Black hat hacker can remotely attack insulin pumps and kill people

Dec 8, 2004
48,659
20,951
693
Maine
#1
(CBS/AP) - As if we didn't already have enough to be neurotic about, a man at the Black Hat Technical Security Conference gave a presentation detailing how he could take control of insulin pumps from miles away and kill his victims. Take a minute to panic. Now keep reading.

Jerome Radcliffe is a diabetic. The nefarious hack he presented at the conference Thursday was a response to his condition. "I have two devices attached to me at all times; an insulin pump and a continuous glucose monitor," said Radcliffe. He said that the devices turned him into a supervisory control and data acquisition (SCADA) system.

Out of fear for his own safety he wanted to see if he could hack into these wireless medical devices. As a senior threat intelligence analyst for a major computer security organization, it only made sense that he would test his own defense against hackers.

His presentation, "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System," details his journey to reverse engineer the life-saving and potential life-threatening devices.

Although there's no evidence that anyone has used Radcliffe's techniques, his findings raise fears about the safety of medical devices as they're brought into the Internet age. Serious attacks have already been demonstrated against pacemakers and defibrillators.

Radcliffe wears an insulin pump that can be used with a special remote control to administer insulin. He found that the pump can be reprogrammed to respond to a stranger's remote. All he needed was a USB device that can be easily obtained from eBay or medical supply companies. Radcliffe also applied his skill for eavesdropping on computer traffic. By looking at the data being transmitted from the computer with the USB device to the insulin pump, he could instruct the USB device to tell the pump what to do.

Radcliffe, who is 33 and lives in Meridian, Idaho, tested only one brand of insulin pump - his own - but said others could be vulnerable as well.

Although an attacker would need to be within a couple hundred feet of the patient to pull this off, a stranger wandering a hospital or sitting behind a target on an airplane would be close enough.

Radcliffe also found that it was possible to tamper with a second device he wears. He said he could intercept signals sent wirelessly from a sensor to a machine that displays blood-sugar levels. By broadcasting a signal that is stronger than the real-time, authentic readings, the monitor would be tricked into displaying old information over and over. As a result, a patient who didn't notice wouldn't adjust insulin dosage properly.

With a powerful enough antenna, Radcliffe said, an attacker could be up to a half a mile away. This attack worked on two different blood-sugar monitors.

"The threat hasn't manifested yet, so what they and we are trying to do is see what the risk could be in the future," said Yoshi Kohno, a University of Washington professor who wasn't a part of Radcliffe's research.

Radcliffe said the point of his research is not to alarm people. He said the issues he's discovered are important to address publicly as the medical industry moves aggressively toward more networked devices.

"It would only take one person to do this to kill someone and then you have a catastrophe," he said.

Link
 

LiddyRules

I'm Gonna Be The Bestest Pilot In The Whole Galaxy
Jun 1, 2005
141,477
49,799
644
#3
Oh man, this so beats changing the video to go on at your local public access station the day before you start a new high school.
 

Norm Stansfield

私は亀が好きだ。
Mar 17, 2009
15,949
4,075
328
#4
As if we didn't already have enough to be neurotic about, a man at the Black Hat Technical Security Conference gave a presentation detailing how he could take control of insulin pumps from miles away and kill his victims. Take a minute to panic.
Why would I panic? If someone ever decides to try and kill me, I hope their method of choice is to become and expert hacker and remotely fuck with some medical device I'm using.

If instead they decide to use one of the million easier and more reliable methods to kill a person(i.e. shotgun blast to the face, decapitation with a kitchen knife, or the good old fashioned bashing the head in with a brick), then I'll panic.
 

Neon

ネオン
Donator
Mar 23, 2008
51,782
18,528
513
Kingdom of Charis
#5
This all sounds like it still requires a hardwire to get into the system. It's not like someone can sit on a park bench with a laptop and fuck up people's insulin pumps. You need to connect to the computer sending signals to the pump and fuck with that.
 

The Godfather

Spark it up for The Godfather and say!!!!!
May 9, 2007
11,256
10
163
#6
This all sounds like it still requires a hardwire to get into the system. It's not like someone can sit on a park bench with a laptop and fuck up people's insulin pumps. You need to connect to the computer sending signals to the pump and fuck with that.
maybe the hospital is just SOOO hi-tech, they already have every peice of equiptment networked for automated use by doctors via computers?

(I think not)
 
Dec 8, 2004
48,659
20,951
693
Maine
#7
Thought for sure I would get an FDA/USDA/FBI/TSA... mind control etc thing from Kirk... oh well..
 

THE FEZ MAN

as a matter of fact i dont have 5$
Aug 23, 2002
41,801
9,228
768
#8
i will use my skinny dipping theory here, if someone wants me so dead that they are going to go that far out of there way to do it? good for them.

oh and my skinny dipping theory? same as my no drapes theory, if you are going to go 300ft down my drive way to peep into my windows and watch me jerk off to chubby girl anal porn, you deserve to see it.
 

The Godfather

Spark it up for The Godfather and say!!!!!
May 9, 2007
11,256
10
163
#9


I am sooo fuckin' haXoRin' you. I got zero-days for days.



and I STILL rock VB6 Enterprise Edition. I will exploit your system using 2001 technology.