- Texas man arrested for powder-letter hoax
- Islamic State opens ‘marriage bureau’ for single jihadists
- Drone almost blocks California firefighting planes
- Tornado rips off roofs, downs trees near Boston
- GOP: Environmental rules keeping agents from accessing border
- John Kerry: Millions displaced by religious fighting in 2013
- Federal appeals court rules against Virginia’s gay marriage ban
- White House says Russia ‘losing’ war in Ukraine
- Hamas turns to North Korea for weapons deal, Iran for money
- Syrian casualties surge as jihadis consolidate
Insulin pumps, monitors vulnerable to hacking
Question of the Day
LAS VEGAS (AP) - Even the human bloodstream isn’t safe from computer hackers.
A security researcher who is diabetic has identified flaws that could allow an attacker to remotely control insulin pumps and alter the readouts of blood-sugar monitors. As a result, diabetics could get too much or too little insulin, a hormone they need for proper metabolism.
Jay Radcliffe, a diabetic who experimented on his own equipment, shared his findings with The Associated Press before releasing them Thursday at the Black Hat computer security conference in Las Vegas.
“My initial reaction was that this was really cool from a technical perspective,” Radcliffe said. “The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive.”
Increasingly, medical devices such as pacemakers, operating room monitors and surgical instruments including deep-brain stimulators are being made with the ability to transmit vital health information from a patient’s body to doctors and other professionals. Some devices can be remotely controlled by medical professionals.
Although there’s no evidence that anyone has used Radcliffe’s techniques, his findings raise fears about the safety of medical devices as they’re brought into the Internet age. Serious attacks have already been demonstrated against pacemakers and defibrillators.
Medical device makers downplay the threat from such attacks. They argue that the demonstrated attacks have been performed by skilled security researchers and are unlikely to occur in the real world.
But hacking is like athletics. Showing that a far-fetched attack is possible is like cracking the 4-minute mile. Once someone does it, others often follow. Free or inexpensive programs eventually pop up online to help malicious hackers automate obscure attacks.
Though there has been a push to automate medical devices and include wireless chips, the devices are typically too small to house processors powerful enough to perform advanced encryption to scramble their communications. As a result, most devices are vulnerable.
Radcliffe wears an insulin pump that can be used with a special remote control to administer insulin. He found that the pump can be reprogrammed to respond to a stranger’s remote. All he needed was a USB device that can be easily obtained from eBay or medical supply companies. Radcliffe also applied his skill for eavesdropping on computer traffic. By looking at the data being transmitted from the computer with the USB device to the insulin pump, he could instruct the USB device to tell the pump what to do.
Radcliffe, who is 33 and lives in Meridian, Idaho, tested only one brand of insulin pump _ his own _ but said others could be vulnerable as well.
Although an attacker would need to be within a couple hundred feet of the patient to pull this off, a stranger wandering a hospital or sitting behind a target on an airplane would be close enough.
Radcliffe also found that it was possible to tamper with a second device he wears. He found that he could intercept signals sent wirelessly from a sensor to a machine that displays blood-sugar levels. By broadcasting a signal that is stronger than the real-time, authentic readings, the monitor would be tricked into displaying old information over and over. As a result, a patient who didn’t notice wouldn’t adjust insulin dosage properly.
“Everybody’s pushing the technology to do more and more and more, and like any technology that’s pushed like that, security is an afterthought,” Radcliffe said.
TWT Video Picks
By Scott Pinsker
- D.C. seeks to stay judge's order allowing gun owners to carry in public
- Illegal immigrants demand representation in White House meetings
- Hillary Clinton: Forget Obama, George W. Bush made her 'proud to be an American'
- Babson College, BYU win top spots in Money magazine's college rankings
- Iraqi Christians rally at White House: 'Obama, Obama, where are you?'
- White House defends Kerry failure to broker Middle East cease-fire
- Romney would win popular vote in rematch against Obama: CNN poll
- D.C. seeks stay in order striking down ban on handguns in public
- Tennessee Gov. Haslam slams White House for secret dump of illegals in his state
- Computer glitch caused odd Saturday release of D.C. guns ruling
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq