The maker of an insulin pump that's susceptible to wireless hacking was identified for the first time on Thursday by a diabetic researcher who said the company repeatedly ignored his warnings. A commercially available pump made by Medtronic, the world's biggest medical device manufacturer, is vulnerable to attacks that allow …
It is strange-but-true that the systems where safety is most important can often be the ones that are least carefully designed. I thoroughly recommend reading up on the "Therac-25", a radiotherapy machine that would periodically zap patients with doses tens or hundreds of times stronger than intended. Even after a few deaths, the manufacturer was claiming that the software was implemented in such a way that it could not possibly fail. The complacent comments in the current story, where the manufacturer seems more concerned to re-assure their shareholders about their product than to ensure the safety of their patients, seems rather similar.
Start at http://en.wikipedia.org/wiki/Therac-25 and follow the links.
I'm no expert on wireless....
.....so I'd appreciate an answer from someone that is. Is it possible that random wireless interference could do the same damage as a directed hack? What are the sort of probabilities involved?
Just asking from a neutral viewpoint.
Safe from random accident, presumably
Otherwise diabetics would be dying when their mobile phone rings - and turns on its own powerful radio. Or when riding in a taxi. Or operating a cordless mouse. Or meeting another diabetic person, but I read somewhere that that is an actual problem with some appliance, you start wirelessly reading each other's blood sugar level instead of your own, and randomly giving each other insulin.
Evidently and presumably, -this- wireless device uses a digital communications encoding so that only messages digitally sent from or to its own partner control device are acted on. So interference doesn't cause a problem. But it isn't secure, and it could be interfered with deliberately.
However, he says "the techniques he developed are hard to execute in the real world" just now. You also probably have to get very close to your victim. But if more people get interested then it will catch on.
Pump you up
Unfortunately, it will likely take multiple deaths, wholly and legally attributed to their devices being maliciously hacked to force these companies to change.
How on earth would a medical person be able to tell the pump/device had been hacked in the first place? They are not techies, so the it is unlikely that they would be aware that this could happen, or know what to look for. And you can bet the industries lawyers know that.
Congressional investigation is just another euphimism for "please increase your campaign contributions or we will regulate you".
OMG, this is bad news
In other news:
Ford admits that terrorist mechanics could remove all the brake pads from your vehicle without needing to gain access to the cabin area. Ford owners are advised to remove all wheels and verify the existence of the brake pads before attempting to start the vehicle.
@OMG, this is bad news
Bad example, as I suspect most would notice someone physically entering their body to tamper with the unit.
Maybe "Ford denies FM radio can cause steering lock up" would be more appropriate?
Hmm, now what was the story about the Ford Pinto again....
Re: OMG, this is bad news
In yet other news:
Judge tells woman she can skip customs from now on.
If removing your brake pads could be via wireless I'd be worried. But it can't, can it, so it's a really stupid attempt at a counter.
@OMG, this is bad news (myself)
I wonder if I was misunderstood? Let me put it more plainly.
Almost all of the time, when someone wants to murder you, they'll pick up some nearby heavy or sharp object and attempt to employ it. Cases where they'll devise a scheme involving the cunning exploitation of high technology are mostly limited to James Bond-type stuff.
More specifically, supplying the wrong level of insulin to most diabetics will cause them to feel ill, which will prompt them to check their blood sugar, which will tell them that the machine isn't working right. So, it's not a sure-fire method. You should probably stick with the nearby heavy object.
Odd you pick ford...
"Maybe "Ford denies FM radio can cause steering lock up" would be more appropriate?""
Or perhaps more accurately a weakish EM radio pulse say from a taxi base station or CB radio can cause cruise control to lock out on full throttle leading to drivers having to learn how to switch off the engine and coast to a stop or in once case, swerve into a tree and while saving the lives of the people in front of him ended up killing himself.
IIRC The lethal CC system was withdrawn/replaced in the US but is *still* sold in the UK - he rest of .eu is another matter - thier .gov prpbably wanted heavier brown envelopes.
Speaking as a diabetic myself, I can tell you that it would only take a high level of insulin being injected to cause blood sugards to drop to dangerous levels.
This, in turn, manifests itself in a way that makes the diabetic appear to be drunk, rapidly followed by a diabetic coma, and potentially death if not treated rapidly.
Most diabetics whose blood sugars drop to these low levels are unaware, and frequently unable to do anything about it until it's too late to do so.
In a nutshell - this hack could kill, plain and simple.
Re: @OMG, this is bad news (myself)
You shoul;d take up homeopathy as you clearly have the required level of medical knowledge.
Not only that
...but presumably you could automate it and be away somewhere establishing an alibi.
Pump not inside...
@Paul Crawford: The pumps in question are not inside a person's body, they are outside.
Vote with out feet
Or more simply, next time your talking to your DSN or Consultant. Get them to bin anything with a Medtronic logo on it. If everyone drops them and makes it widely known through the NHS that there stuff can't be trusted than they will be forced through the market to respond. Sadly a slow way, but probably one of the best ways currently while they have there heads in the sand.
