Hardware Hack: Hacking the ICE Medical ID USB wallet card

I am happy to say that I have a totally new type of post for my readers.

I am going to detail how to modify to the “ICE Medical ID” product to be relevant for those of use who do not want to be stuck crappy proprietary software. This only barely qualifies as hardware hacking, I am just going to detail how to remove the default software that comes with the card. But once this is done, it will form the foundation for some much cooler work. I bought my card for $20 at a local CVS, but you can get them all over the place. The only difference between this and some other credit card sized usb drive is that it is clearly labeled that it contains your In Case of Emergency (ICE) information. Most importantly, the card is Open Source and remix friendly. You can put whatever you want on the card and your EMT or ER personnel might find it.

First, you need to turn on viewing hidden files and potentially hidden system files in your Windows folder configuration. (Unless you are using GNU/Linux, which makes this step unneeded) This will allow you to see the hidden system files that the Ice.exe relies on.  Once you have done this you should be able to see the following files on the USB drive:

Ice.exe

unicows.dll

Ice (a directory)

Autorun.inf

The hack could not be simpler… delete all of these.

The Ice.exe file is a simple PHR application that makes all of the first-generation software errors. It stores its data in xml (under the ice sub-directory) but not in CCR or CCD, making the data you enter there trapped. It has bullet choice defaults, even when a user has not chosen data. The end result is that the application makes assumptions (like that a user is married) for unselected options. This is exactly the reason why Health Information software should be open source. The company that released this card has no business creating health software and they hired professional developers, but amateur health informaticists to do this work. Lots of rookie mistakes here.

I replaced the above with a simple text file with the following information:

Hi,
If you are reading this then I must be hurt very badly.
Please make sure my wife, Laura Trotter (email) and (phone number)
and my brother Rick Trotter (email) and (phone number)
are fully informed regarding my condition.

My blood type is O+
I had minor knee surgery on my right knee several years ago. A small part of my patellar tendon was removed.
I am not allergic to anything that I know of. I have never had a reaction to any anesthesia.
You should be able to find an health insurance card in my wallet, where you found this card.

Thank you for taking care of me.

Regards,
Frederick (Fred) Clayton Trotter

Email might seem funny, but it might be possible that my wife is in a different country when I am injured, and email always works…

I thought about replacing the Autorun.inf with something to popup the text file automatically when the USB was inserted into a computer, but Windows 7 no longer supports non-optical drives running Autorun.inf and Apple OS X or GNU/Linux computers do not support that either. It is just as well since most of the time I insert the card into a computer I will be using it to transfer files.

I also could and probably will upgrade the text file to an html file at some point. But I think that kind of work is best left to when I can integrate the record with Google Health or better yet with Indivo. Html would have the added benifit of allowing me to integrate a picture, which would make it pretty simple to include information on one card for several people, a mom-pleasing feature indeed. (You can do this with the proprietary software only after you purchase the privilege)

Enjoy hacking your healthcare information.

-FT

8 thoughts on “Hardware Hack: Hacking the ICE Medical ID USB wallet card”

  1. Anyone that plugs an unknown card like this in to their system,
    unless the system is designed and isolated for such unsafe
    usage has failed “Penetration Testing”.

    See this for an example:

    http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=47
    “…the penetration testing company left 20 USB drives near the credit union in the parking lot and smoking areas. Employees picked up 15 of the 20 drives and installed them on their computers to see what they held, which turned out to be a Trojan horse program that gathered passwords, logins and other data and emailed them back to the company.”

  2. VERY cool “hack”! What’s funny is that deleting all the cards default files is what actually makes it useful.

    Maybe their version 2 of the card will be much better for the general public.

    Thanks for the info!

  3. Very interesting. I like the simple “hack.” I wonder how many emergency personnel will look for this. However, I guess they’ll be looking through my wallet to find out who I am. I like it a lot.

  4. True, which is why a simple text or html file, rather than an executable of any kind, are better contents for the usb drive.

    Also, it would be better if the card would contain some kind of hyperlink to your health information, so that healthcare people would not -have- to insert the usb…

    Hopefully all addressed in an upcoming hack…

    -FT

  5. Ive read all the posts and have the card in hand. I feel you guys are all correct in part, but I fear you are missing the point. It wasnt designed for techies and it isnt idiot proof from the IT perspective by any means. However it is *EXACTLY* what the CHARGE NURSE at the ER needs to see in order to get the background info they may need to keep YOU alive. Especially if youre dealing with potentially life-threatening medical issues where having the correct and complete medical info in the correct and competant hands might be important to you.

    If Im awake and able, I can direct those attending me to look at the USB card. Otherwise, the medic dog-tags and wallet card will be enough to keep me alive for a while. The old-fashoned hard copy does refer them to look at the USB card for info such as directives, insurance and medical records, meds list and the like. Between the dog-tags and the USB card, Im good.

    Furthermore, the content on the card should be in the form of a PDF file. Everyone can read and print it. Hyperlinks are fine, but hard to do from a printed file. Keep it simple, save your life.

    -Rick

  6. It’s about the ICE Card. On the blister it says 2GB, on the web tech specs. 1 GB and in real it is only 448 KB.

  7. Ok, well I went into tools and unhid the files and now the card will not display the ICE at all. I know it is still there but can not see it. Went back in to undo what I did and it still will not work. I guess you have to be a techie to do it. Appreciate any suggestions.

Comments are closed.