backtop


Print 13 comment(s) - last by NellyFromMA.. on Aug 8 at 2:21 PM


  (Source: emftesting.net)
An attacker could intercept wireless signals with a powerful antenna and "broadcast a stronger signal," which would cause blood-sugar levels on the monitor to change

Wireless medical devices such as pacemakers, insulin pumps and defibrillators have made life not only possible for those who use them, but convenient as well since there are no cords to mess around with. On the other hand, there are dangers associated with using such equipment: hackers.

Hackers are commonly associated with computer systems, where websites are broken into and private information is sometimes stolen. In 2011 alone, cyber criminals have attacked and stolen information from Sony, the Pentagon, Bank of America and many more. But in this particular case, hackers could move from traditional mediums to the hacking of wireless medical devices.

Jerome Radcliffe, a security researcher, is a diabetic who uses an insulin pump and a glucose monitor at all times to control his blood sugar. He has become increasingly interested in the security of the medical device that is saving his life, and set out to see if proprietary wireless communication could be reverse-engineered while a device launches an attack that could manipulate a diabetic's insulin, potentially leading to death.

Computer scientists have already proved that pacemakers and defibrillators can be hacked wirelessly through the use of radio hardware, an antenna and a PC. This research was published in a 2008 paper, which described how an attacker could send a lethal shock to an implantable cardiac defibrillator. 

Now, Radcliffe has found that a lethal attack is possible against those with insulin pumps/glucose monitors as well. According to Radcliffe's research, an attacker could intercept wireless signals with a powerful antenna and "broadcast a stronger signal," which would cause blood-sugar levels on the monitor to change. This causes the person wearing the pump to adjust the insulin dosage, and constant adjustment (when it is unnecessary) could cause a severe "high" or severe "low" in the diabetic's blood sugar, possibly leading to death.

Radcliffe added that an attacker could accomplish this within a couple hundred feet of a victim, but with a stronger antenna, it can be done up to a half-mile away.

"My initial reaction was that this is really cool from a technical perspective," said Radcliffe. "The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."

One has to wonder what would cause a person to want to hack a wireless medical device and put a person's life at risk. Dr. William Maisel, an assistant professor at Harvard Medical School, offered some perspective on the matter. 

"Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego," said Maisel.

Radcliffe is sharing his research in a presentation called, "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System" at the Black Hat security conference.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Wow
By NellyFromMA on 8/8/2011 2:21:05 PM , Rating: 2
"My initial reaction was that this is really cool from a technical perspective," said Radcliffe. "The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."

Wow, what a prick.




"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki