Video thumbnail (Frame 0) Video thumbnail (Frame 1947) Video thumbnail (Frame 3908) Video thumbnail (Frame 5354) Video thumbnail (Frame 7712) Video thumbnail (Frame 8874) Video thumbnail (Frame 11697) Video thumbnail (Frame 15304) Video thumbnail (Frame 16331) Video thumbnail (Frame 17966) Video thumbnail (Frame 20233) Video thumbnail (Frame 21262) Video thumbnail (Frame 22462) Video thumbnail (Frame 24352) Video thumbnail (Frame 25736) Video thumbnail (Frame 27214) Video thumbnail (Frame 28830) Video thumbnail (Frame 30005) Video thumbnail (Frame 31431) Video thumbnail (Frame 33303) Video thumbnail (Frame 36070) Video thumbnail (Frame 37083) Video thumbnail (Frame 39793) Video thumbnail (Frame 41061) Video thumbnail (Frame 43386)
Video in TIB AV-Portal: BIO HACKING VILLAGE - PWN to Own My Heart

Formal Metadata

Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
The increase of pace in the technology field has left the race for manufacturers to increase the security in medical devices. There is the theoretically possibility that your heart can be pwned. Pacemakers have become part of the internet of things. We are putting our hearts on display. This is my journey from regular hacker to gen-one cyborg to pwning my own heart that I can own the vulnerabilities to fix it. We forget that these are devices connected to flesh and blood, a person who depends on this device to have just one more heart beat. This is a journey into the inner sanctum of living with a vulnerable device in a time where technology progression has left behind security. We can no longer have security by obscurity when it comes to devices which cyborg’s like me depend on.We should not be in the business of sacrificing security for convenience or power. As a patient, I would rather sleep knowing my device has been hardened and have the inconvenience of replacing it more regularly than the converse. I feel that we, as the security community, should be addressing and assisting medical manufacturers with the security vulnerabilities in the devices that literally keep people alive. There should be more effort placed on addressing the security vulnerabilities. The simple fact is we are not dealing with just ones and zeroes. This is, for some, a life or death situation.
Goodness of fit Context awareness Mechanism design Code Video game Service-oriented architecture Information security God Vector potential
Category of being Mechanism design Beat (acoustics) Hacker (term) Virtual machine Condition number Mereology Vector potential Perimeter
Mechanism design Mathematics Software Different (Kate Ryan album) Thermal radiation Software Self-organization Computer network Basis <Mathematik> Wireless LAN Connected space
Vulnerability (computing) Peer-to-peer 1 (number) In-Memory-Datenbank Maxima and minima MiniDisc Hacker (term) Vulnerability (computing)
Dialect Focus (optics) Information Hacker (term) Chemical equation Touch typing Right angle Distance Information security Resultant Position operator
Arithmetic mean Integrated development environment Moving average Video game Surgery Error message Family Physical system
Rule of inference Block (periodic table) Design by contract Bit Voltmeter P (complexity) Host Identity Protocol Virtual machine Degree (graph theory) Read-only memory Addressing mode Telecommunication Order (biology) Right angle Software testing Quaternion group
Group action Information Software developer Moment (mathematics) Staff (military) Event horizon Degree (graph theory) Data mining Programmer (hardware) Programmer (hardware) Encryption Physics Pressure Information security Fundamental theorem of algebra Near-ring Window
Default (computer science) Building Code Mountain pass Multiplication sign Set (mathematics) Range (statistics) Wellenwiderstand <Strömungsmechanik> Icosahedron Discrete element method Computer programming Software bug Machine learning Software Bit rate Function (mathematics) Bus (computing) Information security
Software Divisor Information Bit Surgery Computer programming
Slide rule Standard deviation Multiplication sign Bit Black box Programmer (hardware) Arithmetic mean Crash (computing) Bit rate Crash (computing) Telecommunication Video game Office suite Online chat
Authentication Context awareness Code Distance Data mining Goodness of fit Mathematics Bit rate Velocity Universe (mathematics) Video game Information security Logic gate Firmware Computer worm
Slide rule Serial port Observational study 1 (number) Number Element (mathematics) Programmer (hardware) Goodness of fit Malware Bit rate Semiconductor memory Natural number Single-precision floating-point format Office suite Information security Information Mapping Planning Line (geometry) Vector potential Data mining Category of being Malware Network topology Telecommunication Statement (computer science) System identification Video game Self-organization Spacetime
Authentication Benutzerhandbuch Game controller Information Semiconductor memory Moment (mathematics) Website Hill differential equation Whiteboard Gamma function God
Point (geometry) Vulnerability (computing) Weight Bit rate Host Identity Protocol Computer programming Connected space Programmer (hardware) Arithmetic mean Internetworking Internetworking Inference Connectivity (graph theory) Information security Condition number Vulnerability (computing)
