Security researcher Jay Radcliffe has demonstrated how a hacker could remotely attack medical devices used to treat diabetes.
Radcliffe developed a proof-of-concept hack on a continuous glucose meter (CGM), a wireless sensor inserted into human tissue that sends out a blood sugar reading every five minutes to a remote monitoring device, as well as an insulin pump that delivers insulin to the body via a subcutaneous tube on a person's midsection.
After researching the CGM's technical specifications, Radcliffe found that the communication between the body sensor and its monitor is unidirectional, which means "the sensor has no knowledge of what is receiving the data," he notes. Radcliffe dismantled the CGM and found that the chip inside is the same one used in automated computer networks that run industrial control systems.
Radcliffe says that a hacker could capture the sensor's output signal, corrupt it, send it back to the sensor, and trick diabetics into thinking their blood sugar was off. To attack the insulin pump, Radcliffe researched its specs, wrote a malicious script, loaded it onto a USB device that communicates via radio frequencies, and rigged it to remotely turn off the pump.
View Full Article
No entries found