Famed US hacker Barnaby Jack dies at 35

Barnaby Jack, a celebrated computer hacker who could force a bank ATM to spit out cash and sparked safety improvements in medical devices, has died in San Francisco, The San Francisco Medical Examiner’s Office said.

San Francisco Deputy Coroner Kris Barbrich said Barnaby Jack died on Thursday and said the Medical Examiner’s Office was still investigating the cause of death.

Jack, who was in his mid-30s, was due to appear at the Black Hat hacking convention in Las Vegas next week, demonstrating techniques for remotely attacking implanted heart devices. 

His genius was finding bugs in the tiny computers embedded in equipment such as medical devices and banking machines.

He received standing ovations at hacking conventions for his creativity and showmanship.

He became one of the most famous hackers on the planet after a 2010 demonstration of “Jackpotting” – getting ATMs to spew out bills.

The hacking community expressed shock as the news of his death spread via Twitter early on Friday.

“Wow … Speechless,” Tweeted mobile phone hacker Tyler Shields.

Jack’s most recent employer, the cyber security consulting firm IOActive Inc, said in a Tweet: “Lost but never forgotten our beloved pirate, Barnaby Jack has passed.”

Jack had served as IOActive’s director of embedded device security.

Attacked insulin pumps

Jack’s attacks on ATMs brought him the most attention, but his work on medical devices may have a much broader impact.

Two years ago, while working at McAfee, he engineered methods for attacking insulin pumps that prompted medical device maker Medtronic Inc to bring in outside security firms and revamp the way it designs its products.

He followed that up with work on heart devices that he was due to present at Black Hat next week.

Jack told Reuters news agency in an interview last week that he had devised a way to attack heart patients by hacking into a wireless communications system that links implanted pacemakers and defibrillators with bedside monitors that gather information about their operations.

“I’m sure there could be lethal consequences,” he said.

He declined to name the manufacturer of the device, but said he was working with that company to figure out how to prevent malicious attacks on heart patients.