Pulse (signal processing) Code Decision theory Multiplication sign Source code Set (mathematics) Frustration Mereology Disk read-and-write head Public key certificate Subset Neuroinformatik Optical disc drive Programmer (hardware) Malware Sign (mathematics) Machine learning Bit rate Different (Kate Ryan album) Encryption Circle Data conversion Information security Physical system God Cybersex Regulator gene Block (periodic table) Moment (mathematics) Shared memory Sound effect Bit Lattice (order) Measurement Wave Telecommunication Right angle Quicksort Point (geometry) Metre Beat (acoustics) Vapor barrier Wage labour Surgery Spektrum <Mathematik> Field (computer science) Twitter Causality Natural number Hacker (term) Authorization Representation (politics) Energy level Metropolitan area network Task (computing) Default (computer science) Noise (electronics) Dependent and independent variables Multiplication Information Chemical equation Planning Incidence algebra Cartesian coordinate system Password Statement (computer science) Fiber bundle Family Communications protocol
hey everyone so I'm the poison Pixy and I'm here to talk to you guys about that little device up there that's implanted in my chest so one big I think it's 2012 I read an article by Barnaby Jack and bi they never had my pacemaker for a good couple years and realizing oh my god this is a fucking disaster but being Who I am I find this my motto in life my aim is to raise awareness of these potential malicious attacks and encourage manufacturers to act to review the security of their code and not just the traditional safety mechanisms of these devices this is something that I take with me every day you'll see at the end there is a little puzzle for you guys to solve that I have a saying beautifully broker and wonderfully flawed because that's who I am my heart is effectively broken in so many ways and my device is flawed but I still find the beauty and the science that keeps me here every day something worthwhile for me we're moving into an
age where human beings in the traditional sense of being flesh and blood will no longer exist I am the traditional Saints and no longer human the most major part that keeps me alive is Bionic mechanical and technology and that is the science of heartbreak that is the science of me and who I am I refer to myself as a genuine
sidewalk a nonhuman hacker half technology half flesh-and-blood I passionately live for every beat that my pacemaker gives me even though it's additionally sometimes does fuck it up we all know how techno technology is it's both by humans not by machines it and it does break I believe that we as a community need to break things to make admit better because how do we know that a perimeter can be breached we first have to break in we can auditors anticipate what needs to be fixed unless we know hard to break them this is a brief history in 1958 the
first pacemaker was implanted that is very long ago I was not born yet so this technology has been around for years basically what everyone should know what a pacemaker is it is a little device that listens to your heartbeats and act as a way of mechanism to keep your heart beating when your natural pacemaker fails and Lawson was the first one to receive this device at that stage there was no network connectivity today we find pacemakers that have wireless connectivity that connects to a program and next to a patient's bed across Wireless that a doctor can interrogate and make changes on a regular basis sitting across the world because apparently according to the manufacturers that was an excellent idea
we've seen recently I did some research because I thought to myself I believe we can do better but how do we know we can do better unless we know what has gone wrong 1985 to 1987 six patients received harmful radiation from their base maker so it starts from very slow 2002 a network was flooded and cardiac patients could not receive critical changes to the devices the hospital was unable to facilitate these changes in the 2000s we started seeing recalls on ICD different Bellator's now here's the scary thing with an ICD your heart muscle is in my opinion your most sensitive organ if it is over chakra over stimulated it simply dies there's no way to regenerate it at all so I have an ICD implanted that acts as a pacemaker so I'll get to a little later where I did some research on the FDA and how they passed my device and the fools that they passed within my device 2006 we saw software updates released for pacemakers especially when the attack started being facilitated on these devices and that carries on to
2008 where we started seeing the vulnerabilities being exposed by the likes of Barnaby Jack and other researchers to say 2008 ones the biggest medical manufacturers Medtronic was taken to the Supreme Court for flaws within they told biases 2011 I think it was a DEFCON win gyrators displayed how you can hack an insulin pump and it just carries on and this is where my journey
started in 2012 where I decided that I no longer want to trust what the medical practitioners told me I want to know how
my device works now someone like me that has a device I have been told that the device is not my own it belongs to the medical manufacturer we here's the kicker they might have that User Agreement with my doctor they don't have that legally with me I feel that my device if it is there to keep me alive I should have the right to taste it I should have the right to know how it works I should not have security through obscurity I think they should be more open and they security practitioners know how they devices work and if anyone has result of medical companies they will realize that some of them are pure police they assholes as much as they are also in designing innovation innovation is what they focus on they don't focus on security we just want the next new big thing but I say if we want to be innovative we should be secure I'm not saying lock the device down there is a very fine balance towards having a device that is accessible and secure having information available to maple practitioners at the touch of a dial but we don't have to open it for bad people and it's not necessary to say that it will be a hacker that will attack a device if I ask anyone in the audience who kills who's a murderer anyone that can stab someone has now got the ability to access these devices wirelessly and facilitate the attack we can now have murder from a distance and how long it just from far away for me