It's what I'm going to do when I see mine next month. I simply won't have anything made by Medtronic until the issue is fixed connected to me.
Just use Animas...
Animas pumps are far superior anyway. They actually seem to care about you, too, which is a startling difference in attitude compared to Medtronic. Animas pumps even use luer-lock connections on the cartridges, so you can use any infusion set you want, whether made by Animas or not. Many of my fellow diabetics that use minimed don't even realize they have an option other than the horrible little infusion sets medtronic ships (50/50 makes a luer-lock cartridge for minimed pumps).
Is the code...
...free software (or, at least, open source)? If not, then they are just as bad, they just haven't been caught out yet.
Closed source is not intrinsically bad, or even relevant here
The underlying issue here is that the manufacturer simply does not care. They have no interest in securing their systems, and their customers (in the form of private healthcare companies or national heath services or whatever) have no interest in demanding security from them.
This whole issue is rather independent of software philosophies, and even software at all.
These guys were caught out, publically named and shamed and they still don't care. Open or closed source firmware is irrelevant to that attitude.
If the code...
...is closed, then it has not been audited. We know the FDA does not audit the code, they rely on the company to write a report that says "All OK, guv. Honest."
"These guys were caught out, publically named and shamed and they still don't care. Open or closed source firmware is irrelevant to that attitude."
It's very relevant because if the code were free (not just open) then another qualified person could patch the vulnerability. The company caring or not becomes redundant as you can be sure the patients and their doctors care.
It uses Apache... whoops :-)
Not really. Well, I don't know. Maybe it does.
Race is on then! Let's see who gets a patch out first.
No one said free or open software was infallible. It's written/managed by humans after all.
And here we go, a bit later than originally planned admittedly
So, has the insulin pump been patched? I somehow don't think so. One major step towards fixing a problem is admitting there is one in the first place. Free software tends to be much better at that than proprietary.
Not a good step me thinks...
I am shocked by the companies attitude about this, medical devices should be as hevaly regulated as drugs when it comes to quality.
I don't know if any one rembers in the last few months some one from a surgical department in a hospital who takes care of the instruments used reported that about 50% of instruments where unsafe to use because they where produced incorrectly by hand in Pakistan and India forceps that had sharp edges that where intended for heart opperations, scalpels with badly ground edges he had a display of some common failues he found that should not have left the factory let alone nearly made it into the opperating room and would have if he didn't find them. And he called for more action in regards to regulation of such devices because they can cause so much harm.
In this case it's shocking not that it can be done, but the attituded the company seems to be takinging towards the safty of it's users because now that it's out in the open how long do you think it will be before some one trys this in the wild as it where? To much insulin will kill you or put you in a coma, to little can cause problems as well.
If I were Medtronic I would ignore him as well.
Jay Radcliffe made a mountain out of a molehill. If the pump's serial# is not included in the transmission it is ignored. A wearer of the pump would be less likely to give that out than his or her social security number.
sniff serial no.
And how easy is it to get the serial no. from sniffing and replay attacks? Wait until your victim eats in a restaurant, and changes the settings to compensate for the food.
re: If the pump's serial# is not included in the transmission it is ignored.
So you just needs to monitor transmissions to get the serial number?
How many digits and/or letters are there in the serial? If it's only numbers and a few digits then it would be pretty easy to try them sequentially.
Knowing the serial number...
How easy is the serial number to predict? And how many goes are you allowed before the system locks up?
Easy? and Infinite? That's what I suspect....
Dear would-be murderers.
You can extract enough polonium to kill a man from an anti-static duster.
You don't even have to magically induce type 1 diabetes in your potential victims or wait for them to buy a certain brand of insulin pump.
FFS. Get a grip.
Re: Not a good step me thinks...
"I don't know if any one rembers in the last few months some one from a surgical department in a hospital who takes care of the instruments used reported that about 50% of instruments where unsafe to use because they where produced incorrectly by hand in Pakistan and India forceps that had sharp edges that where intended for heart opperations, scalpels with badly ground edges he had a display of some common failues he found that should not have left the factory let alone nearly made it into the opperating room and would have if he didn't find them."
It looks like you have run out of full stops. Here. Take these: ......................................
Re: Dear would-be murderers
So, because you cannot protect yourself from every last threat in existence you should clearly not bother to protect yourself from any at all.
If I could make your house or car explode and kill you just by using a remote control, would you still drive the car and live in the house? After all, a would be murder could just break into your house and kill you with an axe!
Buy some cotton wool and wrap yourself up in it. And take some diazepam. All this panic can't be good for your blood pressure.
Curious. On the one hand you expect people to be able to take action to mitigate risks, yet on the other you argue against one measure the would permit those actions to be taken.
Hello there newfriend!
Hi Mentalfloss! I notice you've just joined! And already made three posts! And all of them in this thread! Welcome! We look forward to hearing more from Medtronic about this!
speaking as a medtronic pump user...
