Lethal Hack - Wireless Attack on Insulin Pumps Could Kill People
Like something straight out of science fiction, an attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim.
Security researcher Jay Radcliffe is a diabetic who is connected to an insulin pump and glucose monitor at all times. He said that combination of devices turned him into a Human SCADA system. Radcliffe decided to find out if proprietary wireless communication could be reverse-engineered and a device used to launch an injection attack that would manipulate a diabetic's insulin and possibly cause a patient's death. At the Black Hat security conference, Radcliffe is sharing his findings in his presentation called, "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System."
All wireless devices are susceptible to eavesdropping and that includes medical devices like pacemakers, defibrillators and insulin pumps. I read about this in 2008 when a group of computer scientists published their research entitled, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses" [PDF], highlighting how an malicious party could use an antenna, radio hardware, and a PC to wirelessly deliver a potentially lethal shock to an implantable cardiac defibrillator (ICD). Then I read a fictionalized heart hacking version in which cyber-terrorist hackers were wirelessly exploiting vulnerabilities in pacemakers and insulin pumps to carry out untraceable assassinations against political targets.
After conducting his research, Radcliffe told the Associated Press, "My initial reaction was that this was really cool from a technical perspective. The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."
According to Radcliffe, an attacker could intercept wireless signals and then broadcast a stronger signal to change the blood-sugar level readout on an insulin pump so that the person wearing the pump would adjust their insulin dosage. If done repeatedly, it could kill a person. Radcliffe suggested scenarios where an attacker could be within a couple hundred feet of a victim, like being on the same airplane or on the same hospital floor, and then launch a wireless attack against the medical device. He added that with a powerful enough antenna, the malicious party could launch an attack from up to a half mile away.
Research scientist Nathanael Paul, who also wears an insulin pump, started worrying about potentially fatal wireless attacks. Last year, Paul told CNN, "If your computer fails, no one dies. If your insulin pump fails, you have problems." He and other researchers have been working on security solutions like passwords for pacemakers and other embedded medical devices. FDA spokeswoman Karen Riley said, "The FDA shares concerns about the security and privacy of medical devices and emphasizes security as a key element of device design."
Why would someone hack implantable medical devices in the real world? In the April 2010 edition of the New England Journal of Medicine, Dr. William Maisel, an assistant professor at Harvard Medical School, gave some examples. "Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego." In May 2011, Dr. Dale Nordenberg warned that even with data security features, medical devices are prone to malicious attacks. The MDISS Consortium "is working to define the scope of medical device security and safety issues, such as the rate of problems with implantable defibrillators and linear accelerators."
While not quite the same caliber of drama like hacking a heart or an insulin pump, griefers launched an attack in 2008 against epilepsy patients. Launched via computer, the flashing images on the forum were meant to trigger migraines and induce seizures in some users. It was thought to be the "first computer attack to inflict physical harm" on victims.
Like so many other vulnerabilities demonstrated at security conferences, will an attacker use Jay Radcliffe's dramatic research to fatally hack insulin pumps? While the thought is as improbable as it is terrifying, it's not impossible. Like in the geeky science fiction novel, if a medical device embedded in the body were to glitch out, seemingly malfunction, and cause a target's death, who would think to look at it as a long-range wireless assassination which left no smoking gun?