The Latest in IT Security

BH 2011: Hacking medical devices for fun and insulin

09
Aug
2011

Jay Radcliffe's Twitter photoLast week at the Black Hat 2011 conference Jay Radcliffe, a Type-I diabetic like myself, presented his research into the security of modern medical insulin pumps.

For the uninitiated an insulin pump is used to deliver the hormone insulin to diabetics who can no longer produce insulin naturally and gain better control of their blood glucose than can be achieved using multiple daily injections (MDI).

Newer models of insulin pumps offer the ability to communicate by radio to make diabetics’ lives easier. The device can read your blood sugar automatically from a continuous glucose monitor (CGM) or blood glucose meter.

Insulin pump like the one used in the demonstrationJay investigated and reverse engineered the radio protocol between the CGM and the pump and was able to discover a lot about how the device communicates. The device was vulnerable to replay attacks, but he was unable to fully forge fake glucose readings.

The devices are also configured to allow you to disperse insulin from a handheld sensor, something akin the the device on your keychain for locking your car. A third method of wireless communication is also possible using a USB stick that talks to the pump over radio.

Radcliffe explored the third method as the vendor provides a Java application that can be used to wirelessly configure the device. This is the very scary part, there was no authentication nor encryption between the configuration tool and the device.

It does require the serial number, although arguably it could be social engineered, or simply brute forced. My device has a six digit ID, so brute forcing it is not out of the realm of possibility.

What could you do were you able to talk with someone’s insulin pump over the air? You could turn it off, change any and all settings on the device related to the delivery and calculation of the correct quantities of medicine they require, nearly any setting the device supports.

Worse yet the device has no ability to notify you that it was modified, or prompt you to accept this new configuration. Perhaps it is time I built a tinfoil hat for my pump… the radios cannot be disabled.

At this point in time it is not possible to “patch” the firmware on a device, leaving it vulnerable for the life of the device (usually five to ten years).

This could kill people if it were used by someone with malicious intent. Hopefully Radcliffe’s research will result in manufacturers taking the security of medical devices much more seriously.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments