Researcher Names Insulin Pump Products Vulnerable To Hack

Four pumps from Medtronic--the number-one seller of insulin pumps in the U.S.--can be hacked wirelessly
At least four models of insulin pumps sold by Medtronic are vulnerable to being wirelessly hacked. In particular, an attacker could remotely disable the pumps or manipulate every setting, including the insulin dosage that's automatically delivered--every three minutes--to the user.

That was the report given by security researcher Jerome Radcliffe at a press conference on Thursday. Radcliffe, himself a diabetic, demonstrated the pump vulnerability earlier this month at the Black Hat conference in Las Vegas, by remotely disabling his own insulin pump live on stage. Executing the attack required less than 60 seconds, and would work from up to 100 feet away using Radcliffe's demonstration setup. But with some modifications, he said, an attack could be made to work from up to half a mile away.

At the time, Radcliffe declined to name the manufacturer or model of his pump, and obscured everything but the pump's LCD panel when demonstrating the attack. Following ethical disclosure guidelines, Radcliffe said he wanted to give the vendor time to address the flaws, which he exploited using a radio frequency transmitter and 10 lines of Perl code.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.