Hackers will be hackers – Or, how developers tried to connect to my device during the AT&T Hackathon

Developer conferences and hackathons are remarkable events. Attendees are veritable wizards with code. From a clean slate, teams will compose applications with remarkable depths of functionality within a period of hours.

With such technical acumen, it is not uncommon to observe other characteristics, like curiosity. Such was the case earlier today. As the developers stopped working on their apps, and judging began on the various ideas the teams put together, a medical device I rely on daily started responding to Bluetooth connectivity queries at the AT&T Developer Summit Hackathon.

The prosthetic device you see in the embedded photo is the X3, made by Ottobock, based in Germany. The X3 is one of the most advanced prosthetic knees in the world. I was part of a small group of veterans that tested the prototype design of the knee (called the X2) for the U.S. Army a few years ago, and was one of the first people in the world to receive the X3.

These high-end prosthetics are equipped with microprocessors to assist with stability, going down stairs, locking in position while standing, and walking in general. There are also a number of user adjustable features. The battery needs to be recharged about once per week, and various walking characteristics are programmed via Bluetooth, so the X3 is discoverable to other devices. Apparently, the X3’s Bluetooth ID looked interesting enough to find out what it was.

One of the challenges of the hackathon was making the best use of Plantronics technology which, among other things, includes Bluetooth. Well, once the presentations were complete, and people were done making apps, my X3 started beeping like crazy. As a connection was made, it would beep quickly, and as it would reject commands for access, it would issue two longer beeps. This was happening repeatedly no matter where I walked around the venue where the Hackathon was being held.

Given the comparative rarity of my particular piece of technology, thankfully, the firmware in my knee managed to reject all commands from the curious code jockeys, but it took an announcement from the event emcee to ask people to cease connection attempts to my knee’s Bluetooth ID, citing it as an active medical device. Immediately following the announcement, the knee offered two quick beeps, indicating connections were terminated.

Of course, the thought crossed my mind several times about what I would do if someone managed to change the settings that might have put the knee locked in straight mode, or removed all assistive settings completely. That would have made for an interesting, obtrusive, and extra eventful week at CES 2016.