Probing Insulin Pumps For Vulnerabilities

Several readers have sent in news of a presentation at the Black Hat security conference from a diabetic security researcher, Jerome Radcliffe, who is looking into the security of automated insulin pumps. While most of the headlines are sensationalist, referencing "lethal attacks from a half-mile away," Scott Hanselman breaks down the media reports and weeds out the inaccuracies, explaining that while this is a valid area of concern, diabetics don't need to cover themselves in tinfoil just yet. "Just to be clear, Jerome has not yet successfully wirelessly hacked an insulin pump. He's made initial steps to sniff wireless traffic from the pump. I realize, as I hope you do, that his abstract isn't complete. Hopefully a more complete presentation is forthcoming. I suspect he's exploiting the remote control feature of a pump. ... What Jerome has done, however, is posed a valid question and opened a door that all techie diabetics knew was open. It is however, an obvious question for any connected device. Anyone who has ever seen OnStar start a car remotely knows that there's a possibility that a bad guy could do the same thing."

Re:There is a bigger picture.

[somersault]

The weird thing is not knowing if you're just crazy, stupid, or a very patient troll..

The first link is from 2006, you'd be better posting the follow up of if/when they did a study on humans.

Your second link also just says that diabetes causes problems, not that those problems cause diabetes.

What pump has *control* via wireless?

[Anonymous Coward]

Various pumps record RF transmission of blood glucose readings from glucometers, or from continuous glucose sensors that connect to a pump. This includes the Medtronic Paradigm I'm wearing right now. But this number is visibly displayed as part of the setting to request a "bolus" of insulin, and no current pump that I can find closes the feedback loop and allows the glucose sensor to directly control the pump: this is because the continuous sensors are, basically, very expensive ouija boards that require frequent recalibration with an actual finger-prick based glucometer. They're basically no more useful than checking in the mirror for muscle tremors or changes in vision associated with extremely high and extremely low blood sugars, or keeping track of how often you need to pee. (I've tried the continuous sensors: they all suck.) There is no pump on the market that is directly controlled by a continuous sensor: they're not accurate enough to rely on.

It is theoretically possible to skew the continuous sensors over a long period and encourage over, or under, dosing of insulin. This could particularly be an issue during the night, when actually verifying it with a finger-stick blood sample is unlikely. But such errors would show up pretty quickly as being out of sync with morning measurements, and with remotely good control, most of us diabetics have learned to detect, without instruments, what our blood sugar is. The sensors provide invaluable calibration and fine tuning for that sense, but gross errors would be noticeable to most of us.

Of course, if I caught anyone screwing with my glucose readings this way, they'd die the death of a million blood samples before I was done with them.

Re:What pump has *control* via wireless?

[Gunnut1124]

Omnipod and OneTouch Ping both use the same type of wireless control unit, though not directly inline with a CGM. The system he tested (Paradigm Reveal) is a 2 part loop that requires human interaction. (ie CGM tells you a glucose reading, then you use the pump to decide how much insulin to deliver.) All he was able to do was jam the data from the real CGM sensor and spoof it with false data. That's not exactly "hacked" but is a threat. The pumps with wireless control units are where I'd expect to see the primary fault and possible loss of control. (FYI, I'm a diabetic with a deep knowledge of both these systems from a user's perspective, as well as an IT worker in a medical field. These may not be perfect credentials, but I figure it might be relevant.)