Jay Radcliffe, a diabetic security researcher, gave a presentation at the Black Hat conference in Las Vegas that exposed the vulnerabilities of insulin pumps with wireless capabilities. Inspired by his experience with his own pump, Radcliffe delved into the system and found that the pumps are susceptible to hacks that can alter the pump’s function and possibly kill the wearer. The hack works by intercepting the pump’s wireless signal, then broadcasting a stronger one so that the pump responds to the unauthorized remote instead of the real one. The false signals could be delivered from a distance of a few hundred feet to half a mile with the use of more powerful antennas.
Radcliffe told the Associated Press:
My initial reaction was that this was really cool from a technical perspective. The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive.
Discoveries like this are naturally pretty scary, not only to those with insulin pumps, but also to people with devices like pacemakers. Thankfully though, these discoveries are also leading to the quick development of security protocols for these devices, but that generally requires new hardware, which is problematic when the device is inside you.
While it’s terrifying that these devices could be hacked in order to cause physical harm, in a way, the likelihood of being hacked sort of drops off because the only reason to hack these devices is to cause physical harm. Computer hacks are most often performed for the purposes of identity theft or data mining (or sometimes the lulz), but an insulin pump hack wouldn’t have any of the same motivations. If someone goes so far as to hack an insulin pump to kill someone, it’s because they wanted to kill that person. This would simply be one of many, many ways to do it.
Either way, this is going to become an increasingly important issue to confront as more and more devices — some of which are keeping us alive — have wireless capability for one reason or another. Wireless monitoring definitely has a future in medicine and surgery, but it’s important to get security nailed down before this technology gets even more pervasive.
(via Computerworld)
Published: Aug 5, 2011 12:25 pm