back to article Insulin pump attack prompts call for federal probe

The hack of a commercially available insulin pump that diabetics can control wirelessly has attracted the attention of US lawmakers who oversee the safety of the nation's airwaves. In a letter drafted earlier this week, US Representatives Anna Eshoo and Edward Markey asked members of the Government Accountability Office to …

COMMENTS

This topic is closed for new posts.

Page:

WTF?

Holy Crap Batman, why can't I feel Muh Legs?

Bloody hellfire, hackable insulin pumps and pacemakers, remotely startable cars, Iranian Nuclear reactors - Whatever next?

Sounds like a something out of an Agatha Christie mystery, only real.

1
0
Stop

fix the damn thing....

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.”

The fact that you can in a lab means that its possible to do it outside a lab.... the fact that its possible to do it at all means it needs fixing....

28
0

Ah

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.”

So that's ok then. Bury your head in the sand because "It can't happen to you" (TM)

4
0

title

Not that it can't, just that it hasn't yet.

2
0
Silver badge

So why do you think that the attacked will be able to report it?

Driver with an insulin pump, vehicle, 70 mph. Pump blasts a lethal dose into the blood flow.

Nuff said.

2
0
Facepalm

Not that it hasn't happened yet...

... just that it hasn't happened to "their knowledge". Of course, its not quite clear how they would have known about it *had* happened, given that it was a risk they were unaware of and weren't looking for.

1
0
WTF?

Someone needs edumacating...

"Driver with an insulin pump, vehicle, 70 mph. Pump blasts a lethal dose into the blood flow.

Nuff said."

Obviously someone who doesnt know much about diabetes or insulin pumps but... the effects of insulin being pumped into the body are not instantaneous, at least not in the case of available insulin thats on the market, they take a while to do anything and generally you do feel the effects coming on. It would be more dangerous for someone say in charge of a plane...

0
0
Flame

I was thinking more of heads-of-state...

Don't like your current representative? Hey, we've got a sure fire way to kill him untraceably! Turns out, all you need to do is send him into a diabetic coma - and the best thing is, you only need to get within WIFI range!

0
0
404
Bronze badge
Alert

Lawyerspeak

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide"

Anyone who did die from their devices getting messed with, is in fact dead, has already had the insurance collected on, and we would rather not talk about it, k? CSI couldn't solve it, neither can you.

Lord Have Mercy!

8|

12
0
Silver badge
WTF?

only done by the "good guys" in the lab?

I'm supposed to feel better about that?

1
0
Silver badge
Boffin

No reports

"there has never been a single reported incident "

Nobody has reported being killed by this?

And exactly how would they know that it had happened? A diabetic feels ill, or their sugar levels vary unexpectedly, or they drop dead - does anyone check their insulin pump? And would there be any evidence left behind, especially if the attacker set it back to normal levels again later?

2
0
WTF?

Another bit of edumacation needed...

""there has never been a single reported incident "

Nobody has reported being killed by this?

And exactly how would they know that it had happened? A diabetic feels ill, or their sugar levels vary unexpectedly, or they drop dead - does anyone check their insulin pump? And would there be any evidence left behind, especially if the attacker set it back to normal levels again later?"

The pumps keep account of bolus injections that are extra to the basal ones...

Yes you have to check your pump, otherwise how would you change the insulin and cannula every three days? (If you didnt it would run out and youd be in serious trouble)

Yes there would be evidence left behind the insulin takes at least an hour on the quickest types to dissipate and also blood levels would differ to normal, and I would hazard a guess at there being ways of finding out what blood sugar levels where from HBA1C tests.

0
0
Bronze badge
Coat

Why, with technology like this...

Claus Von Bülow could have murdered his wife and escaped jail. Oh, wait...

1
0
Gold badge
Happy

@Havin_it

No. that should have read

Claus Von Bülow could have murdered his wife and escaped jail cheaply.

0
0
Silver badge
FAIL

Medtronic - "To our knowledge..."

<- Utter.

Good grief. Don't you just want to smack Mr. Medtronic upside the head?

There are actually tree stumps with more common sense.

9
0
Facepalm

"Titanic" mindset

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.”

No right, just like there was never a plane hijacked until someone first hijacked one. That someone manufacturing devices on which lives depend still lives in such a well padded cloud cuckoo land should be a major cause for concern to the regulators and users of such devices, although the inevitable US supersize lawsuit that would result would certainly put paid to any lingering smugness manufacturers may still be harbouring.

As a successful security model, pretending it won't happen to you died the death a long time ago, even for manufacturers of medical devices and voting machines.

8
0

Oh good grief people, live in the real world...

In these days of spin and image and scum sucking lawyers everywhere would you really expect a press release on the lines of "We're kakking our pants over this and the boys in the lab are desperately working on a fix..."

That sort of press release tells you exactly nothing about what the company's response to any possible vulnerability is because there are exactly no circumstances in which they'd say anything different.

3
7
Stop

No

They could say, "there was a possible vulnerability , but we've already fixed it as part of a routine security review" or something

1
0
Bronze badge

Never say anything different?

How about: we are take our customers safety seriously and purely as a precautionary measure have initiated a review of the security of our products.

Protecting your legal arse doesn't actually require sounding like a couldn't-care-less jerk.

3
0
Anonymous Coward

No such thing as a routine security review

On a device that actually injects insulin, any change at all will mean it has to go back to a complete review by FDA and CE before it can be sold. That's slow and expensive. Modifications to medical devices are not the same as browser patches.

I'm not saying they should ignore a problem; just that announcing an "important security fix" is coming would kill sales of the current devices, and they wouldn't get the replacements on the market for 1.5 to 2 years even if they had their internal development and testing complete next week, so they're not likely to say it.

0
0
Silver badge
Stop

Title required

That's pretty much exactly what they say. The Reg quote is just a small extract from the company's full response. If you read their take on things they sound like they have it in hand.

0
0
WTF?

Does

make you wonder how it got through 510k in the first place

0
0

Review?

Someone reviewed a wireless controlled device for injecting insulin, and didn't ask what is to stop someone hacking it?

Who do they get to do these reviews?

3
0
FAIL

Dumbass 30yrs past! We need to care what could be done today or future

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide."

Typical lawyer diversion from the real topic! - WHAT CAN/COULD BE DONE TODAY or FUTURE?!!

Gee lets see.... Even in the last 6 months we have new technology, more powerful smartphones, mobile radio devices, near field devices, Internet connected devices (deliberate+accidental).

It's a safe bet any that any experiments you do are far outpaced by the technology & the brainpower of a modern attacker. Checking a few production electronic car keys IS NOT THE SAME as checking for and defending against an unknown modified electronic car key (hardware+software)

We are already certain you don't defend against car keys & smartphones etc. because you say a medical device is not designed to be a car, Internet enabled device or a TV set.....

0
0
Anonymous Coward

pump user

My pump at least logs everything it's been doing for at least the last X days, mostly just total daily dose. Also records time and date of X bolus doses as well.

X = Not sure how many records it actually keeps, but I got bored of pressing the buttons once I went back through 50'odd entries.

Not possible with mine as it's not wireless, but even if someone did give me an unexpected bolus I'd know about it soon enough and would soon fix the problem with a bottle of Lucozade. There are also limits set on the pumps to fix maximum potential doses so that I don't over dose by mistaken button presses so the person hacking my pump would need to over ride those setting as well and I don't think those settings were available wirelessly on the demo pumps I looked at before from other manufacturers.

1
0

Not to terrify you, but do you wear the insulin pump at night?

As for boosting the radio range: http://www.turnpoint.net/wireless/has.html

0
0
Silver badge
Devil

So in the wireless case

So, let's say we have a wireless pump which does not require any authentication for the dosage changes. Why should be expect it to require authentication for clearing the log?

1
0
FAIL

At the bottom of every chip datasheet

There's a clause forbidding the use of it in life-critical devices (sometimes just medical devices in general) without the written permission of a very senior officer of the manufacturer.

Surely there's an equivalent for the software written for it?

I'm glad I'm still on the pills...

4
0
Coat

On off on off on off on ...

Does this mean hackers have discovered 'off switches' for humans? Yes I know, bad taste, I'll get my jacket...

0
0

of course it could be hacked but not all pumps

pumps that link to a Continuous Glucose Meter or use the remote control need to have wireless communication enabled to allow the devices to talk together. This gives an opportunity for someone to remote attack the pump - I doubt the authenication and encryption is strong enough to keep someone determined out. If you are not using one of these functions you can switch it off. Course if you are using an Omnipod you are out of luck - all the controls are on the remote so you must use it.

If you are using a non-integrated pump - ie the CGMS does not talk directly to the pump - then you don't need the wireless on.

Given that my pump and CGMS have difficulty talking with each other when they are more than about 30cm apart and you can't turn off the bloody beeping sound when you do anything I would probably notice someone attempting to adjust it, but you never know.

2
0

Medtronics Pumps

Mine can only talk to my glucose meter. No worries there for me. Meter doesn't make the pump do anything.

0
0
Silver badge

List to "Free as in Freedom" podcast, episode 15

http://faif.us/cast/2011/aug/02/0x15/

Now be afraid, be very afraid. You have no alternative but to have one inside your body, and you can only trust it works because the maker says so?

0
0
Silver badge
Big Brother

This is different from popping pills with some new molecule.

You can only trust that he FDA did its approvals correctly (probably not) and Pfizer didn't deep-six the study showing inconvenient results (probably not) or that the production machine was squeaky clean (probably but sometimes not).

To add insult to injury, you get to pay top dollar because of the patent before your liver gives out.

0
0
FAIL

Yes, this needs to be fixed

Yes, this vulnerability needs to be fixed, just like the myriad other ones in the world.

But it's a sad testament that we would NEED to fix something like this to prevent someone from possibly doing harm.

While I know it's not 1950 where (supposedly) you could just leave your keys in your car, not lock your front door, etc., where does it end? Eventually we'll be living in houses with shatter-proof windows in the off chance someone may throw a brick, and even toilet paper will have warning labels and come with an instructional DVD. (though that might not be bad for some people)

0
0
Silver badge
FAIL

Eh?????

Why the hell is such a device in need of a wireless connection at all?????

Come to that, why does it need a communication protocol at all!!!!

1
1
Silver badge
Boffin

RE: Eh?????

Of course it need a communication protocol, how else is the user going to tell it how much insulin to give? (This needs to be adjusted for diet, in case you didn't know.) A remote is very handy, because the device itself is worn under clothing and a wired remote would just end up getting tangled in things, not to mention making the user feel (even more) like some kind of freakish cyborg. So wireless seems like the way to go, If they could just figure out how to make it secure.

1
1
Silver badge
FAIL

RE: Eh?????............

It doesnt need any kind of communication protocol and since when did a patient decide exactley how much of their medication they need.

Insulin (and most other self administered injectable drugs) are a pre set dose.

The device only needs to be able to deliver say, 10mils every 4 hours. Or whatever.

At no point should a user be able to modify this out side some pre set parameters without a medical proffesionals say so. More importantly a NON user should have no hope whatsoever.

Even morphine injectors for use with cancer or other hugely painful cinditions can not deliver more than a preset amount in a certain time frame, and whilst the user can happily click away pumping the stuff in, the device stops over administration of the drug. 50 mils in a 5 hour period, ok, but not 51 till that 5 hour time is up!! Which is how they should work and indeed did.

So, as i said, the DOCTOR decides how much should be given. NOT the patient. The need for this device to be remotly controlled is utterly pointless and is there because someone decided it could. Not should, or must but because it could....An appliance waiting for an application....

0
2
Silver badge
Headmaster

Let's add a bit more common sense

Diabetics who don't get enough insulin will eventually enter a coma. It is thus VITAL that the dosages from an insulin pump must be readable and for preference adjustable by a person other than the user.

0
0
Thumb Down

@cornz 1

"since when did a patient decide exactley how much of their medication they need."

Adults with type 1 diabetes (like me) typically manage their condition themselves. I measure my blood glucose, estimate the carbs that I'm eating and the exercise that I'm taking and decide how much insulin I need to inject. I meet with a diabetes consultant or specialist nurse every six months to discuss how this self-management is going.

"At no point should a user be able to modify this out side some pre set parameters without a medical proffesionals say so."

I'm afraid you're simply wrong. Not just for diabetes but for many other long-term conditions, so-called "expert patient" schemes where the individual is given day-to-day control are quite commonplace. The days when such conditions were micro-managed by a medical professional are (happily) long since passed.

1
0
Boffin

@cornz1 - The basics of diabetic control

I'm sorry Mr/s. Cornz, but you could hardly be more wrong on just about everything you've written.

The diabetic herself decides, from day to day, even from hour to hour, how much insulin to inject/pump. This varies around an "ideal" dose, and depends massively on what is eaten, degree of exercise, degree of stress, etc. The amount of variation can easily be as much as 50%, or even more whilst suffering an infectious disease.

The doctor does NOT decide how much insulin should be given, except by giving individual guidelines.

The whole idea of an insulin pump is for a diabetic to be able to adjust the dose of insulin easily and rapidly, and to give boosts just before (or after) meals.

I sincerely hope you never have cause to discover these things for yourself.

1
0

Not always........

"Insulin (and most other self administered injectable drugs) are a pre set dose."

Bolus insulin is a pre-set dose that doesn't usually change without a doctor's say-so, BUT short-acting insulins are variable dose and can change from meal to meal, depending on the diabetic's blood sugar at the meal and the number of carbs in the meal. The doctor can give a base range for the short-acting insulin, but has no say over how much is actually administered at each meal as zie is not there to observe the exact conditions and dispense dosing advice. I know this because my husband has type 2 diabetes and his short-acting insulin dosages can range anywhere from 25 units to 50 units, at MY discretion, NOT the doctor's (I'm the one who figures out his dosages based on blood sugar and carb consumption and I'm better at it than the doctor is).

