backtop


Print 13 comment(s) - last by NellyFromMA.. on Aug 8 at 2:21 PM


  (Source: emftesting.net)
An attacker could intercept wireless signals with a powerful antenna and "broadcast a stronger signal," which would cause blood-sugar levels on the monitor to change

Wireless medical devices such as pacemakers, insulin pumps and defibrillators have made life not only possible for those who use them, but convenient as well since there are no cords to mess around with. On the other hand, there are dangers associated with using such equipment: hackers.

Hackers are commonly associated with computer systems, where websites are broken into and private information is sometimes stolen. In 2011 alone, cyber criminals have attacked and stolen information from Sony, the Pentagon, Bank of America and many more. But in this particular case, hackers could move from traditional mediums to the hacking of wireless medical devices.

Jerome Radcliffe, a security researcher, is a diabetic who uses an insulin pump and a glucose monitor at all times to control his blood sugar. He has become increasingly interested in the security of the medical device that is saving his life, and set out to see if proprietary wireless communication could be reverse-engineered while a device launches an attack that could manipulate a diabetic's insulin, potentially leading to death.

Computer scientists have already proved that pacemakers and defibrillators can be hacked wirelessly through the use of radio hardware, an antenna and a PC. This research was published in a 2008 paper, which described how an attacker could send a lethal shock to an implantable cardiac defibrillator. 

Now, Radcliffe has found that a lethal attack is possible against those with insulin pumps/glucose monitors as well. According to Radcliffe's research, an attacker could intercept wireless signals with a powerful antenna and "broadcast a stronger signal," which would cause blood-sugar levels on the monitor to change. This causes the person wearing the pump to adjust the insulin dosage, and constant adjustment (when it is unnecessary) could cause a severe "high" or severe "low" in the diabetic's blood sugar, possibly leading to death.

Radcliffe added that an attacker could accomplish this within a couple hundred feet of a victim, but with a stronger antenna, it can be done up to a half-mile away.

"My initial reaction was that this is really cool from a technical perspective," said Radcliffe. "The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."

One has to wonder what would cause a person to want to hack a wireless medical device and put a person's life at risk. Dr. William Maisel, an assistant professor at Harvard Medical School, offered some perspective on the matter. 

"Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego," said Maisel.

Radcliffe is sharing his research in a presentation called, "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System" at the Black Hat security conference.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: stupid
By ranran on 8/5/2011 10:16:28 PM , Rating: 2
As things stand now, you're right. There really aren't any true CGM's (continuous glucose monitoring systems)in use right now.

However, CGM's are eventually....eventually....going to be the technology to use. Medtronic just had a system approved in Europe, and is vying hard for FDA approval as well, though that will take a while longer. Other companies are coming along as well...

Initially, these systems will be useful to prevent hypoglycemic episodes (e.g. at night) by shutting off insulin, but they will eventually be allowed to administer insulin as well.

Given the wireless nature (pump at one site, monitor at another communicating wirelessly), I think this is a very very big deal and should be considered as they develop wireless security for these communications.


"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs

Did You Partake in "Black Friday/Thursday"?
Did You Partake in "Black Friday/Thursday"? 





0 Comments












botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki