A security researcher who is diabetic has identified flaws that could allow an attacker to remotely control insulin pumps and alter the readouts of blood-sugar monitors. As a result, diabetics could get too much or too little insulin, a hormone they need for proper metabolism.

Jay Radcliffe, a diabetic who experimented on his own equipment, shared his findings with The Associated Press before releasing them Thursday at the Black Hat computer security conference in Las Vegas.

“My initial reaction was that this was really cool from a technical perspective,” Radcliffe said. “The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive.”

Increasingly, medical devices such as pacemakers, operating room monitors and surgical instruments including deep-brain stimulators are being made with the ability to transmit vital health information from a patient’s body to doctors and other professionals. Some devices can be remotely controlled by medical professionals.

Although there’s no evidence that anyone has used Radcliffe’s techniques, his findings raise fears about the safety of medical devices as they’re brought into the Internet age. Serious attacks have already been demonstrated against pacemakers and defibrillators.

I hear their next competition will be to see who can use a wifi nursery monitor to electrocute an infant.

  1. MadTruckMan says:

    Everyone laughs, but another prime of example of ‘Just because you can, doesn’t mean you should’….

  2. bobbo, you just can't trust machines says:

    Reminds me of the high death rate on the ICU ward. Nothing corelated to nothing except the huge spike on night shift but months long medical chart reviews showed nothing. Then the intrepid junior investigtor just got some comic books and a thermos of coffee and sat on the ward a few evenings.

    You all should know where this is going?

    Yep, mexican house cleaners where unplugging drips and breathers to do the vacuuming. Why didn’t the alarms go off?

    Didn’t I say the machines were unplugged?

    Ha, ha. Silly rabbits.

  3. NobodySpecial says:

    This is terrible – a much better approach would be to keep it secret and not force the manufacturers to build in some sort of encryption.

    It’s like announcing that Ford fuel tanks explode – that could help terrorists – much better to keep it a little secret between Ford and the occasional victim

  4. Pays2Think says:

    Not very inventive. In fact downright boring. I mean where’s the challenge in hacking a defenseless piece of medical equipment. Is that the best they can do. Why not do something that helps the citizens of the world. With all the skullduggery out there, defenseless medical devices, really!

  5. Somebody says:

    I think Anonymous should try to get the kill-code etc. for Limbaugh’s brain implant.

    Think what fun you could have if you could directly feed your messages to the “Golden EIB Microphone”.

  6. omfgoats says:

    I swear there was an episode of Law and Order back in the early 90s that had an insulin monitor being hacked and people dying of Insulin overdoses.

  7. Miguel says:

    In other news, hackers found a way to hack CASIO and TIMEX quartz wristwatches, making them give the wrong time and causing a new wave of unemployment and divorces…

  8. Glenn E. says:

    So now we know that the CIA can bump you off in your hospital bed, remotely, without using that heart attack drug that supposedly doesn’t exist. You can believe they’ll be adding this to their bag of spy tricks, if they haven’t already. No more poisoning dictators thru their milk shakes or wine coolers. Just mis-calibrate their meds monitors.

  9. deowll says:

    You do know somebody is going to do this to collect the insurance/inherit a bundle.

  10. Animby says:

    # 2 bobbo, “mexican house cleaners where unplugging”

    To the best of my knowledge: Urban myth. I’m open to being proven wrong.

    How many ICU’s have carpeting? ICU is a messy environment. Carpets are hard to clean. And most life support machines have battery-operated alarms. Machine unplugged? Alarm still works. Nope. I think myth.

  11. Animby says:

    Thanks, Penguin.

  12. ray says:

    “I hear their next competition will be to see who can use a wifi nursery monitor to electrocute an infant.”

    Funny comment, but not a funny story. The state of cyber security in the US is so bad, it boggles the mind.

  13. dexton7 says:

    I think that maybe Jay Radcliffe needs to focus his diligent efforts on finding some friends in the medical field and discovering a CURE for diabetes. Much more productive and probably more appreciated.. Yep.

  14. xjonx says:

    My question is this, why would such a device need internet access? And if physical access to the device is required, why bother? There are plenty of easier, cheaper, quicker way to kill that rich uncle. Looks like pointless fear mongering by an individual that is looking for his 15 minutes.


Bad Behavior has blocked 19320 access attempts in the last 7 days.