0
0
Silver badge
Facepalm

But you cannot

over-ride the pump unit to give you ALL the insulin in one go!!

This is the point im making. If (and i do speak ferom experience here) you are given an auto injector for morphine, you can administer it to yourself all day long, however, you cannot exceed a pre-determined amount or number of shots per day.

So you have 100mls of solution, to be administered 10 times a day.

Perhaps you can administer 5 of these in an hour, 5 the next but then you cannot administer anymore until the 24 hour period is up....

If, remotely, someone can adjust that without the users consent or knowledge then thats a stupid idea...

Thats my point....

Sheesh......

0
1

diabetes control is in the hands of the patient, not the doctor

"So, as i said, the DOCTOR decides how much should be given. NOT the patient. The need for this device to be remotly controlled is utterly pointless and is there because someone decided it could. Not should, or must but because it could....An appliance waiting for an application..."

Fairly safe to say that cornz 1 has no experience with Type 1 diabetes at all (Type 2 is a completely different kettle of fish).

My doctor has NO say in what my dosages are. He/she can advise or recommend but seeing as I live with this 24/7 and I see them for 5 minutes every 3 months to get my prescription renewed, I have a much better idea of how to manage my diabetes that they do. I will never take instruction from them, only advice.

1
0
Headmaster

@cornz 1

"But you cannot over-ride the pump unit to give you ALL the insulin in one go!!"

I can give myself as much or as little insulin as I like whenever I like. I am in complete day-to-day control of my insulin.

"Thats my point....

Sheesh......"

Your point was bollocks. Several people have tried to explain why your point was bollocks. If you had a bit of dignity at this point you would acknowledge that you were wrong and thank people for improving your understanding. But you'll probably just slink away or post some more backpedaling sprinkled with exclamation marks. Grow up.

0
0
Silver badge
FAIL

@ Cornz1

"X for morphine ergo X for insulin" FALSE.

Insulin and morphine are VARY different drugs, administered under VARY different rules, for VARY different conditions.

What is done for morphine (a highly addictive, opiate, analgesic (pain killer)) has nothing to do with with how Insulin (a hormone for regulating carbohydrate and fat metabolism) is regulated.

0
0

"So far, so good"

Man falling past ninth floor window gives thumbs up.

4
0
Gold badge
FAIL

Been coming for a *very* long time.

There's an old DDJ article about a guy trying to unscramble the serial port data from his glucose monitor.

As the actual *device* sets smaller (more concentrated insulin, more efficient pump design, smaller batteries) the UI (the buttons) become the limiting factor on reduction.

But what's OK for a *Monitor* should change *radically* when you can actually effect stuff IRL.

Logging the last changes is just a *start* (and note I'll bet that's just a good idea, *not* mandatory in the design of medical devices).

BTW some countries have a "Grandfather" provision for medical devices *unlike* drugs.

So I say "It's an insulin pump, just like insulin pump X" and the licensing authorities say "Fair enough type X passed you're clear to go."

It doesn't have to be *better* it just has to be *different* (but not *too* different).

While the idea that no one would investigate a diabetic whose just going along and suffers a massive insulin OD should be *very* far fetched given competent forensic techs and autopsy it's less clear cut if they were *doing* something which damaged the body. Driving a car would be the obvious one but I'm sure someone motivated to do this would find others.

0
0

It's probably like an RFID chip.

With a range of less than half an inch. And unless the hacker gets the correct channel first time, the victim notices and moves out of range.

0
2
Anonymous Coward

@Anonymous John

So absolutely no problem to kill someone in a packed commuter train when you're wedged up against him with your sequential channel scanning diabetic-o-zapem(tm)

Anyway, the RFID range limit is a false security as has already been shown with the RFID passports. Both ends of the link don't need to be high power or have comparatively large directional antennas, only one. So back to the packed tube train, you could stand at one end, and attack half the carriage - how nice of them to all stand within the couple of degree field of your antenna, hidden in the oh so obvious piece of luggage at your feet.

0
0
WTF?

The incidence of type 1 diabetes is about 10 people per 100k

Of that small population, a small subset will be using a pump rather than pens, and a smaller subset of those will be using a pump whose dose can be adjusted wirelessly, and an even smaller subset of those will be using the particular type of pump whose vulnerability your imaginary wireless murder machine would be targetting. So if you're lucky, you'll find one potential victim in every thousand packed tube carriages.

Worst. Serial. Killer. Ever.

0
0

Page:

This topic is closed for new posts.

Forums