Vulnerability Management

Acclaimed researcher Barnaby Jack dies days before Black Hat talk

Updated below

A week before he was set to demonstrate a major security vulnerability in wireless pacemakers and defibrillators that could harm or even kill patients, renowned researcher Barnaby Jack has died, his employer confirmed on Friday morning.

News of the New Zealand native's death stunned the security and privacy community, many of whom will be attending next week's Black Hat conference in Las Vegas. Jack was scheduled to present "Implantable Medical Devices: Hacking Humans" at 2:15 p.m. PST on Thursday.

Jack, 35, the director of embedded device security for services firm IOActive, died in San Francisco, according to a Reuters story, quoting the city's medical examiner. The office provided no other details.

Black Hat officials said Friday morning that the conference will not replace Jack's talk with another. Instead, the session room will be left open so attendees can view photos of the researcher and share stories.

Jack was a fixture in the research speaking circuit, and was heavily focused on uncovering vulnerabilities in increasingly automated and network-connected embedded devices, including those found in cars and SCADA systems. Most recently, he shifted his focus to medical devices and had been working with the U.S. Food and Drug Administration on his most recent discovery.

In 2011, at the Hacker Halted show in Miami, Jack, then working at McAfee, demonstrated how implantable insulin pumps made by Medtronic could be compromised to deliver a fatal dose of the hormone to diabetics.

A year earlier, in perhaps his most famous public hack, Jack brought two ATMs onto the stage at Black Hat and delivered commands that forced them to spit out twenty-dollar bills while playing music. A year earlier, he was forced to postpone the talk because of vendor concerns. 

Arian Evans, vice president of strategy at WhiteHat Security, knew Jack for more than a decade. He told on Friday that Jack was driven lately by an interest in learning about the security issues of devices "that protect our lives." He was becoming a consumer advocate in the vein of Ralph Nader, Evans said.

“It's stating the obvious that he was exciting and sensational,” Evans said of Jack's reputation as a charming and vivacious hacker and showman. “But in the last few years of Barnaby's life, he chose to focus more on what kind of hacking would impact people's lives rather than what would make more money."

Another friend, Jayson Street, who is a senior partner at Krypton Security, a Beirut-based firm, told that Jack's energy was contagious.

“I've never seen him without a smile on his face,” Street said. “He was always up for shenanigans, and it was very hard to be sad around him. He was just a genuinely nice person. He wasn't trying to be the funny guy for a conference. That's just who he was. The security community didn't just lose a great researcher, I think everybody really lost a great fellow human being.” 

Friends and peers of Jack also took to Twitter to remember him.

UPDATE: Black Hat released a statement on Jack's death.

We have lost a member of our family. Everyone would agree that the life and work of Barnaby Jack are legendary and irreplaceable. Barnaby had the ability to take complex technology and intricate research and make it tangible and accessible for everyone to learn and grow from. Beyond his work in our industry, Barnaby was an incredibly warm-hearted and welcoming individual with a passion for celebrating life. We all have a hilarious and upbeat story about Barnaby. He is truly a shining example of what we love about this community. 

Black Hat will not be replacing Barnaby's talk on Thursday, Aug. 1. No one could possibly replace him, nor would we want them to. The community needs time to process this loss. The hour will be left vacant as a time to commemorate his life and work, and we welcome our attendees to come and share in what we hope to be a celebration of his life. Barnaby Jack meant so much to so many people, and we hope this forum will offer an opportunity for us all to recognize the legacy that he leaves behind.

Our deepest sympathies go out to Barnaby Jack's family and loved ones. Words cannot adequately describe how much he will be missed, but it is certain that Barnaby will NEVER be forgotten. 

Update 2: A memorial fund has been established in Jack's honor.

"The Barnaby Jack HacKid Fund will help to provide our future inventors, makers, hackers, explorers and programmers age 5-17 and their families a safe, innovative, creative community like the one he was so integral," according to the description.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.