what is important is ensuring the security of these devices for the future because if I ask you for example what do you think would happen it's the first pacemaker attacked do you think someone else would get another device No so we go back 10 years that is not the aim the aim is to fix this going forward that we in a position to keep innovation going now I'm going to show you
something very personal and it's something that I've never shared in public is how I was diagnosed and what lead me on this path of getting my pacemaker at 19 I was admitted with heart failure my conductive system simply does not work and I had to get a pacemaker now in South Africa you have medical aid our medical aid to climb to pay for my pacemaker meaning that effectively according to medical personnel I had three weeks left to live at the age of 19 I prepared myself to go home because I refuse to die in a medical environment I wanted to be surrounded by my mom my dad my brother my family my people and on the way out my doctor stopped me and said you know what you're going in for surgery I've paid for your pacemaker so I'm here today doing what I'm doing because I got a second chance I got a device that has saved my life from the age of 19 it has given me two amazing little goals that I wouldn't even have had but I have concerns about my device in January was admitted again because I got a new pacemaker two years ago and my pacemaker failed it did not resuscitate me and I spent eight minutes connected ed after here's the kicker after the device was tested by three technologists from the medical company stating that there is no errors on the device it still fails and no one can tell you why this isn't a little poem
that the medical practitioners use to explain what a third-degree heart block is if the are is far from P then you have a first-degree longer longer drop then you have awaken buck if some peas don't get through then you have mopeds - if P's and Q's don't agree then you have third-degree basically means my heart cannot pump on its own it is unable to relay communication for it to contract together so it flatlines
now my device that I have has been passed by the FDA now Huia knows what a pre market assessment is what that means is that one clinical trial with a small amount of people order to test whether this device works in the United States we have more stringent and strict tests for drug drug FDA pass then we do for medical devices which for me is a bit of a problem because if you take the wrong medication that can be reversed if you receive a shock from an ICD which is higher than what it should be you die we have a whole idea of how these devices are passed absolutely confused and I think that the FDA should start stepping up start fixing legacy shut and just do what's right and gain is something that
I didn't with my cardiologist before I came to DEFCON he's got one of the biggest brands in South Africa that he supports I cannot name their name I have been told not to say any manufacturers names while I was undressing so how it works is I go in every six months I lie down and my heart had stopped and started and very degrees to taste matter lies I took a rubber ducky and I placed behind the programmer with permission for my cardiologist and I managed to capture everything that he changed along with all my Pai information information what was wrong what events were noted for the last six months now it wasn't just for mine it was everything that has been stored on that device and that's where the problem comes in we've got these phenomenal programmers running XP having us be Zack serrated hard-coded credentials no encryption no command whitelisting it's just badly built it's not that it's just unsecure it's that the fundamentals in basics of secure development has not been adhered to I fight a battle at the
moment where I don't have a cardiologist no more the medical company that owned my device or manufactured my device has effectively put so much pressure on my medical staff that support me they can no longer help me with any of my research so I am without a doctor and without support fighting a battle that is pretty much on my own until I found a small group of people that lake near today I don't know does everyone know who I am the cavalry is there pretty awesome this one is important we need to
be able to verify the software that we use within devices because most of my problems that I had in January was due to machine learning failing and software bugs and would you believe that when asking the medical manufacturer to see the code to review what is keeping my heart rate going I was declined access to the skirt because it's proprietary so they are practicing security through obscurity so I have to trust a big corporate that what they are saying is good effectively is what is going to keep me alive this
is what the FDA is passed on my specific device and they have said that these are acceptable risks my electrical component has failed in January causing me to flatline it does not connect with the program not always retain it settings it will reset to default and I've actually experienced this I took the chance I went into the wireless village because I like living dangerously and needless to say within about half an hour started feeling ill and just because we need to be scientifically correct we replicated it for a second time so if anyone's got a pacemaker it's likely over the wireless village it is way too much signal going about but these are devices that should not be that sensitive to signals going on outside the body because technology is signal driven it is simply not there to be that sensitive I am convinced these medical companies or building snowflake devices because I think my device has got more emotion than I do this is what my device costs
and this is excluding the leads so I have a little battery running my programs running my software with two leads and when they need to be replaced it's not simply not popping out open my skin with a little tag they cut me open they take up the whole device hoping not to rip up the leads connect to my heart so you can see that when a device is recalled it's a bit of a fuckup you have to go into the hospital and have surgery for example since you'd fixed a problem however the legacy devices are unable to be firmly updated those patients will need to have new devices implanted they will need to have surgery because the manufacturer factor
this is just to explain exactly how the FDA passes the information so one day I
decided to suit up at the doctor's offices with a backpack and a hoodie because that's what we wear that's what I wear every day and I black box I just listened and I learned what do you guys think I picked up anyone I managed to capture communication between the programmer and the pacemaker meaning I could potentially replicate a man-in-the-middle attack sitting outside my doctor's offices just listening looking like any normal patient again this was all done with permission from my cardiologist who at that time was very supportive this is one of the
attacks that we theoretically formulated because if you ask any Heart Association they will say no patient has been hacked that we know of it's that we know of situation that worries me is because we don't check because we think it's terrible and why is it not showing I'm going to have to read this a bit of a technical difficulty about the slides if you take a pacemaker and you start adjusting the way that it paces you can take a heart rate up from 60 to 160 meaning that your heart will be exhausted and your battery will be depleted the standard pacemaker battery will last 10 to 12 years you will be able with a crash attack theoretically to take that down to about 3 years which the patient will be unaware of because effectively he would think it would take 12 years a denial of life attack is one
that has been done successfully where if you send RF signals to a pacemaker at a sequential rate it will count one - up until nine and who can guess what happens then what would be good security data cuts it off it just starts counting at one again that is not how it should be because how do we drain battery life on RF devices we keep on attacking it or if signals that I am aware of the distance from it's 50 feet is the furthest that I'm aware of that is pretty far that means I don't have to stand next to you I wonder what
went wrong with this life anyway the replay attack basically means that I'm gonna replicate wherever your doctor has changed i've listened i have reverse-engineered these packets and i'm gonna replicate what he's done to the thing to go to your device once you've authenticated to that device it's got no whitelisted commands it'll effectively open up like a fresh fruit and accept any code that you give it one of the things that I discussed with friends of mine velocity at the university that I was at was you could potentially affect gate to a device which is universal across the world upload mean firming this firmware can update on authenticate to other devices effectively creating a worm that self replicates those are things that we should be looking at and being aware of these are some changes
that have been found by researchers that you can do within a pacemaker identification of a device as with anything you don't want too much information to be beaconed out from studies and work that we've done these devices will give you the serial number patient information it will disclose your cardiac data which is something I don't want to out there because it's the most personal single map of mine you will be able to change the clock on your ICD which is fundamentally an important element in ensuring when at the is implanted to estimate when the device will run out you can change the therapies again this is what happened to me in genuine when my device decided that it would be able to learn on its own I had a soft patient my device food that way my heart rate felt his city it was acceptable and that it ended up in it's missing my hot flat lining and that is just like the tip of the iceberg in
here's the interesting thing I was preparing for my slides and every medical manufacturer see if malware is not a problem at blackhat they actually managed to put malware on an ICD programmer so meaning if I go into the offices with a device that has been compromised potentially without knowing I can have malware on my ICD and that would mean that it could infect other I CDs it could mean that it could kill me because I think the one thing that we forget about these medical devices are they are connected to human beings they might be security devices electronic of nature ones and zeros but there's a human life that is at stake now this might seem a little bit dark but what would you rather pay for if your pacemakers ransomed you information on your life your goods obviously it's a good business plan for answering medical devices not that I say you should do it but I mean people are going to pay for their organs this is real organized crime situations where we see that it's a monetary situation if you infect a programmer with ransomware for example the tree infects other devices you have the potential to constantly have revenue this is not something that should be possible this is something that should be addressed with reserve memory space within these devices my device is a me is enabled how many of you think that that is exactly what they use anyone they don't it's available but it's not being used I got a statement from a
