Insulin pumps, monitors vulnerable to hacking
(AP) -- Even the human bloodstream isn't safe from computer hackers.
A security researcher who is diabetic has identified flaws that could allow an attacker to remotely control insulin pumps and alter the readouts of blood-sugar monitors. As a result, diabetics could get too much or too little insulin, a hormone they need for proper metabolism.
Jay Radcliffe, a diabetic who experimented on his own equipment, shared his findings with The Associated Press before releasing them Thursday at the Black Hat computer security conference in Las Vegas.
"My initial reaction was that this was really cool from a technical perspective," Radcliffe said. "The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."
Increasingly, medical devices such as pacemakers, operating room monitors and surgical instruments including deep-brain stimulators are being made with the ability to transmit vital health information from a patient's body to doctors and other professionals. Some devices can be remotely controlled by medical professionals.
Although there's no evidence that anyone has used Radcliffe's techniques, his findings raise fears about the safety of medical devices as they're brought into the Internet age. Serious attacks have already been demonstrated against pacemakers and defibrillators.
Medical device makers downplay the threat from such attacks. They argue that the demonstrated attacks have been performed by skilled security researchers and are unlikely to occur in the real world.
But hacking is like athletics. Showing that a far-fetched attack is possible is like cracking the 4-minute mile. Once someone does it, others often follow. Free or inexpensive programs eventually pop up online to help malicious hackers automate obscure attacks.
Though there has been a push to automate medical devices and include wireless chips, the devices are typically too small to house processors powerful enough to perform advanced encryption to scramble their communications. As a result, most devices are vulnerable.
Radcliffe wears an insulin pump that can be used with a special remote control to administer insulin. He found that the pump can be reprogrammed to respond to a stranger's remote. All he needed was a USB device that can be easily obtained from eBay or medical supply companies. Radcliffe also applied his skill for eavesdropping on computer traffic. By looking at the data being transmitted from the computer with the USB device to the insulin pump, he could instruct the USB device to tell the pump what to do.
Radcliffe, who is 33 and lives in Meridian, Idaho, tested only one brand of insulin pump - his own - but said others could be vulnerable as well.
Although an attacker would need to be within a couple hundred feet of the patient to pull this off, a stranger wandering a hospital or sitting behind a target on an airplane would be close enough.
Radcliffe also found that it was possible to tamper with a second device he wears. He found that he could intercept signals sent wirelessly from a sensor to a machine that displays blood-sugar levels. By broadcasting a signal that is stronger than the real-time, authentic readings, the monitor would be tricked into displaying old information over and over. As a result, a patient who didn't notice wouldn't adjust insulin dosage properly.
With a powerful enough antenna, Radcliffe said, an attacker could be up to half a mile away. This attack worked on two different blood-sugar monitors, Radcliffe said.
"Everybody's pushing the technology to do more and more and more, and like any technology that's pushed like that, security is an afterthought," Radcliffe said.
Radcliffe refused to identify any of the three device makers, in part out of concern for his own safety. He is concerned that the devices don't appear to have an easy way to be updated with new software to fix the problems. He said he intends to notify the manufacturers after Thursday's presentation outlining the weaknesses.
The hacking fears come on top of human errors and technical glitches tied to medical devices. The U.S. Food and Drug Administration has identified software and design errors as critical concerns in investigating hundreds of deaths potentially linked to drug pumps.
FDA officials declined to comment specifically on Radcliffe's findings, saying they hadn't seen the research. But the FDA said that any medical device with wireless communication components can fall victim to eavesdropping. It warns device makers that they are responsible for making sure they can update equipment after it's sold.
Industry officials downplay the potential threat.
"The risk to a patient with diabetes of having their monitors hacked is extraordinarily small, and there's a great health risk of not monitoring than the risk of being hacked," said Wanda Moebius, a vice president at the Advanced Medical Technology Association, an industry group.
Few public studies have been done on the susceptibility of medical devices to hacking.
One such study, which appeared in 2008 from a consortium of academics, found that a popular type of device that acted as both a pacemaker and defibrillator could be remotely reprogrammed to deliver potentially deadly shocks or run out its battery.
The problem was the way the device transmitted data unencrypted and accepted commands wirelessly from unauthorized devices. One limitation of the study was that researchers only examined an attack from a few centimeters away from the targeted device.
Yoshi Kohno, a University of Washington professor of computer science who was a co-author of that study, said that Radcliffe's new research reinforces the urgency of addressing security issues in medical devices before attacks move out of research labs.
"The threat hasn't manifested yet, so what they and we are trying to do is see what the risk could be in the future," said Kohno, who wasn't part of Radcliffe's research.
Radcliffe said the point of his research is not to alarm people. He said the issues he's discovered are important to address publicly as the medical industry moves aggressively toward more networked devices.
"It would only take one person to do this to kill someone and then you have a catastrophe," he said.