Am I bothered? Nah. I'm regularly checking my blood glucose levels using an meter (which is not part of the pump) and are well aware of the physical symptoms in myself if I have too much or too little insulin.
Yes it should be addressed and resolved, but it is not an OMG the sky is falling issue. Upgrade the microcode and then as people replace their pumps (which they need to do every 4 years anyway) they get the fix.
I do believe it is!
There is no such thing as 100% secure or 100% risk free.
"The Medtronic spokeswoman didn't address Radcliffe's claims directly, but said the “risk of deliberate, malicious or unauthorized manipulation of our insulin pumps is extremely low.” Maybe, but it's telling that a diabetic hacker thinks otherwise."
Exactly how is this telling? And what do you think it is telling of?
The risk _IS_ extremely low. It is low to the point of being negligible. It is not anything that a typical user would even begin to worry about. Insulin dependant diabetics have a hundred more important things to worry about before this even enters their heads and a dozen different ways they can end up in hospital that are hundreds or thousands of times more likely than this supposed hack.
The story is that a hacker has managed to find a chink in one of the devices he owns and has used it for some self-promotion. The fact that it is an insulin pump is neither here nor there. I hope he gets a job out of it ... he clearly has some technical skills. But that's as far as it goes. Arguing that "oh but he's diabetic" is irrelevant to the point of being patronising.
(disclaimer: I'm type 1 diabetic, have worked on the development of wireless medical devices but have no direct or indirect connection with this manufacturer)
You can never be 100% safe, so why try be safe at all!
Medtronic were lazy and irresponsible and they simply do not care that they have exposed users of their products to risk.
That is what is the issue here. They just don't care, they don't care enough to design something well, they don't care enough to test it thoroughly, and they don't care enough to do anything about their mistake.
You may feel free to continue to do business with a medical device company that has no regards for your safety or wellbeing below the bare minimum required of them.
I've read that twice and I can't find a single phrase that usefully relates to anything I wrote in my previous post. Did you click the wrong reply button?
you are right, the risk of someone exploiting it is extremely low, but that's no excuse, the consequences could be fatal!
The lapse in security is bordering on negligence! Just because people aren't generally likely to want to tamper with them, doesn't mean they won't* and doesn't excuse it making it easy.
*some time ago, near me, a group of kids found someone drunk, passed out at a bus stop. They set him on fire "for a bit of a laugh". Imagine if they could get some cheap kit that would make anyone with an insulin pump, who walks near it, collapse and slip into a coma!
@ anonymous paranoid 17:58
Pure unadulterated whatiffery.
As industries start to build computers into their products and attach them to networks and radio transmitters they become vulnerable to all kind of new attacks they fail to understand.
It is "standard procedure" that the go through several phases before their products eventually become secure enough to operate reliably in the new networked environment.
The first phase is almost always: Denial.
This is where Medtronic is now.
Remember Microsoft, the CCTV industry, the burglar alarm people, SCADA, etc.?
Why is everyone concentrating on murder by insulin/no insulin?
It's probably true that, when most people kill, they do so in a pretty obvious way and often in the heat of the moment with an improvised weapon.
However, mild poisonings by jilted lovers or competing coworkers can't be all that uncommon, can they? All it would take is for your partner to think you were cheating for them to slightly up or lower your dose enough to cause you problems leaving the house, for example.
So I'm not convinced the danger here is out-and-out murder in a James Bond style by person's unknown. After all -- I bet most poisonings are more Ex-Lax in the milk than Polonium in the sushi...
Blackmail seems more likely.
'Why is everyone concentrating on murder by insulin/no insulin?'
Sure, there are many easier ways to bump someone off, but people are really fucking stupid, especially when they think they have a built in 'it was an hacker what killed him' defence.
Secondly, the assumption is that the intended crime is murder; but this works way better as blackmail: 'Dear Medtronic, £1 million in used fivers or your customers start dropping. Capeesh?'
"All it would take is for your partner to think you were cheating for them to slightly up or lower your dose enough to cause you problems leaving the house, for example."
That's not how insulin works. A slight decrease would have no short term effect. A slight increase would lead to hypoglycaemia which, depending on the subject, would mean obvious symptoms followed by a quick dose of glucose and an inspection of the pump, or falling into a coma. And if a malicious partner wanted to feck about with a diabetic's blood sugar then there are many other much simpler ways they could do it, from swapping fast- and slow-acting insulins to putting sugar instead of sweetener in a cup of coffee.
I'm sure people can dream up a hundred different ways this hack could be exploited that might make it into a CSI:Miami script, but nobody has yet come up with a realistic real world risk.
"putting sugar instead of sweetener in a cup of coffee."
I can certainly tell if there is sugar in my coffee instead of sweetner. It has a sticky texture and a totally different flavour for one.
"Dear world's worst blackmailer. Ahahahahahahaha. Yours etc. Medtronic."
What's the bets it registers a wireless network with the SSID "InsulinPump" and accepts a passwordless telnet session to 192.168.0.1, or has a cute little web interface...
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*