Medical Device Vulnerability

Jerome Radcliffe, an IT security expert and a diabetic, has shown that medical devices such as insulin pumps and glucose monitors can possible be hacked remotely. He found that his insulin pump, which uses a wireless remote, could be reprogrammed to be controlled by any remote.  All that is required is a simple USB device that can be easily bought online. Hackers could send commands to the insulin pump with potentially deadly results.

Glucose monitors are also not secure. Radcliffe also tested his glucose monitor and found that he could intercept the wireless signals containing blood sugar levels and manipulate them. Hackers could send a signal with fake blood sugar levels and fool the user into thinking their blood sugar levels were at safe limits when they were not.

This demonstrates that almost any device can be hacked. Medical devices are particularly troublesome as hackers could seriously injure or even kill someone with one of these devices. Pacemakers and defibrillators have already been shown to be vulnerable, and it’s only a matter of time before other devices are vulnerable.

For more info, see: http://www.techrepublic.com/blog/security/black-hat-demo-shows-vulnerability-of-insulin-pumps-to-remote-attack/6241

Advertisements

5 thoughts on “Medical Device Vulnerability

  1. In my opinion, this article is very disturbing, because it is very sad that hackers now have the ability to attack medical devices that can affect the lives of many individuals. For example, many diabetics can potentially die, because their insulin pumps are giving them incorrect data readings. Also, I believe that it is very important that the producers of these medical devices also insert security features that would prevent hackers from breaking into them. It is scary to think that most devices today are at security risks, because eventually people are going to be living in a state of constant panic and chaos as they fear becoming a victim of an attack.

    • I think some of the thinking in the design of these devices was “we don’t have to secure it because we have our own protocol”, and “nobody will ever hack a medical device”. Manufacturers should automatically assume that their devices are not impervious and automatically implement encryption to every device.

  2. I look at it as any type of electronic device has a chance of being attacked/hacked or used in some way it wasn’t intended. It doesn’t surprise that insulin pumps and other medical devices can be hacked. I’m just surprised there letting it happen. That they haven’t realized this problem and built security against it. Hacking into devices used for medical purposes isn’t a completely new idea. Hackers might not be after hurting people its possible there just curious as to what they can do. But problems like this have gone on for a long time. If you read The Cuckoo’s Egg, which was a recommended book for the cyber self defense class, the author talks in one chapter about how the hacker was inside a computer used for medical purposes which surprised him and he thought was dangerous. This was back in 1989 I believe so it really just surprises me that making sure medical devices are secure is still a problem today. Obviously back then it was a computer at risk now it is a simple electronic pump, but that pump is still an electronic devices and as I said any electronic devices can have vulnerabilities in my opinion.

    • A lot of hackers do what they do just to see if their idea works or just because “they can”. It would not be good if people started becoming sick or even dying because people decided to play around with their medical devices just to see if they could hack them,

      • I agree, my point wasn’t that them hacking out of curiosity was something OK to do. But the fact is someone will probably still do it even though it is potentially dangerous, and knowing that, I think the company’s that make these medical devices should be making the security of them almost as high of a priority as the devices ability to function properly. The need to secure these devices should not have surprised them.

Comments are closed.