©2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
- FDA aims to accelerate medical device reviews Feb 08, 2011 | not rated yet | 0
- Protecting medical implants from attack Jun 13, 2011 | not rated yet | 0
- Wireless drug control Feb 06, 2009 | not rated yet | 0
- FDA medical device approvals get external review Sep 23, 2009 | not rated yet | 0
- FDA wants stricter testing for defibrillators Jan 21, 2011 | not rated yet | 0
- Motion perception revisited: High Phi effect challenges established motion perception assumptions Apr 23, 2013 | 3 / 5 (2) | 2
- Anything you can do I can do better: Neuromolecular foundations of the superiority illusion (Update) Apr 02, 2013 | 4.5 / 5 (11) | 5
- The visual system as economist: Neural resource allocation in visual adaptation Mar 30, 2013 | 5 / 5 (2) | 9
- Separate lives: Neuronal and organismal lifespans decoupled Mar 27, 2013 | 4.9 / 5 (8) | 0
- Sizing things up: The evolutionary neurobiology of scale invariance Feb 28, 2013 | 4.8 / 5 (10) | 14
Why is zone 1 in liver more prone to ischemic injury?
18 hours ago Hi, Is it because around central vein, there is only deoxygenated blood from the vein where as in the periphery there is hepatic artery. Also why...
How can there be villous adenoma in colon, if there are no villi there
May 22, 2013 As title suggest. Thanks :smile:
How can there be a term called "intestinal metaplasia" of stomach
May 21, 2013 Hello everyone, Ok Stomach's normal epithelium is simple columnar, now in intestinal type of adenocarcinoma of stomach it undergoes "intestinal...
Pressure-volume curve: Elastic Recoil Pressure don't make sense
May 18, 2013 From pressure-volume curve of the lung and chest wall (attached photo), I don't understand why would the elastic recoil pressure of the lung is...
If you became brain-dead, would you want them to pull the plug?
May 17, 2013 I'd want the rest of me to stay alive. Sure it's a lousy way to live but it beats being all-the-way dead. Maybe if I make it 20 years they'll...
MRI bill question
May 15, 2013 Dear PFers, The hospital gave us a $12k bill for one MRI (head with contrast). The people I talked to at the hospital tell me that they do not...
- More from Physics Forums - Medical Sciences
More news stories
By discovering the new mechanism by which estrogen suppresses lipid synthesis in the liver, UC Irvine endocrinologists have revealed a potential new approach toward treating certain liver diseases.
Medical research 6 hours ago | not rated yet | 0 |
Aortic arch pulse wave velocity, a measure of arterial stiffness, is a strong independent predictor of disease of the vessels that supply blood to the brain, according to a new study published in the June issue the journal ...
Medical research 6 hours ago | not rated yet | 0
Since the discovery of Prontosil in 1932, sulfonamide antibiotics have been used to combat a wide spectrum of bacterial infections, from acne to chlamydia and pneumonia. However, their side effects can include serious neurological ...
Medical research 8 hours ago | not rated yet | 0 |
Scientists at the National Institutes of Health report they have discovered in mouse studies that a small molecule released in the spinal cord triggers a process that is later experienced in the brain as ...
Medical research 8 hours ago | 5 / 5 (2) | 0 |
Spanish researchers have discovered that the daily clearance of neutrophils from the body stimulates the release of hematopoietic stem cells from the bone marrow into the bloodstream, according to a report published today ...
Medical research 10 hours ago | 5 / 5 (2) | 0
(Medical Xpress)—Regulating the distribution of power in neurons is done by a system that makes the national electric grid look simple by comparison. Each neuron has several thousand mitochondria confined ...
4 hours ago | 4.8 / 5 (5) | 0 |
Teams of highly respected Alzheimer's researchers failed to replicate what appeared to be breakthrough results for the treatment of this brain disease when they were published last year in the journal Science.
8 hours ago | 5 / 5 (1) | 2 |
A brief visual task can predict IQ, according to a new study. This surprisingly simple exercise measures the brain's unconscious ability to filter out visual movement. The study shows that individuals whose ...
10 hours ago | 4.9 / 5 (7) | 0 |
Little is known about why asthma develops, how it constricts the airway or why response to treatments varies between patients. Now, a team of researchers at Weill Cornell Medical College, Columbia University Medical Center ...
8 hours ago | not rated yet | 0 |
Ethnic background plays a surprisingly large role in how diabetes develops on a cellular level, according to two new studies led by researchers at the Stanford University School of Medicine.
6 hours ago | not rated yet | 0 |
Even while being dragged to its destruction inside a cell, a cancer-promoting growth factor receptor fires away, sending signals that thwart the development of tumor-suppressing microRNAs (miRNAs) before it's dissolved, researchers ...
6 hours ago | not rated yet | 0 |