backtop


Print 13 comment(s) - last by NellyFromMA.. on Aug 8 at 2:21 PM


  (Source: emftesting.net)
An attacker could intercept wireless signals with a powerful antenna and "broadcast a stronger signal," which would cause blood-sugar levels on the monitor to change

Wireless medical devices such as pacemakers, insulin pumps and defibrillators have made life not only possible for those who use them, but convenient as well since there are no cords to mess around with. On the other hand, there are dangers associated with using such equipment: hackers.

Hackers are commonly associated with computer systems, where websites are broken into and private information is sometimes stolen. In 2011 alone, cyber criminals have attacked and stolen information from Sony, the Pentagon, Bank of America and many more. But in this particular case, hackers could move from traditional mediums to the hacking of wireless medical devices.

Jerome Radcliffe, a security researcher, is a diabetic who uses an insulin pump and a glucose monitor at all times to control his blood sugar. He has become increasingly interested in the security of the medical device that is saving his life, and set out to see if proprietary wireless communication could be reverse-engineered while a device launches an attack that could manipulate a diabetic's insulin, potentially leading to death.

Computer scientists have already proved that pacemakers and defibrillators can be hacked wirelessly through the use of radio hardware, an antenna and a PC. This research was published in a 2008 paper, which described how an attacker could send a lethal shock to an implantable cardiac defibrillator. 

Now, Radcliffe has found that a lethal attack is possible against those with insulin pumps/glucose monitors as well. According to Radcliffe's research, an attacker could intercept wireless signals with a powerful antenna and "broadcast a stronger signal," which would cause blood-sugar levels on the monitor to change. This causes the person wearing the pump to adjust the insulin dosage, and constant adjustment (when it is unnecessary) could cause a severe "high" or severe "low" in the diabetic's blood sugar, possibly leading to death.

Radcliffe added that an attacker could accomplish this within a couple hundred feet of a victim, but with a stronger antenna, it can be done up to a half-mile away.

"My initial reaction was that this is really cool from a technical perspective," said Radcliffe. "The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."

One has to wonder what would cause a person to want to hack a wireless medical device and put a person's life at risk. Dr. William Maisel, an assistant professor at Harvard Medical School, offered some perspective on the matter. 

"Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego," said Maisel.

Radcliffe is sharing his research in a presentation called, "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System" at the Black Hat security conference.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: stupid
By JasonMick (blog) on 8/5/2011 12:14:12 PM , Rating: 2
quote:
I wear an insulin pump and find this article misleading. The manufacturer of the insulin pump and doctors both tell you to never rely on the constant glucose monitor to know when to give yourself insulin. You are always suppose to confirm your blood sugar with a traditional finger stick.

Sure, and you're not supposed to consume more than 3 Monster energy drinks a day and you're not supposed to play Xbox for more than an hour without an exercise break, but how many people ignore these warnings?

I think the point is that this may be dangerous to people who don't practice careful monitoring, instead overly relying on the device for "quick and dirty" measurement. I'd be willing to wager a fair number of diabetics, for better or worse, fall into that category.

Of course the chance that someone actually uses this hack against a diabetic in the real world seems slim, given the technical expertise needed.


RE: stupid
By Phynaz on 8/5/2011 12:57:13 PM , Rating: 2
Quit talking out your ass.

Anybody that drops $1K for a device that costs $300 a month to run is practicing careful monitoring. That's the point.


RE: stupid
By omnicronx on 8/5/2011 1:44:02 PM , Rating: 2
What about people who pay little to nothing for these devices as they are often covered under insurance plans and even government grants? (especially outside the US).

That said, I don't think Jason is giving enough credit to those that would require or use an insulin pump. A large portion insulin pump usage is by those not having success with daily injections. These are the exact kind of people who would be very careful monitoring their levels.

Still a bit disconcerting though..


RE: stupid
By ClownPuncher on 8/5/2011 1:41:09 PM , Rating: 2
Seriously, if you're diabetic you start to feel like trash if your blood sugar is off. You're motivated to self monitor as well.


RE: stupid
By omnicronx on 8/5/2011 1:49:20 PM , Rating: 2
When the average person starts to get hungry, he/she is motivated to eat, and under normal circumstances will probably do so. But that does not imply that he/she will do so 100% of the time.

I think the issue at hand is a bit exaggerated (for the reasons mentioned in my post above), but I'm sure many diabetics will attest to being lazy once in a while.


RE: stupid
By cruisin3style on 8/6/2011 3:34:27 PM , Rating: 2
quote:
you're not supposed to play Xbox for more than an hour without an exercise break


lol is it really one hour? I don't think i've ever not played xbox for more than an hour


“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki