HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
First it was pace makers, now insulin pumps are vulnerable to hackers? What kind of sick bastard would hack a pace maker or insulin pump?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Insulin Pumps, Monitors Vulnerable to Hacking
- Thread starter HardOCP News
- Start date
Astronomica
Gawd
- Joined
- Sep 18, 2008
- Messages
- 755
Luckily he only said it was possible, and that no one has actually used it yet.
I don't think hackers would be that mean.
I don't think hackers would be that mean.
- Joined
- Jun 27, 2001
- Messages
- 15,814
think about it, you could take out a target via RF... doubt this would be random attacks
As a user of an insulin pump with RF abilities, this does not surprise me.
But other than assassination, I can't see this being an issue. You're still suppose to do manual readings multiple times a day.
other hand... i can see Big Pharm hacking em and making them use just a tiny bit more insulin... so you have to buy more quicker.
But other than assassination, I can't see this being an issue. You're still suppose to do manual readings multiple times a day.
other hand... i can see Big Pharm hacking em and making them use just a tiny bit more insulin... so you have to buy more quicker.
somecallmeTim
[H]F Junkie
- Joined
- May 28, 2001
- Messages
- 9,565
or give you less to produce certain effects that will cause you to need MORE EXPENSIVE pharmaceuticals... I would not put it past them for being that evil.
I doubt your random hacker or script kiddie would mess with someone's medical devices - well, the really stupid ones maybe.
defunctdoormat
Limp Gawd
- Joined
- Nov 25, 2010
- Messages
- 189
I would not put this past anti-social kids learning to hack. They already hate people. Why not screw some up? Their morals are already twisted. There are too many cases of kids doing really messed up things to other people out there. I can't believe anyone here doubts for a second that it would be done as a joke by some kid.
piscian18
[H]F Junkie
- Joined
- Jul 26, 2005
- Messages
- 11,020
I was bleeding the coolant in my cpu cooler the other day and a virus bit me. Hurt like a muthafucker.
D
Deleted member 89137
Guest
The fact they publish news like this is only going to make hackers try it for themselves.
Seraphical
Limp Gawd
- Joined
- Jun 28, 2006
- Messages
- 351
Yes... lets keep it on the down-low... that way nobody is sure to do anything about it...
Sometimes you need to make public mention of something to get the manufacturers/developers who screwed up to take responsibility to get it fixed...
Also, sometimes ignorance is not bliss.
my 8 year old is on a Medtronic insulin pump and if someone hacked it I'd end up going to jail if I found out who it was. I was excited to hear that Ford was going to add a feature to Sync that would allow remote glucose monitoring in a future update. Would make our road trips easier.
Posted via Mobile Device
Posted via Mobile Device
Aren't ALL Script Kiddies stupid? Otherwise they'd at least write their own virus...
I see this as a danger, especially with stupid kids. They don't like kid X and think this would be a nice equivalent to a punch in the nose, they aren't capable of realizing it would KILL the person...
Cummon, we're all nerds, we were all picked on in school (unless you went to one of those ritzy private schools) do you honestly thing the big, stupid, schoolyard bully wouldn't do something like this? (with access today to the simple-GUI computers, even HE could launch an attack like this...)
temujin987
[H]ard|Gawd
- Joined
- Jun 24, 2008
- Messages
- 1,351
who would do it? if there's profit to make there will be people that do it.
1 find vulnerable peacemaker
2 ask for a grand or else you die
3 ????
4 profit
not that i like the idea, just answering the question of who would do that.
1 find vulnerable peacemaker
2 ask for a grand or else you die
3 ????
4 profit
not that i like the idea, just answering the question of who would do that.
lilbabycat
2[H]4U
- Joined
- Jun 21, 2011
- Messages
- 3,810
I don't see why people are surprised by this. Having worked on a multitude of medical devices, many with wired/wireless connections, as well as standard USB, SD Card, etc slots.... it's just a matter of knowing the program and what to change in it. Most passwords are set to their manufacturer defaults...so if they can connect to the network that they communicate from, they are free to do whatever with them.
A mass attack / alteration would be possible, but it would be difficult say for a hacker to target one specific device so that it malfunctions on one particular person, as most of the vital equipment doesn't directly hold patient information. Someone who was able to get that privileged of information would more than likely be able to just physically walk into the hospital/medical center and manually alter the device in person...so "who cares" about the hack-ability of these devices ? The time required to pull off something that this would be much better off using traditional "terrorist" methods to cause chaos.
Meh
A mass attack / alteration would be possible, but it would be difficult say for a hacker to target one specific device so that it malfunctions on one particular person, as most of the vital equipment doesn't directly hold patient information. Someone who was able to get that privileged of information would more than likely be able to just physically walk into the hospital/medical center and manually alter the device in person...so "who cares" about the hack-ability of these devices ? The time required to pull off something that this would be much better off using traditional "terrorist" methods to cause chaos.
Meh
somecallmeTim
[H]F Junkie
- Joined
- May 28, 2001
- Messages
- 9,565
Now that I've thought about a bit.. yes, stupid people would hack these sorts for things. I stand corrected. Some good insights added since I posted...
D
Deleted member 89137
Guest
Yes... lets keep it on the down-low... that way nobody is sure to do anything about it...
Sometimes you need to make public mention of something to get the manufacturers/developers who screwed up to take responsibility to get it fixed...
Also, sometimes ignorance is not bliss.
Good point, but still its one of those things where its like... wtf
some people are just too crazy.
What are they thinking making these things remotely controllable?
For when the person is in the hospital so nurses/doctors can monitor and adjust it from the nurses station. It's a good idea but there needs to be a physical on/off switch for the wireless or an added component that ties it to the hospital network ONLY
D
Deleted member 89137
Guest
I could see this happening. Most people who don't have a close family member with Type 1 diabetes doesn't understand how serious it is when a person with type 1 goes hypoglycemic. Some idiot scripkiddie will think this will be a harmless joke and end up sending someone to the hospital or grave.
I watched this presentation at Black Hat today, it was very informative but definitely not script kiddie type attack where they can just download something and hit exploit.
The wireless com discussed didn't have anything to do with in hospital monitoring, it was about the sensor that a Type 1 diabetic uses to continually monitor their sugar level and adjust their insulin pump levels. The research was very good though because it can apply to not only medical devices by wireless industrial control systems as well. In fact, he stated the specific chip used in the glucose monitor was also used in those devices.
Kudos to Mr. Radcliffe for highlighting this vulnerability. Integrated hardware devices with wireless or net access are becoming a huge treat and the barrier to entry for attacking them is much lower than it used to be. Without this knowledge being public, the vendors will not improve the security and the bad guys will make use of the exploits anyways. The sad thing is these embedded systems are making the same mistakes that the rest of the net made 10-15 years ago with insecure protocols, but they didn't learn anything and just made the same mistakes.
The wireless com discussed didn't have anything to do with in hospital monitoring, it was about the sensor that a Type 1 diabetic uses to continually monitor their sugar level and adjust their insulin pump levels. The research was very good though because it can apply to not only medical devices by wireless industrial control systems as well. In fact, he stated the specific chip used in the glucose monitor was also used in those devices.
Kudos to Mr. Radcliffe for highlighting this vulnerability. Integrated hardware devices with wireless or net access are becoming a huge treat and the barrier to entry for attacking them is much lower than it used to be. Without this knowledge being public, the vendors will not improve the security and the bad guys will make use of the exploits anyways. The sad thing is these embedded systems are making the same mistakes that the rest of the net made 10-15 years ago with insecure protocols, but they didn't learn anything and just made the same mistakes.
I just wanted to add to that researchers have been pointing out problems with these systems for years, but for the average person out of sight = out of mind. Until they know it can possibly affect them, they won't consider why security is important.