Black Hat Convention Diabetic Technologist Proves Security Holes With Mobile Medical Diabetes Pump Devices–Hacking Possibl
Posted Aug 07 2011 3:17pm
I’m glad he made this demonstration as all along I have talked about great security needed for medical devices, wireless included. It’s better we find out early than later. This is not to say that everyone should toss out their insulin pumps by any means but rather be aware and it’s a big calling for the government to give the FDA the tech help they need for evaluation of such. I said not too long ago that all mobile health applications should register with the FDA and then allow them the opportunity to look and see what needs to be reviewed.
That is really the only smart way to go about this as a flat line rule is not going to cut it as technology doesn’t live by that methodology at all, it’s comes from all directions. Actually the FDA is making moves in this direction with their classifications and it is a good one to deal with software. You can’t expect the agency to be on top of technologies they know nothing about or do not having a listing for, let’s be realistic.
In addition as I have mentioned before that digital illiterate lawmakers still don’t get is the fact that they need more engineers. If you read the link below I included a video from Robert Scoble that tells the same story on how everyone is looking for engineers and if you have kids, better take a look at where their future lies too. We have NFL players that can’t do online banking, yet in the race car world, all team members have a PHD, so check it out and see the reality and why education for software engineers is a must.
Actually this Black Hat conference just might stand to enforce what the FDA is asking for as well as the man proves it right up front and this is something we should not ignore and it would be scary as heck to see someone try to use hacking to wish or put ill affects on another individual and I don’t want to see that happen at all and it could get wide spread. It really is frustrating to have such high levels of digital illiteracy with lawmakers today and I beat that drum all the time here and their activities and behaviors make it easy to identify all over the place. They are out of touch completely and over their heads and don’t take in enough time to learn about the real world of technology that is floating all around them.
Last week I just posted about another wireless device cleared by the FDA and again we don’t know which devices were hacked at the Black Hat convention but there are tons of these applications appearing right and left today so it’s a big job for the agency. Let’s just hope this was not the device hacked but again there are many others out there. I report on them all the time here and report on some of them for information purposes. We don’t collaborate very well and it’s a big rush for the best code that does things and security gets left behind.
Again, my personal opinion we keep chasing these social algorithms at over rated values and this is the consequence here with not investing enough in real technologies we need to live, tangibles and medical devices along with their software. Here we are back to the algorithms too as that’s what controls these pumps.
We need better balance and better intelligence on the direction we are going as a county. Both can exist and have a place but if it continues with current methodologies and investment schemes, we will all feel it. Even our government with their issues are not promoting safety as I recently heart a talk by our US CTO talking innovation only and he has missed the collaboration boat too with promoting how innovation can make you the next millionaire, so perhaps future talks could be toned down in that area too? It would be nice. BD
LAS VEGAS - Even the human bloodstream isn't safe from computer hackers.
A security researcher who is diabetic has identified flaws that could allow an attacker to remotely control insulin pumps and alter the readouts of blood-sugar monitors. As a result, diabetics could get too much or too little insulin, a hormone they need for proper metabolism.
Jay Radcliffe, a diabetic who experimented on his own equipment, shared his findings with The Associated Press before releasing them Thursday at the Black Hat computer security conference in Las Vegas.
Although an attacker would need to be within a couple hundred feet of the patient to pull this off, a stranger wandering a hospital or sitting behind a target on an airplane would be close enough.
Radcliffe also found that it was possible to tamper with a second device he wears. He found that he could intercept signals sent wirelessly from a sensor to a machine that displays blood-sugar levels. By broadcasting a signal that is stronger than the real-time, authentic readings, the monitor would be tricked into displaying old information over and over. As a result, a patient who didn't notice wouldn't adjust insulin dosage properly.
With a powerful enough antenna, Radcliffe said, an attacker could be up to half a mile away. This attack worked on two different blood-sugar monitors, Radcliffe said