Developer Week in Review: The hijacking of an insulin pump

Medical devices are remotely hacked, Google Maps get a price tag, and Linus Torvalds really doesn't like a certain language.

A future batch of kindlingIt was a great week at the Turner household! Although we love our house, we’ve frequently said to each other, “You know what we could really use? A 25-foot-long tree limb wrapped in power lines blocking our driveway.” Well, this weekend mother nature decided to help us fill this void in our landscaping, and threw in some ornamental cherry firewood as well (chainsawing not included). Thankfully, I spent the extra bucks on Saturday to get our LPG tank topped off, so I’ve got generator power for 10-14 days. Given we’re on day four with no power in sight, that was a good decision.

It could have been worse, of course. For example …

A scene from an upcoming technothriller

Plucky researcher Ann McManna walked across the room toward the podium, ready to reveal the details of the fiendish plot she had uncovered to the waiting reporters. Now the world would know about the conspiracy to corner the world supply of macadamia nuts. Her heart pounded with excitement, her mouth was dry and she perspired, in spite of the air conditioning that was making the room practically an ice box. As she approached the stage, she bumped against a table, stumbling and suddenly having trouble seeing her path through blurry eyes. Something was wrong, but she couldn’t focus, couldn’t identify what was happening to her, even as she collapsed to the ground. Minutes later, the paramedics would close the eyelids of her corpse.

Some fanciful invention of Tom Clancy or Robin Cook? Not anymore, thanks to research by McAfee’s Barnaby Jack, presented at this year’s Hacker Halted conference. Using some custom software and a special antenna, Jack was able to control Medtronic insulin pumps as far as 300 feet from the controller. He was able to disable the tones that warn a user that insulin is being pumped, and trigger a 25-unit bolus of insulin. In some circumstances, this could kill a victim.

As networked computers appear in more life-critical items, this is a good reminder that security should be job No. 1, not something to think about if you have time. Too many proprietary device manufacturers seem to depend on security through obscurity, rather than security in depth.

Strata 2012 — The 2012 Strata Conference, being held Feb. 28-March 1 in Santa Clara, Calif., will offer three full days of hands-on data training and information-rich sessions. Strata brings together the people, tools, and technologies you need to make data work.

Save 20% on registration with the code RADAR20

The first taste is free, but you’ll be back

One of the perils of depending on public APIs from for-profit companies is that they may get turned into a profit center down the road. Users of the Google Maps API learned that lesson recently, as Google announced that high-volume users will no longer have free access to the APIs starting next year. Before you start panicking, the definition of high-volume will be more than 25,000 calls a day (2,500 if you use the custom styling features), and the rate over 25,000 is $4/1,000 calls. Google claims that less than 1% of all users will run up against this limit.

The problem with using beta or “free” services in your products is that, unless the terms of use specifically say that it will be free forever, you have no contractual agreement to lean on, and the provider is able at any point to change how (or even if) the service is provided.

Linus Torvalds vs. C++

Linux progenitor Linus Torvalds has a reputation for diplomacy and fence building — that’s practically the only way to herd the stampede of cats that is the Linux developer community. But when he gets upset, the results can peel the paint off the walls.

We got a good example this week, as Torvalds responded to a complaint about the fact that the git source control system was written in pure C, rather than C++. In a nutshell, Torvalds called C++ a lousy language that attracts substandard programmers and leads to sloppy, unmaintainable code. In general, I tend to take any blanket condemnation of a programming language as hyperbole, but Torvalds seems to genuinely loathe C++. We’ll have to see if his anger against the language alienates any of the kernel developer base, or if people will just shrug it off as Linus being Linus.

Got news?

Please send tips and leads here.

Related:

tags: , , , ,