Benutzer:Chr1/Barnaby Jack

aus Wikipedia, der freien Enzyklopädie

Vorlage:Infobox person Barnaby Michael Douglas Jack (22 November 1977 – 25 July 2013) was a New Zealander hacker, programmer and computer security expert.[1] He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage.[2] Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.[3]

Jack was renowned among industry experts for his influence in the medical and financial security fields.[4] In 2012 his testimony led the United States Food And Drug Administration to change regulations regarding wireless medical devices.[4] At the time of his death, Jack was the Director of Embedded Device Security at IOActive, a computer security firm with headquarters in Seattle and London.[5] [6]

"Jackpotting" ATMs

At a Black Hat conference in 2010, Jack gave a presentation on "jackpotting", or exploiting automated teller machines in order to make them dispense cash without withdrawing it from a bank account using a bank card.[7] [8] Jack gave demonstrations of different kinds of attacks involving both physical access to the machines and completely automated remote attacks. In both cases, malware was injected into the operating system of the machines, causing them to dispense currency fraudulently on the attacker's command. During the physical attack on an ATM as demonstrated by Jack, the attacker takes advantage of their physical access to the target machine and uses a flash drive loaded with malware to gain unauthorized remote administration access to the machines allowing control over their currency dispensing mechanism. During the remote attack, malware is installed onto the target system via exploited vulnerabilities in the remote management system, most notably the use of default passwords and remote management TCP ports. The attacker then executes the malware, causing the target ATM machine to dispense a given amount of currency.

Insulin pumps

At the McAfee FOCUS 11 conference in October 2011 in Las Vegas, while working for McAfee Security, Jack first demonstrated the wireless hacking of insulin pumps, one worn by a diabetic friend and another of the same model on a bench set up for demonstration. Interfacing with the pumps with a high-gain antenna, he obtained complete control of the pumps without any prior knowledge of their serial numbers, up to being able to cause the demonstration pump to repeatedly deliver its maximum dose of 25 units until its entire reservoir of 300 units was depleted, amounting to many times a lethal dose if delivered to a typical patient.[9]

At the RSA Security Conference in San Francisco in February 2012, using a transparent mannequin he demonstrated that he could wirelessly hack the insulin pump from a distance of up to 90 metres using the high-gain antenna.[10]

Pacemakers

In 2012 Jack demonstrated the ability to assassinate a victim by hacking his pacemaker, a scenario first explored in fiction, and meeting with some disbelief, on the TV series Homeland. In his blog post "Broken Hearts", Jack wrote that the hack was even easier than portrayed: "TV is so ridiculous! You don't need a serial number!"[11] Jack demonstrated delivering such a deadly electric shock live at the 2012 BreakPoint security conference in Melbourne.[4]

Heart implants

Jack died a week before he was to give a presentation on hacking heart implants at the Black Hat 2013 conference scheduled to be held in Las Vegas. In a June 2013 interview with Vice, Jack outlined his presentation:[3]

Barnaby Jack, the director of embedded device security for computer security firm IOActive, developed software that allowed him to remotely send an electric shock to anyone wearing a pacemaker within a 50-foot radius. He also came up with a system that scans for any insulin pumps that communicate wirelessly within 300 feet, allows you to hack into them without needing to know the identification numbers and then sets them to dish out more or less insulin than necessary, sending patients into hypoglycemic shock or ketoacidosis[3]

In his presentation, Jack was set to outline vulnerabilities in various medical devices, as well as give safe demonstrations of attacks with which there is "certainly a potential health risk".[3]

Death

Jack was found dead in a San Francisco apartment on 25 July 2013 by his girlfriend. He was aged 35.[12][13][14] At the time of his death, he was due to attend a Black Hat Briefings hacking conference in Las Vegas.[15][16] Black Hat general manager Trey Ford, said "Everyone would agree that the life and work of Barnaby Jack are legendary and irreplaceable", and announced his spot would not be replaced at the conference.[13] People across the hacking and security industries tweeted about his death.[17] According to the coroner, Jack died of a cocktail of cocaine and prescription drugs.[18]

References

Vorlage:Reflist

Vorlage:Persondata

Category:2013 deaths Category:New Zealand computer specialists Category:People associated with computer security Category:1977 births

  1. Barnaby Jack, The Daily Telegraph. 28. Juli 2013. Abgerufen am 29. Juli 2013. 
  2. Robert McMillan: Barnaby Jack hits ATM jackpot at Black Hat. Computerworld. 28. Juli 2010. Abgerufen am 7. August 2013.
  3. a b c d Alexander William: Barnaby Jack Could Hack Your Pacemaker and Make Your Heart Explode. Vice. July 2013. Abgerufen am 7. August 2013.
  4. a b c Brandy Zadrozny: The Good Hacker: Barnaby Jack Dies. The Daily Beast. 26. Juli 2013. Abgerufen am 7. August 2013.
  5. IOActive Appoints Industry Expert Barnaby Jack as Director of Embedded Device Security. IOActive. 8. Oktober 2012. Abgerufen am 7. August 2013.
  6. About IOActive. IOActive. Abgerufen am 7. August 2013.
  7. Dan Goodin: Armed with exploits, ATM hacker hits the jackpot. The Register. 28. Juli 2010. Abgerufen am 7. August 2013.
  8. Carl Franzen: Barnaby Jack Ingeniously Hacks ATMs at Black Hat [VIDEO]. Aol News. 29. Juli 2010. Abgerufen am 7. August 2013.
  9. Stilgherrian: Lethal medical device hack taken to next level. CSO Online (Australia). 21. Oktober 2011. Abgerufen am 2. August 2013.
  10. Arundhati Parmar: Hacker shows off vulnerabilities of wireless insulin pumps. MedCity News. 1. März 2012. Abgerufen am 7. August 2013.
  11. Barnaby Jack: "Broken Hearts": How plausible was the Homeland pacemaker hack?. IOActive Labs Research. 25. Februar 2013. Abgerufen am 7. August 2013.
  12. Jim Finkle: Famed hacker Barnaby Jack dies a week before hacking convention. Reuters. 26. Juli 2013. Abgerufen am 7. August 2013.
  13. a b Amanda Holpuch: Hacker Barnaby Jack dies in San Francisco aged 35. In: The Guardian. Abgerufen am 7. August 2013.
  14. Jordan Robertson: Barnaby Jack, Computer Hacker, Dead at 36. Bloomberg. 26. Juli 2013. Abgerufen am 7. August 2013.
  15. NZ hacker found dead. Radio New Zealand. 27. Juli 2013. Abgerufen am 7. August 2013.
  16. Brittany Hillen: Barnaby Jack, renown hacker, dies at 35. SlashGear. 26 July 2013. Abgerufen am 7. August 2013.
  17. Jim Finkle: Barnaby Jack Dead: Celebrated Hacker Dies At 36 San Francisco. In: The Huffington Post, 26. Juli 2013. Abgerufen am 7. August 2013. 
  18. Elite Hacker Barnaby Jack "Overdosed on drugs". BBC. 3 January 2014. Abgerufen am 4. Januar 2014.