medical devices such as pacemakers, insulin pumps and
defibrillators have made life not only possible for those who use them, but
convenient as well since there are no cords to mess around with. On the other
hand, there are dangers associated with using such equipment: hackers.
Hackers are commonly associated with computer systems, where websites are
broken into and private information is sometimes stolen. In 2011 alone, cyber
criminals have attacked and stolen information from Sony, the Pentagon, Bank of America and
many more. But in this particular case, hackers could move from traditional
mediums to the hacking of wireless medical devices.
Jerome Radcliffe, a security researcher, is a diabetic who uses an insulin pump
and a glucose monitor at all times to control his blood sugar. He has become
increasingly interested in the security of the medical device that is saving
his life, and set out to see if proprietary wireless communication could be
reverse-engineered while a device launches an attack that could manipulate a
diabetic's insulin, potentially leading to death.
Computer scientists have already proved that pacemakers
and defibrillators can be hacked wirelessly through the use of radio
hardware, an antenna and a PC. This research was published in a 2008 paper,
which described how an attacker could send a lethal shock to an implantable
Now, Radcliffe has found that a lethal attack is possible against those with
insulin pumps/glucose monitors as well. According to Radcliffe's research, an
attacker could intercept wireless signals with a powerful antenna and
"broadcast a stronger signal," which would cause blood-sugar levels
on the monitor to change. This causes the person wearing the pump to adjust the
insulin dosage, and constant adjustment (when it is unnecessary) could cause a
severe "high" or severe "low" in the diabetic's blood
sugar, possibly leading to death.
Radcliffe added that an attacker could accomplish this within a couple hundred
feet of a victim, but with a stronger antenna, it can be done up to a half-mile
"My initial reaction was that this is really cool from a technical
perspective," said Radcliffe. "The second reaction was one of maybe
sheer terror, to know that there's no security around the devices which are a
very active part of keeping me alive."
One has to wonder what would cause a person to want to hack a wireless medical
device and put a person's life at risk. Dr. William Maisel, an assistant
professor at Harvard Medical School, offered some perspective on the matter.
"Motivation for such actions might include the acquisition of private
information for financial gain or competitive advantage; damage to a device
manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied
customer or terrorist to inflict financial or personal injury; or simply the
satisfaction of the attacker's ego," said Maisel.
Radcliffe is sharing his research in a presentation called, "Hacking Medical Devices for Fun and Insulin: Breaking
the Human SCADA System" at the Black Hat security
quote: you're not supposed to play Xbox for more than an hour without an exercise break