regards to security. It's just too easy to infect. It really needs to be a hardened system with a minimum of services, apps and other unnecessary stuff on there.

    The GNU/Linux patch cycle also is a lot faster, I get daily updates on my Ubuntu systems. Sure, Windows should be kept for all those with AD infrastructure and Windows LOB applications. Those that can make the switch to Linux, they should be able to...

    :-D


      Pastaporto aglio e olio... Mmmhhh!  
    06-15-15 06:32 PM
  17. Dunt Dunt Dunt's Avatar
    Windows Server software is expensive, the community editions of the respective commercial Linux distributions are free.

    But really, it's not about this kind of cost. It's the liability that Windows carries with regards to security. It's just too easy to infect. It really needs to be a hardened system with a minimum of services, apps and other unnecessary stuff on there.

    The GNU/Linux patch cycle also is a lot faster, I get daily updates on my Ubuntu systems. Sure, Windows should be kept for all those with AD infrastructure and Windows LOB applications. Those that can make the switch to Linux, they should be able to...

    :-D


    •   Pastaporto aglio e olio... Mmmhhh!   •
    But who pays for LINUX development of BES?

    I know Linux is cheaper or even free, but is it the OS of choice for most of the installations where BES resides? I would assume that is something that BlackBerry has investigated? But then I assumed they would have gotten Instagram and Netflix in BlackBerry World and that didn't happen.

    I know a few guys that run LINUX, but mostly for the basics - File Storage, Web Hosting. When it comes to the Applications (like BES) they run those on Windows Machines as their is more compatibility among different application vendors. But I know a couple that run full LINUX.... it really just depends on what you are doing (do you have applications that are Windows only) and how much your IT people know (seems to be more training on Windows in the US than on Linux)

    I agree that both from cost and security standpoint LINUX is the better choice. But there are other considerations.
    06-16-15 09:10 AM

Similar Threads

  1. Anyone in Australia got the 10.3.2 update yet?
    By CrackBerry Question in forum Ask a Question
    Replies: 16
    Last Post: 09-08-15, 07:48 PM
  2. Whatsapp message not opening in Blackberry Hub
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 06-10-15, 10:15 AM
  3. Lack of consistency in Hub
    By kdklein in forum BlackBerry 10 OS
    Replies: 7
    Last Post: 06-10-15, 09:08 AM
  4. BlackBerry 'Oslo' appears once again in new images
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 06-09-15, 04:51 AM
  5. In praise of Priority Hub
    By double_fault in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 06-08-15, 09:21 PM
LINK TO POST COPIED TO CLIPBOARD