This morning, I reached out to pump and glucose meter manufacturers, asking them for more information on this. Following I am pasting the Q&A I received from Medtronic Minimed's Director of PR:
Medtronic takes very seriously the issue of information security of devices. It is an integral part of the very fabric of our product design processes. To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.
Technology is constantly evolving and Medtronic is continually incorporating measures to maintain information security, while ensuring our devices meet their intended purpose of saving and extending lives.
We understand that there are no absolute certainties in information security. However, we also know that being vigilant in reviewing the external security landscape, designing our products with information security in mind and creating rigorous, complex safeguards will help ensure product security.
Key Questions and Answers Q1. I’ve read a report that says a device can be manipulated and subsequently disrupted. Is this true? A. Yes, we are aware of this report. This is the first and only such report we have seen and we do not see a reason to believe that this is a reason for concern as your device went through extensive testing to make sure it would be safe and protected from external harm.
In the reported instance, the researcher had in-depth knowledge about the product he tampered with, such as the serial number of both the insulin pump and remote device, and he TURNED ON the wireless feature. Additionally, he had access to specialized equipment which he used to rebroadcast the RF signal in a controlled environment.
Q2. Has a Medtronic device ever been manipulated? A. To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.
Q3. How would I know if someone had manipulated my insulin pump? A. If someone manipulated your pump to deliver a bolus of insulin that you did not want to receive, your pump would play back a series of tones to confirm the size of the bolus. So, you would be able to detect tones on the insulin pump that weren’t intentionally programmed and could intervene accordingly.
Q4. What could happen if someone tampered with a CGM monitor? A. To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use -- including the transfer of viruses and malicious code, which includes millions of devices worldwide.
We have and will continue to be vigilant in reviewing the external security landscape, designing our products with information security in mind and creating rigorous, complex safeguards which will help ensure product security.
In the very remote chance a patient encountered wireless tampering, a CGM monitor could potentially receive an erroneous sensor value or meter value. However, our CGM labeling requires patients to confirm the sensor glucose reading with a fingerstick measurement prior to making any type of therapy decisions. So, they would have the opportunity to investigate any type of discrepancy caused by wireless tampering.
Q5. Is there really anything Medtronic can do to “prevent” manipulation of devices? A. We recognize there are people who focus on manipulation of devices – medical and otherwise. Most do so as part of an academic pursuit or to improve existing technology. We also recognize there may be some who have malicious intent. Our job is to incorporate information security measures into our designs, vigilantly monitor potential threats and to always be proactively finding ways to make our devices more secure for you. That is what we have done and what we will continue to do.
Thanks for posting this story. I was unaware of this until now. I enjoyed following the links you provided to other diabetes online bloggers.
It seems to me that the media play that this well-intentioned hacker started may very well have unintended consequences. If it slows down or stops FDA action on medical device approvals currently in the pipeline for diabetics, then it will harm me and the entire diabetic community.
I get that hackers can have a beneficial effect on the security efforts of profit driven companies. I only wish that the hacker’s efforts would not threaten to slow down the speed of an already slow FDA.
Thanks Manny for posting MM’s response and I will continue to follow the discussion…maybe you get more responses from pump and meter companies .
I read some of this last night on TuD and I did as kerri from sixuntilme posted : went to sleep fine until I see the " sensationalist headlines of tomorrow." .
I’m not a mathematician, or a security specialist, but I’d like to ask if you’re talking about the same RSA that got hacked a little while back through social engineering?
Yes, same RSA. So no matter what the technological safe-guards, if the PAYBACK is high enough, technological hacks can be achieved. The question becomes is the payback worth the effort? What benifit would anyone get hacking into an insulin pump or stealing CGMS readings?
You have to keep in mind, also, that this takes more CPU cycles which consumes battery power . Our pump batteries are supposed to last a few weeks right?
Uh, Something to think about and get the security right, but who in the hell is interested in hacking into my insulin pump? For kicks? Probably a 1 in 10,000,000 chance of this happening. Hackers are interested in Microsoft, Citibank or the Pentagon or any place they can make money. Nothing for them in an insulin pump; no fame, no credit card, no personal info… can’t even do identity theft. Maybe they can find out my carb ratio or alarm settings… Oh no! Regarding giving me an unwanted bolus; sounds like a bad script from a bizarre horror movie: “von Bulow II”. Someone please tell me why I should really be concerned about this happening?
Or they could just use bluetooth with encryption, which would give more than enough security given that the CIA, Mossad, MI5, OSS, or whoever, only have a few days to crack it. I'm assuming that pairing is inherently secure; once the devices are paired and the communication is encrypted it's as good as a hard wire.
You shouldn’t… I, like you, think that hacking insulin pumps would be way down on the "to hack"list…LOL I’m much more worried about one of my younger grand kids trying to push the buttons than anything else. Hackers like to disrupt masses, not individuals. And, of course, big government agencies…
If you scan the rf frequencies when the bg monitor sends data to the pump, you can not only determin the exact frequency but also intercept the data sent. With some very simple way, you can decrypt it and re-encrypt it using the same algorythm. Basically masking the data as bg reading. But it would be much easier to just run up to someone and inject them with insulin rather than do this… we shouldn’t really worry about this, unless you are on the international terrorlist.
Can someone explain to me what a hacker would have to gain from hacking into my insulin pump? And what are the chances that a hacker would be within range of my pump, have my pump’s serial number, and possess all the equipment needed at that moment to hack into my pump? I’d say pretty close to 0. I wish this story would blow over fast and Medtronic, Animas, and the gov’t can focus on really important things for people living with T1D like, oh, I don’t know, finding a freaking cure!
Well… let’s see. I don’t know what you do, you might be a corporate executive involved in multi-million dollar decisions, a little insulin reaction to delay an important contract by a day might allow a lot of money to be made.
But, to give a real world example that has happened repeatedly, suppose you become of interest to the national newspapers? What journalist would skip a chance to learn that, on particular days, you blood sugar was shooting up and down, or that you invariably gave yourself a massive bolus before every press conference? Almost as good as hacking your voicemail; get within 3 feet of you and download a days’ blood glucose readings. And 99% of the things that can be found out are found out undetectably; I don’t imagine the pump or sensor logs downloads.
Hackers are not attempting to kill people, at least not directly (this can be challenged with Lulz and Anon’s recent release of so much personal police information). Still, for a hacker to literally want to kill someone, this would be a long shot. Additionally, according to the presentation given at BlackHat, the pump hasn’t been fully hacked yet. However, I have read it can (and has) been done with the USB dongle.
Plus, I think most PWDs monitor their BGs enough that a 20u bolus or a reset of their pump would not go unnoticed.
Beyond that, almost anything is hackable with social engineering.
Astronomically minute concern. I can’t believe anyone is even fretting over this. Worry about cellphones, credit cards, bank accounts, etc. Not this… at all.
