US hacker dies a week before he was to reveal 'pacemaker flaw'
Barnaby Jack famous for prompting firms to rectify problems uncovered by his hacking
A prominent hacker who discovered a way to have automatic teller machines spit out cash and was set to deliver a talk about hacking pacemakers and other wireless implantable medical devices has died in San Francisco.
Barnaby Jack died at his home in San Francisco Thursday, although the cause of death is still under investigation, San Francisco deputy coroner Kris Barbrich said.
Jack, who was in his mid-30s, was scheduled to speak on Wednesday at a security conference in Las Vegas. The headline of his talk was, "Implantable Medical Devices: Hacking Humans," according to a synopsis on the Black Hat conference website. Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators. He said last week that he could kill a man from nine metres away by attacking an implanted heart device.
The topic is reminiscent of the second season of the TV drama Homeland, when terrorists kill the vice president by hacking into his heart device.
His genius was finding bugs in the tiny computers embedded in equipment, which forced equipment makers to fix their software.
Jack became one of the world's most famous hackers after a 2010 demonstration of "Jackpotting" - getting ATMs to spew out bills. A clip of his presentation has been viewed more than 2.6 million times on YouTube.
He had spent years tinkering with ATMs he bought online and found that the keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He used his key to unlock a compartment in the ATM, and then used a USB slot to insert a programme that commanded the ATM to dump its vaults.
Two years ago, Jack turned his attention to medical devices while working on a team at McAfee that engineered methods for attacking insulin pumps. Their research prompted medical device maker Medtronic to revamp the way it designs its products.
Last year, he showed the security flaw that allowed him to hack the device from as far away as 300 feet, forcing it to dispense the hormone. The conference said it will not replace Jack's talk, but instead leave the slot open so people can commemorate his life and work.
The US government also noticed Jack's work. "The work that Barnaby Jack and others have done to highlight some of these vulnerabilities has contributed importantly to progress in the field," said William Maisel, deputy director for science at the Food and Drug Administration's Centre for Devices and Radiological Health.
Jack's passion for hacking sometimes got him into trouble.
In 2010, he connected his laptop to a gold bullion dispensing machine at a casino in Abu Dhabi, according to fellow hacker Tiffany Strauchs Rad. She said Jack had permission from a hotel manager to hack the machine but security officers intervened.
It turned out the hotel did not actually own the gold machine and the American embassy had to be called in to help resolve the misunderstanding, Rad said.
"He would hack everything he touched," she said.
Associated Press, Reuters, Bloomberg