Insulin pumps can be hacked - WOW!

Hacking medical devices for fun and insulin

by Chester Wisniewski on August 8, 2011 | Be the first to comment

Last week at the Black Hat 2011 conference Jay Radcliffe, a Type-I diabetic like myself, presented his research into the security of modern medical insulin pumps.

For the uninitiated an insulin pump is used to deliver the hormone insulin to diabetics who can no longer produce insulin naturally and gain better control of their blood glucose than can be achieved using multiple daily injections (MDI).

Newer models of insulin pumps offer the ability to communicate by radio to make diabetics’ lives easier. The device can read your blood sugar automatically from a continuous glucose monitor (CGM) or blood glucose meter.

Insulin pump like the one used in the demonstrationJay investigated and reverse engineered the radio protocol between the CGM and the pump and was able to discover a lot about how the device communicates. The device was vulnerable to replay attacks, but he was unable to fully forge fake glucose readings.

The devices are also configured to allow you to disperse insulin from a handheld sensor, something akin the the device on your keychain for locking your car. A third method of wireless communication is also possible using a USB stick that talks to the pump over radio.

Radcliffe explored the third method as the vendor provides a Java application that can be used to wirelessly configure the device. This is the very scary part, there was no authentication nor encryption between the configuration tool and the device.

It does require the serial number, although arguably it could be social engineered, or simply brute forced. My device has a six digit ID, so brute forcing it is not out of the realm of possibility.

What could you do were you able to talk with someone’s insulin pump over the air? You could turn it off, change any and all settings on the device related to the delivery and calculation of the correct quantities of medicine they require, nearly any setting the device supports.

Worse yet the device has no ability to notify you that it was modified, or prompt you to accept this new configuration. Perhaps it is time I built a tinfoil hat for my pump… the radios cannot be disabled.

At this point in time it is not possible to “patch” the firmware on a device, leaving it vulnerable for the life of the device (usually five to ten years).

This could kill people if it were used by someone with malicious intent. Hopefully Radcliffe’s research will result in manufacturers taking the security of medical devices much more seriously.

http://nakedsecurity.sophos.com/2011/08/08/bh-2011-hacking-medical-devices-for-fun-and-insulin/

Radcliff should have worked with the pump manufacturers and FDA rather than show a whole audience how to hack into a pump. Very dangerous information for public knowledge and considering there are children on insulin pumps I do not want this information to become public knowledge. Very upset this info was made public.

is the typical life of a pump really 5-10 ’ we are on pump # 3 in four yrs with mt 6yr old son

Let me guess? Animas? Our first Animas broke down four times (we initially got a new replacement, then refurbished) in two years. We switched to Minimed but upgraded to the Ping (Animas was still under warranty) because when she uses cgms it’s Dexcom and we wanted Dex to integrate with her pump. Promises for integration have not been fulfilled so waste of money… Our Minimed pumps (we now have upgraded to Revel) have never broken down in the four years we have used Minimed. However, we are currently using the Ping over the summer because it is more waterproof, and using the Inset 30s (which cannot be used with the Minimed pump) gives her the freedom to change her own sites by herself. We have used this Ping off and on and it has never malfunctioned. Animas has great customer service and will replace any pump within the warranty period (typically four to five years) after which time your insurance will cover a new pump and you can change brands if you so choose. All the pump companies will replace malfunctioning pumps with pumps, though the replacement pumps are refurbished. That does not bother me now, but it did bother me when she was first diagnosed.