medical company saying you are coming to DEFCON and you have a pacemaker you're gonna die I'm not well I think I've got a bigger child sitting across from you being killed and I do being with the community because it's the community that's going to help me fix the problems that you've created I think that if we start interrogating these devices and being less worried about oh my god we're talking about killing people well yes we need to start talking about saving people rather than killing people how
would I explain this to you because this is something it's almost a soapbox moment when I started talking to the FDA they said but we've got pre market assessment what that means is they go through documentation of a device saying okay this is what the device claims or does and it's a checkbox exercise and that is all it is they in try and design these innovative new phenomenal devices that don't even get the fundamental basics right and you have a patient that could potentially die because the device is bought Pearlie I was able to go onto all of the manufacturers websites and download an excess of about a thousand technical user manuals meant for medical practitioners I could fool them and stake that I'm in the United States when I was sitting in South Africa none of these websites had user authentication they don't know if I was a doctor or not but I had access to how these devices revolt I know exactly what controller it's got what boards got implanted and what memory it has what do you think I can do with that information when I start reverse engineering it because then I can start knowing how these devices work and then exactly what I did with my own device and we were shocked to find that this device has actually got a wireless controller in even after I stated when they put this in two years ago I did not want it but that is what was available because having a program and extubate that communicates with your device with no username and calls it seems like an excellent idea I want it this is
something that's very close to my heart these people are really working they asked who for the companies and as as I've said these companies are not nice people the legal teams this gave me no Lots gave me those legal guys give me but I am the cavalry needs more researchers they need people in the device labs interrogating the infusion pumps the pacemakers the programmers and hacking the shit out of these devices then we can start shaking up the room and saying these devices are surely fucking unsecure I want a future where we can say that we not only have innovation we have security availability and accessibility to devices that are working this lady has been instrumental
and supporting me in doing the work that I like to do getting me in connection with the right people and this is the reality I am like her one of two people having our condition insecurity being connected to the wonderful desk on internet and IOT and being fucking unprotected I have never felt vulnerable the way I did two days before they've gone realizing that my device was passed by someone that I trust and stating that the vulnerabilities that they have associated with it is acceptable it is not acceptable to flatline and have to be resuscitated for eight minutes when I have a device I paid for fuck little money and doesn't work that doesn't mean I'm gonna get hacked but surely enough we just need one skiddy to decide it's a fucking good idea to go to a with these things writes a program accesses the devices are not realized what they've done we have situations where researchers at the point of being bullied week forward does not want to play nice and there's one way to solve that so the community just to basically step up and say enough is enough
whoever souls that I will buy a pair for you guys can run it if it doesn't work I was drunk when I wrote it but I really want to motivate you guys to get involved with I'm the cavalry every sick it doesn't even have to be hacking it's just looking at better ways to get protocols in place for companies to start fixing the stuff having support from the community is important because I can tell you I can access my device through multiple ways and means I was very shocked to find that my encryption was used no I understand no look I'm gonna say I understand physically I cannot be dying on the floor having a heart attack we're having an issue and go to the doctor and say boy let me give you my username and password it's not gonna work but there has to be some balance at the moment there is none so who's gonna go to the device lab who's gonna go to I am the cavalry I want to see everyone there because we need the community to start taking up the research again and start getting shit done because the future is coming we cannot have our first malware or we could have had it already because if you thought asking medical companies what's your incident response plan do you check someone that's fast away from a pacemaker do you know why they died that's natural causes they've had a heart problem how do you know the pacemaker did not fail they don't do checks and balances for me that is a fundamental