Insulin pumps, monitors vulnerable to hacking
Las Vegas: Even the human bloodstream isn`t
safe from computer hackers.
A security researcher who is diabetic has identified
flaws that could allow an attacker to remotely control insulin
pumps and alter the readouts of blood-sugar monitors. As a
result, diabetics could get too much or too little insulin, a
hormone they need for proper metabolism.
Jay Radcliffe, a diabetic who experimented on his own
equipment, shared his findings with The Associated Press
before releasing them today at the Black Hat computer security
conference in Las Vegas.
"My initial reaction was that this was really cool
from a technical perspective," Radcliffe said. "The second
reaction was one of maybe sheer terror, to know that there`s
no security around the devices which are a very active part of
keeping me alive."
Increasingly, medical devices such as pacemakers,
operating room monitors and surgical instruments including
deep-brain stimulators are being made with the ability to
transmit vital health information from a patient`s body to
doctors and other professionals. Some devices can be remotely
controlled by medical professionals.
Although there`s no evidence that anyone has used
Radcliffe`s techniques, his findings raise fears about the
safety of medical devices as they`re brought into the Internet
age. Serious attacks have already been demonstrated against
pacemakers and defibrillators.
Medical device makers downplay the threat from such
attacks. They argue that the demonstrated attacks have been
performed by skilled security researchers and are unlikely to
occur in the real world.
Though there has been a push to automate medical
devices and include wireless chips, the devices are typically
too small to house processors powerful enough to perform
advanced encryption to scramble their communications. As a
result, most devices are vulnerable.
Radcliffe wears an insulin pump that can be used with
a special remote control to administer insulin. He found that
the pump can be reprogrammed to respond to a stranger`s
remote. All he needed was a USB device that can be easily
obtained from eBay or medical supply companies. Radcliffe also
applied his skill for eavesdropping on computer traffic. By
looking at the data being transmitted from the computer with
the USB device to the insulin pump, he could instruct the USB
device to tell the pump what to do.
Radcliffe also found that it was possible to tamper
with a second device he wears. He found that he could
intercept signals sent wirelessly from a sensor to a machine
that displays blood-sugar levels. By broadcasting a signal
that is stronger than the real-time, authentic readings, the
monitor would be tricked into displaying old information over
and over. As a result, a patient who didn`t notice wouldn`t
adjust insulin dosage properly.
With a powerful enough antenna, Radcliffe said, an
attacker could be up to half a mile away. This attack worked
on two different blood-sugar monitors, Radcliffe said.
Few public studies have been done on the
susceptibility of medical devices to hacking.
One such study, which appeared in 2008 from a
consortium of academics, found that a popular type of device
that acted as both a pacemaker and defibrillator could be
remotely reprogrammed to deliver potentially deadly shocks or
run out its battery.
More from India
More from World
More from Sports
More from Entertaiment
- UP: Jammu-bound Muri Express derails in Kaushambi
- Delhi's 2015 CBSE Class 12 topper M Gayatri talks to Zee Media
- Watch: Mumbai cops find new secret agents in housewives!
- One year of Modi govt: PM promises to fulfil aspirations
- No respite from heat for next three days: IMD
- DNA: Sikh man in New Zealand removed his turban to help injured kid
- One year of Modi govt: PM addresses mega rally in Mathura
- Hundreds die as heat wave continues in India
- 2G scam: Ex-TRAI chief alleges Manmohan Singh had warned him to cooperate
- Growing medical negligence in Delhi's AIIMS
- DNA: AIIMS doctor removes both kidneys of minor, claims she had only one
- Pranab Mukherjee defends Bofors scam, says it was just a media trial
- Zee Media's mega survey on Modi govt
- Salman Khan attends sister Arpita's wedding reception in Mandi
- Zee Media Exclusive: Vidya Balan chats about 'Hamari Adhuri Kahani'
- Check WBBSE (wbresults.nic.in) Class 12th Results: West Bengal Board (wbscvet.org) Higher Secondary Class XII Vocational Results to be declared today at 4 PM
- Two dead, over 100 injured as Muri Express derails in UP; Prabhu announces Rs 2 lakhs ex-gratia for kin of dead
- PM Narendra Modi's Mathura rally: As it happened
- Public rally on 100 days of AAP govt: As it happened
- One year of NDA govt: PM Modi writes open letter to nation, promises to transform India
- World optimistic about India: PM Narendra Modi on 1 year of NDA govt
- Unidentified flying objects spotted over Mumbai airport not motorised: Home Department
- Bharatiya Janata Party lacks majority for Ram Temple, Article 370: Amit Shah
- MSBSHSE Class 12th HSC results 2015 to be declared at 1pm tomorrow
- AAP govt moves resolution against MHA notification: As it happened
- China doesn't recognise 'illegal' McMahon Line: Beijing responds to NSA Ajit Doval
- CBSE 10th Results 2015 to be declared on May 27
- Arpita-Aayush wedding reception: Salman Khan spreads love in Mandi, says `hum aapke hain`
- Rahul Gandhi takes a dig at one year of Modi govt, wishes 'happy birthday' to 'suit-boot ki sarkar'
- Is there life after death?