A McAfee researcher has shown that it is possible to remotely hijack an insulin pump implanted in someone’s body. We may someday have internal devices that keep our organs functioning into super-old age, but will live in fear of computer viruses that explode hearts by sending pacemakers into hyperdrive, et cetera. The Register writes:
In a hack fitting of a James Bond movie, a security researcher has devised an attack that hijacks nearby insulin pumps, enabling him to surreptitiously deliver fatal doses to diabetic patients who rely on them.
The attack on wireless insulin pumps made by medical devices giant Medtronic was demonstrated Tuesday at the Hacker Halted conference in Miami. It was delivered by McAfee’s Barnaby Jack, the same researcher who last year showed how to take control of two widely used models of automatic teller machines so he could to cause them to spit out a steady stream of dollar bills.
“With this device I created and the software I created, I could actually instruct the pump to perform all manner of commands,” Jack told The Register. “I could make it dispense its entire reservoir of insulin, which is about 300 units. I just scan for any devices in the vicinity and they will respond with the serial number of the device.”
The hack he has devised would allow an attacker to manipulate the diabetic’s insulin injections and could possibly be used to kill the pump user. Radcliffe said that at first he thought it was cool for a tech standpoint and then since he uses an insulin pump he had an instance of “sheer terror” that there is no security on the devices.
An attacker according to Radcliffe could intercept wireless signals and broadcast a stronger signal to change the readout causing the person to adjust their dose. He also said that a person could do this from quite far away such as a few hundred feet away the attacker could do this from the same floor of a hospital or from the same airplane.