problem and I am tired of dealing with the shit alone I am tired of being bullied I want the community to start stepping up and I want the youngsters the new the future because I'm not the future so thank you for your time I can tell you I wanted to ask what you think about market solutions that would involve security measures that are marketed this way so that the consumer knows they're getting a device on what kind of entry barriers like a new company would have to face to be able to get this on the market actually be able to kind of solve these problems without having to deal with the current manufacturers of these devices thank you I think if we had a new kid on the block that is able to offer a secure and transparent solution to patients I wouldn't mind an open-source device not that I'm saying I would like to program it myself because god I'm an awful programmer but I would like to know what what the code is doing I would like to be able to read and understand it because for example machine learning is an excellent idea in many applications but not in the situation where your heartbeat does certain specific things the doctor knows what it's supposed to do so I think if a new company can come on board and start doing secure devices and they focus a little bit more on security I would go get that device every five years I would have the surgery because I would sleep better and then just on that and another note I want to say thank you to the soft wounds that made time to come visit thank you guys they've been working hard so buy them a beer later today hey but seriously we need to build secure medical devices these aren't little devices that just do something they keep someone alive and it's not just about me it's about I think there's about 2.3 million people with pacemakers or I CDs or brain implants or any medical device that could be genocide when we have a Stuxnet situation on our hands I hope this question isn't too much of a sidetrack but you've mentioned Barnaby Jack a couple of times who died under somewhat mysterious circumstances shortly before giving a talk about hacking these implanted devices at blackhat do you know of any information sources about any investigations around this death or anything or is there anything you would comment on about what you've heard about it I don't have any any information I would love to have more information I didn't know I was not lucky enough to have known him heaven alone knows I if I could reanimate someone that would be probably the one person I would reanimate to have a conversation with because that man had a big set of all he took on a big manufacturer that's not a small task I have had this much in a couple of years that I've done and I and the friends that know me very well have heard me cry and I don't cry often because I don't have feelings that I'll never heart that works I've got a metal heart but frustration has been there I wish I could tell tell you what's happened I don't know and I don't think there's enough evidence for me to hypothesize about it and I think it would be disrespectful for me because the man was a legend it's food it was a very sad thing to happen to the community and I think it was this research would have gone much further if that did not happen here age says that he died of overdose in discussion I don't know I don't have the odds of you I think you guys should all have a beer afterwards in discussing because we're getting sidetracked and this is not a conversation I have this age but that's exactly what Barnaby seed actual it is fun to make small things that if you start thinking the way that malicious attackers will think is easy I can I will do that for you guys find me on Twitter poison Pixy if you want to know the story behind my nickname you can come ask me I don't have any information for you guys unfortunately so it's kind of related at that point one of the talks the other day was from the FDR had that representative of the FDA who I think was here personally but still knew what was going on and she stated that there are cyber security regulations in FDA so I was just kind of curious what's going on like if those exist are they just not sufficient or that being followed they do exist I actually have met with the FBI representative we will be having more conversations about that I haven't put up a definite difference of opinion because and all of the day things are acceptable and acceptable risks and I'm saying fuck that that's not I cannot explain to you guys lying in bed and I see well I see yous fine because I'm used to it I get too scared all some devices lying in bed you know they are very used to me where I'm from having multiple computers going while being hooked up to monitors but feeling the sense of dread I've never felt that sad and I'm not supposed to have that feeling when your heart rate hits about 30 and your blood pressure's 40 over 30 and your doctor's tapped you on the head of it says I've got you and you're thinking what the fuck is about to have to include my I said he's supposed to now start doing its thing and it just switched itself forth between two default another side wall I'm not gonna do anything the FDA is trying to fix things but it's legacy devices anyone an i-team the hacking and security noise legacy devices fucks us over okay they difficult to fix and this is not something that I can go pull off a shelf this is physically something that's implanted into someone when you implant cardiac the leads they go into the heart if you pull those out not carefully you can kill someone that a author can first so it is very difficult for the companies fix these legacy devices I don't want to come see me after because I'm not quite moving to make the statement publicly but I'll tell you what they told me thank you thank you very much sharing of your story you want a situation where it was very short time between the decision of having a pacemaker and actually having an employment what are your concerns about how the general public people where the decision about taking a pacemaker may be influence on the way that we as a community of IT specialist is actually influencing the general public in to taking peacemaker because they are afraid that is what scares me about the future because I was seeing more and more patients become aware after the recall for some dudes which got a lot of press and that's sad to me because I had the opportunity to be here today because I got a pacemaker so that is where my saying beautifully broken wonderful flawed comes from because yes the devices are flawed but we also can't expect miracles they are built by humans humans are flawed by Nature all that we can do is learn to go forward and learn together there has to be a bridging done and that is what I think I am the cavalry is doing so successfully they are bridging manufacturers with researchers they have included the e FF in that as well they are bringing everything full circle but it scares me for the future knowing that people might decide not to get devices and faster way which would be like being a sign moves also I mean you know it would be sad if some I got my second implant so I'm taking it further now but I mean biohacking is a real thing we as humans will evolve but I mean why not use technology that's there to keep us alive longer and it seems stupid but I can understand someone being concerned about the security of the device I am as well likely I'm not a high level target so you know I'm not Dick Cheney you guys know do you guys know slashes got a pacemaker now I'm part of the cool kids a he's actually got a pacemaker there's lots of influential people that I have these devices and I call some if you think about it what it does is it's amazing it can take over the beat of the human heart it keeps me yet it enables me to wake up tomorrow morning and survive another day I mean time for me is precious because at 19 I got you in two weeks I cannot describe it to you guys it is the worst feeling in your world thinking god I should have had that for breakfast roller or I should have seen garden roses live you should have seen material up luckily for me after my pacemaker got to see Metallica twats today I'm making a fool of time but there are people didn't not get these device I know one person that's refusing to get it because they are afraid I've been hacked and that's sad because I would like to say to them your device is not as flawed as you think should that would be lying and untruthful I am carrying the flaws with me I'd rather have a flawed device and no device because I can still make a difference but if I'm dead I cannot do the same so that's why I'm saying is we need everyone to step up and do this together this is not a meeting it's it's an us thing it's a tribe thing it's a coming together of great minds because I think forensically you might think some some come tough anyway well someone might think offensive defensive we need to bring that full circle and I think that would be lacking in the security will be segregating from each other we actually want family doing the same thing with different skills but I think that coming together is an advance like this facilitating it with the different villagers yeah that's all for my side yeah please do by recording I can make a very strange question and to program the pacemaker that can be in 10 meters path or it can be 30 centimeters that depends on what kind of system that I'm more afraid for I PMD attacks then more that somebody use electronic pulse and everything's talking is at 10 meters I'm more fight for those things they're more personal that is one of the fears because I actually read my devices technical manual and went holy fuck this was a bad decision because it's cold it's electromagnetic feel it's all those kind of things so when I go to this is a funny story so I'm a very nice person right you got you guys think I'm friendly and I like the soft wounds on a lot also Filipina hassling them I'm a nice person apparently coming to Def Con presenting the talk that I do I get a freedom bundle and every point I generally do though because I can't go through the magnetic the metal detectors because effectively that magnetic field switches my pacemaker all so these are sort of these are little things that they haven't fixed yet and that I have experienced it's no fun if you have a pacemaker don't do it because I did I said let's see what happens you know because I like to live dangerously I need to know what happens when I go through a metal detector don't do it trust me it sucks so the thing is if you read these technical menus and go onto any of the wave fat we had a great chuckle about it we actually check this it's also certificates what else everything the security sucks so I'm like one get that right I'm a little bit worried about them doing my device to be quite blunt about it but you can get the technical manuals and then the precautions in there I can trust tell you my my doctor didn't tell me about them he just said don't go through a metal detector well how do you do when I fly this cosmic radiation internationally that has an effect on how my device is programmed as well so effectively after every international travel I have to go to my doctor pay a lot of money and have my device reprogrammed small things we can fix but it's labor intensive and time intensive that's all anyone else does it that bad [Applause]