Barnaby Jack, a renowned white-hat hacker, who uncovered a way of making ATM machines give out cash, was found dead on Thursday evening at his apartment, in San Francisco. Jack was 35.
According to Reuters, the San Francisco Medical Examiner's Office is still investigating the cause of his death, although it said foul play had been ruled out.
Jack was scheduled to present at Black Hat, in Vegas, next month, on "Implantable Medical Devices: Hacking Humans".
His speciality was discovering bugs and flaws in the minute computers embedded in medical devices, such as pacemakers, and insulin pumps, as well as ATMs and other devices.
In 2010, Jack demonstrated "Jackpotting", his method of getting ATM machines to release cash. He showed different kinds of attacks involving both physical access to the machines and completely automated remote attacks. In both cases, he injected malware into the operating system of the machines, causing them to dispense currency on the attacker's command.
In 2011, McAfee hired Jack as part of an elite squad of hackers charged with figuring out ways to break into hi-tech gear, including heart pacemakers. At the RSA Security Conference, in San Francisco, that year, he demonstrated the wireless hacking of an insulin pump. Using a transparent mannequin, he demonstrated he could wirelessly hack an insulin pump from a distance of up to 300 feet, causing the device to release its entire contents into the body at once, a lethal dose.
The following year, Jack showed it was possible to assassinate a victim by hacking his pacemaker, a scenario first highlighted in the popular TV series Homeland. At the time, Jack said the hack was even easier than portrayed.
He used his technical skills to find security holes before they could be exploited by criminals, and his previous research led to the US Food and Drug Administration changing regulations regarding wireless medical devices in 2012.
According to Fox News, this year, Jack was planning to unveil software that uses a common transmitter to scan for and "interrogate" individual medical implants. In his talk, Jack was going to demonstrate his methods of hacking into heart devices such as implanted defibrillators. Jack had said he could kill a man from 30 feet away by attacking an implanted heart device.
Reuters added that William Maisel, deputy director for science at the Food and Drug Administration's Centre for Devices and Radiological Health, said the work that Jack and others had done to illustrate how vulnerable these devices could be, had made an important contribution to progress in the field.
Jack's current employer, information security firm IOActive, tweeted: "Lost but never forgotten, our beloved pirate, Barnaby Jack, has passed. He was a master hacker and dear friend. Here's to you Barnes!"
Jennifer Steffens, CEO of IOActive, described Jack as one of the most accomplished security researchers, who dedicated his career to exploiting weaknesses in on-board computers in cars, automated teller machines and similar, to better protect them.
"A truly visionary man in many ways, Barnaby's recent critical research into the safety of medical devices such as pacemakers leaves behind a legacy that will never be forgotten," Steffens was reported to have said by the NY Daily News. "IOActive will be working with the industry as a whole to ensure the advancements Barnaby started in this field will continue saving lives for years to come."
Black Hat said it will not replace Jack's session at the conference, saying the hour would instead be left open for delegates to commemorate his life and work.
Share
