Deaths of public figures often give rise to a raft of speculation and the passing of prominent cybersecurity expert and medical device hacker Barnaby Jack was no exception.
Jack, who passed away at the age of 35, was just days away from releasing his latest ‘exploit’ in a highly anticipated presentation at the international cybersecurity conference, Black Hat, in Las Vegas. Having made a name for himself by discovering vulnerabilities in ATM systems, Jack had begun tinkering with medical devices and was slated to present his work on cybersecurity risks in implantable pacemakers and defibrillators.
Given the sometimes shadowy world of cybersecurity and the ongoing battles between hacker groups like Anonymous and governments and corporations around the world, the conspiracy theories were all but inevitable.
"It’s definitely a well-orchestrated assassination," user Hankhill wrote on the hacker forum BlackHatWorld.com. "He has made many enemies from many sides, there are many out there who just want him to go away."
"I’m betting this was the result of industrial espionage, i.e. corporation neutralizing an independent hacker cuz he was a threat," user Tensegrity added.
The upcoming pacemaker hack wasn’t Jack’s 1st swing at medical devices. He made headlines last year when he demonstrated that he could hack a common insulin pump from 300 feet away, using little more than a laptop and a custom-made antennae. Word on the street was that this year he was going to hack a pacemaker from 50 feet away.
"The software I developed allows the shutting off of the pacemaker or ICD, reading and writing to the memory of the device, and in the case of ICDs it allows the delivering of a high voltage shock of up to 830 volts," Jack said during a recent interview with Vice.com. "I wanted to look at these devices with the aim of demonstrating and raising awareness of the issues I found, then hopefully spark the manufacturers into implementing a more secure design."
Jack was a so-called "white hat" hacker, someone who fiddles with systems for research, for systems security evaluations or for other benign purposes. He was working with medical device makers to find ways to make the technology more secure. It was precisely his work with the powerful medical device industry that online commenters speculated led to this death.
The San Francisco medical examiner’s office had not yet determined the cause of death and told MassDevice.com that there may not be a determination on the matter for weeks or even months, but that didn’t stop the vast and nameless masses on the internet from speculating.
"Killing a well-known hacker just before a major convention sends ‘a message’ to ALL those ‘black hat hackers’," user Nigel Farage wrote. Others made snide remarks about a certain U.S. Vice President and his reliance on a cardiac implant.
The rumors are difficult to defend, especially since Jack was not the 1st ‘white hat’ hacker to demonstrate vulnerabilities in cardiac implants. In 2008 security researcher Kevin Fu uncovered security vulnerabilities in a Medtronic (NYSE:MDT) implantable pacemaker, using unencrypted traffic between the device and its controller to reverse-engineer the code and control its shocking capabilities.
The exploits that Jack revealed had also been the subject of presentations given months ago, including a talk he gave during the Breakpoint security conference in Melbourne in October 2012.