Insulin Pumps Susceptible to Hacking

Flaws in the software of an insulin pump could allow a hacker to remotely control the insulin levels being administered to the body.

According to a diabetic security researcher, flaws in the hardware of an insulin pump could allow a hacker—yes, as in, computer hacker—to remotely control the insulin levels being administered to the body, resulting in a diabetic individual either receiving too much or too little insulin.

The researcher, thirty-three-year old Jay Radcliffe from Meridian, Idaho, conducted the experiments on his own insulin pump and then released his findings on Thursday at the Black Hat computer security conference in Las Vegas.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe said. "The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."

Radcliffe reported in his findings that he wears an insulin pump that allows the administration of insulin with a special remote control. Disturbingly, Radcliffe stated that should a stranger have a certain USB device, the pump can be reprogrammed to respond to another remote, not just his own.

Radcliffe purchased the USB device—which could easily be bought off of eBay or a medical supply company—and then examined the data being transmitted from the computer with the USB device to the insulin pump. He found that he could instruct the USB device to control the pump’s administration of insulin.

In order for an attacker to affect and control the insulin pump in such a manner, he or she would have to be within a couple hundred feet of the patient, but should the attack take place in a public setting, that is not such a difficult feat.

Radcliffe admitted that this research may be limited since he only tested one brand of insulin pump, but he warned that other pumps could be just as vulnerable.

Radcliffe discovered that a second device he wears is also susceptible to such tampering. By experimenting with a machine that shows his blood-sugar levels, he found that he could intercept the signals sent wirelessly and change the data.

He achieved this by broadcasting a separate signal that was stronger than the sensor’s signal, and was able to trick the monitor into displaying old information repeatedly instead of showing the authentic readings. The danger of such a trick could be catastrophic, as a diabetic who did not realize the unchanged data was faulty would not know to adjust his or her insulin dosage.

Even more frightening, Radcliffe reported that the hacker could attack up to half a mile away if he or she worked with a powerful enough antenna. This attack Radcliffe tried on two separate brands of monitoring system, and it worked on both.

"Everybody's pushing the technology to do more and more and more, and like any technology that's pushed like that, security is an afterthought," Radcliffe said.

Radcliffe denied all requests to identify any of the three device brands he experimented on, in part out of concern for his own safety. Currently, he said, there is no simple way to update his diabetic devices with new software to fix their susceptibility to hacking, and it would be simple for his own experiments to be turned against him. Radcliffe did report that he intends to notify the manufacturers after Thursday's presentation outlining the weaknesses.

This is not the first time that concerns regarding the electronic attacks against medical devices have been brought to the public’s attention. The Food and Drug Administration(FDA) has revealed existing software and design errors as critical concerns in investigating hundreds of deaths possibly linked to drug pumps.

So far, FDA officials have declined to comment on Radcliffe's findings due to the fact that they have not seen his research, but the FDA did state that any medical device with wireless communication components can be vulnerable to tampering. They also warned device makers that they are responsible for making sure they can update equipment after people purchase it.

Industry groups, however, are attempting to assuage the minds of consumers by downplaying such possible threats.

"The risk to a patient with diabetes of having their monitors hacked is extraordinarily small, and there's a great health risk of not monitoring than the risk of being hacked," said Wanda Moebius, a vice president at the Advanced Medical Technology Association.

While there have not been many studies performed on the vulnerability of medical devices to hacking, one such study in 2008 discovered that a popular type of device that acted as both a pacemaker and defibrillator could be remotely reprogrammed to administer deadly shocks, or run out its battery.

One limitation of the study, though, was that the researchers only studied the effect of an attack from a few centimeters away from the device.

Yoshi Kohno, co-author of the study and a University of Washington professor of computer science, reported that Radcliffe's research reinforces the necessity of focusing on security issues in medical devices before it is too late and such attacks begin to encroach into the real world.

"The threat hasn't manifested yet, so what they and we are trying to do is see what the risk could be in the future," said Kohno.

This, it seems, goes with Radcliffe’s line of thinking for performing the research. "It would only take one person to do this to kill someone and then you have a catastrophe," Radcliffe stated.