A security researcher from Meridian, Idaho has revealed that some insulin pumps used by people with diabetes could potentially be hacked, causing patients to receive the wrong amount of insulin. Speaking at the Black Hat Technical Security Conference in Las Vegas, Jerome (aka Jay) Radcliffe said he had experimented on his own pump and found a terrifying lack of security for a device that is crucial for his health.
Insulin pumps are just one of an increasing number of medical devices that use wireless technology to allow doctors and healthcare professionals to control them remotely. According to experts, the majority of these devices don't use advanced processors, and therefore don't allow complex encryptions that would safeguard against hackers.
Radcliffe was able to reprogram his insulin pump so that it could be controlled by a different remote. He used a USB device which is easily available from medical suppliers, as well as on eBay. He was able to see what data was being transmitted to the insulin pump, and was able to control the amount of insulin being administered.
A hacker would usually need to be located within roughly 200ft of a patient in order to tamper with their pump - in a hospital, the implications of this are a real concern. With a sufficiently powerful antenna, however, a hacker could potentially access the device from as far as half a mile away. There is no evidence that any of the techniques posited by Radcliffe have been put to use, but there have been attacks in the past targeting pacemakers and defibrillators. Manufacturers have been quick to play down the threat posed by hackers, but it is surely only a matter of time before someone exploits this vulnerability for nefarious purposes.
Researchers at the Massachusetts Institute of Technology and University of Massachusetts are currently working on wearable jammers, which would serve to block signals from hackers. However, it is unclear how doctors would access the devices remotely if jammers were being used.
Insulin pumps are just one of an increasing number of medical devices that use wireless technology to allow doctors and healthcare professionals to control them remotely. According to experts, the majority of these devices don't use advanced processors, and therefore don't allow complex encryptions that would safeguard against hackers.
Radcliffe was able to reprogram his insulin pump so that it could be controlled by a different remote. He used a USB device which is easily available from medical suppliers, as well as on eBay. He was able to see what data was being transmitted to the insulin pump, and was able to control the amount of insulin being administered.
A hacker would usually need to be located within roughly 200ft of a patient in order to tamper with their pump - in a hospital, the implications of this are a real concern. With a sufficiently powerful antenna, however, a hacker could potentially access the device from as far as half a mile away. There is no evidence that any of the techniques posited by Radcliffe have been put to use, but there have been attacks in the past targeting pacemakers and defibrillators. Manufacturers have been quick to play down the threat posed by hackers, but it is surely only a matter of time before someone exploits this vulnerability for nefarious purposes.
Researchers at the Massachusetts Institute of Technology and University of Massachusetts are currently working on wearable jammers, which would serve to block signals from hackers. However, it is unclear how doctors would access the devices remotely if jammers were being used.
No comments:
Post a Comment