Black Hat: Hackers Can Take Control Of Diabetes Devices

Type 1 diabetics relying on radio frequency transmitting devices for monitoring and dispensing insulin might have one more thing to worry about -- the life-saving medical devices contain vulnerabilities that give potential attackers the ability to end their lives.

During a Black Hat USA conference presentation Thursday, security researcher and diabetic Jerome Radcliffe demonstrated how two of the most important instruments that monitor and regulate a diabetic’s glucose and insulin levels -- a Continuous Glucose Monitor and an insulin pump -- could be infiltrated by hackers and used for extortion or even lethal attacks against a user’s life.

Where attackers could really do the most damage is with the diabetic’s insulin pump, a device that administers insulin automatically at regular intervals in lieu of multiple daily injections.

The weakness in these pumps is that they rely on radio frequency, or RF, for wireless remote control that facilitates necessary communication between the device and the blood meter in order to dispense the required daily dose of insulin to the user.

That unsecured wireless communication could be intercepted and subject users to potentially lethal hacks conducted with simple exploit tools, Radcliffe said. Specific individuals could be targeted in malicious hacks or threats of attack simply if attackers were to find the device’s serial number, Radcliffe said.

’Now I’m thinking you could start attacking pumps from the other side of the world,’ he said.

Meanwhile, the pump’s design exacerbates the problem. The insulin pump is designed to read the data and work independently of the user, eliminating the user's ability to reset it manually. Radcliffe said that the automation feature means that the device dispenses insulin based on the data it is given, prohibiting an injection from being reversed if a user caught on to an attack.

’The insulin pump doesn’t have to bother the user. It eliminates the user. It will just act on the data,’ Radcliffe said. ’When I set the remote ID, it does nothing. That’s even scarier.’

In addition, the firmware running the pumps is often old and unable to receive upgrades, paving the way for potential vulnerability exploits.

’These devices are not designed to be updated,’ Radcliffe said. ’I’ve had mine for five years, and it’s never been patched.

As a first layer of defense against malicious attacks, Radcliffe suggested that the devices be secured with some kind of basic authentication mechanism, such as a passcode and PIN number preventing hackers from automatically taking control of the pumps. He also recommended that more insulin pumps be powered by infrared technologies rather than RF.

Unlike RF insulin pumps, ’they’re not as hackable and you can turn it off,’ he said. ’Don’t make it so easy to sniff these transmissions.’

NEXT: Hackers Can Intercept Blood Glucose Monitors

Another vital device ripe for hacking is known as a Continuous Glucose Monitor, or CGM, used to record the user's blood sugar levels throughout the day and night, Radcliffe said.

However, like a HAM radio, the CGM is also a radio frequency (RF) transmitting device, meaning that it relies on RF modules for the transmission of data at high speed.

The transmitter ID contains a chip that enables the capture of data, which Radcliffe said was ’tremendously helpful in how that signal is transmitted.’

However, that chip could also leave the device vulnerable to attacks, Radcliffe said.

’It turns out that these chips are also used in SCADA environments,’ Radcliffe said. "These are wireless chips that are used in chemical plants. And they can be used in a wide variety of environments.’

The vulnerabilities in the CGM could facilitate a replay attack, which could fraudulently repeat or delay the transmission of any captured data.

The security flaws could also be leveraged to execute a denial of service attack, which would force the device to stop working altogether.

The CGM could also be configured to provide an inaccurate glucose reading, potentially compelling the user to receive a dose of insulin that’s either too large or too small.

However, Radcliffe said that one mitigating factor would be the diabetic’s gut feeling about his or her own blood sugar level.

’The limitations here are hard to overcome,’ Radcliffe said. ’There’s that gut feeling. Every diabetic knows what it’s like to have low blood sugar. And many times you see the reading and know it’s wrong. I’ve seen it be over 150 points wrong. That experience is what would probably happen here.’