In case you are curious, Ledgett also answered why the NSA didn’t help the FBI crack the San Bernardino shooter’s iPhone. “We don’t do every phone, every variation of phone. If we don’t have a bad guy who’s using it, we don’t do that.”
If you look at the medical devices from the same point of view, you might only need to worry about remotely having your pacemaker, insulin pump or other wirelessly-enabled medical device hacked or monitored if you happen to have the same model as some NSA target.
This is a rather matter-of-fact and simultaneously VERY creepy thought. Assassinations are a rather convenient way to force regime change in hostile nations, and hacking medical equipment would certainly be an efficient way to carry that out. The US is already alleged to have developed things like the Stuxnet virus to very specifically target a single system in a single environment (in that case a Siemens system in an Iranian nuclear facility). If the government could legitimately develop methods of hacking medical devices ostensibly for investigatory purposes, how long would it be until they were developing them for covert assassinations?
It seems like the stuff of fictional thrillers. Something Jason Bourne would have employed, perhaps. But the reality is these things eventually go rogue. In just the last few weeks, viruses similar in design to Stuxnet have been found that target industrial control systems for nefarious purposes. Would it take long for an industrious hacker group to develop their own (assuming they aren’t already)?
The rise of ransomware attacks on hospitals has recently seen exponential growth. What if these hackers turned their attention to high net worth individuals and threatened their very lives by demanding ransom or their medical equipment would be compromised?
Report after report indicates that companies making so-called “Internet of Things” devices are often running fast and loose with our privacy and security. Everything from children’s toys to automobiles have been hacked, and now we have the US government admitting that it wants to hack medical devices. If you aren’t getting nervous about connecting your whole life to the Internet, you haven’t been paying attention.
Until we have better controls and more secure systems, putting your pacemaker online seems like a terrible idea.