A diabetic security researcher said he found a flaw on an insulin pump that would allow a hacker to reset the device's readings, leading to questions about how similar medical devices could be at risk.
The researcher, Jay Radcliffe, released his findings at the Black Hat computer security conference in Las Vegas, saying he learned that anybody with a special remote control could control his insulin pump and reprogram it through a USB device.
Radcliffe discovered that by looking at the data the pump's USB device sends to a computer, he could 'instruct' the USB device and control the pump. If someone hacked into the device, Radcliffe said, that person may regulate the diabetic's insulin supply and create a deadly situation.
'My initial reaction was that this was really cool from a technical perspective,' Radcliffe said. 'The second reaction was one of maybe sheer terror, to know that there's no security around the devices, which are a very active part of keeping me alive.'
Radcliffe also found another device that helps manage his diabetes is vulnerable to attack. Wireless signals could go to a machine that displays his blood sugar levels, he discovered, and could trick it into displaying old information. A patient who didn't notice a problem, Radcliffe said, would not know to adjust his insulin dosage if the machine did not record dangerous levels.
The security researcher said he tested his theory on two different blood sugar monitors, and found that with a powerful enough antenna, a hacker would be able to get into the monitors from up to half a mile away.
Radcliffe said he reported the problem to his diabetes device maker, but hasn't made any brand names public. Radcliffe didn't want to scare anyone with his findings, but rather to make people aware their medical devices and apps were vulnerable to attack.
As more doctors than ever use smartphones and tablets, it may only be a matter of time before hackers find a way to attack medical apps and change them.
While many medical apps deal with for non-life-threatening conditions, such as diagnosing cataracts, other apps are vitally important for diagnoses and care. Doctors using Resolution MD Mobile, for instance, can scan stroke victims' brains with their tablets and smartphones, saving precious time on hospital runs in life-threatening situations. Another app, developed by Japan's Ohashi Clinic, lets doctors read EKGs on the spot rather than waiting for paper records.
There are also several apps that give patients blood sugar readings, including WellDoc, a new mobile app that helps people manage diabetes to reduce blood sugar levels. A hacker could feed any of these apps false information, which may endanger the well-being of those that rely on them for accurate information.
As medical apps continue to flood the market, such security flaws may become more commonplace. Medical app developers may do well to include sophisticated safeguards to protect their increasingly important diagnostic tools from attack.
Hackers Can Control Insulin Pumps, Researcher Says originally appeared at Mobiledia on Fri Aug 05, 2011 3:15 pm.
"
0 comments:
Post a Comment