By Sebastian Anthony on August 5, 2011 at 7:00 am
If you thought that unlocking cars via SMS was the definition of nefarious, think again: at the Black Hat security conference, security researcher Jerome Radcliffe has detailed how our use of SCADA insulin pumps, pacemakers, and implanted defibrillators could lead to untraceable, lethal attacks from half a mile away.
Radcliffe, who is a diabetic with a wireless, always-attached insulin pump, was slightly worried that someone might hack his pump, meddle with its settings, and kill him — and so, in true hacker fashion, he has spent the last two years trying to hack it himself. Unfortunately, he was very successful. He managed to intercept the wireless control signals, reverse them, inject some fake data, and then send it back to the pump. He could increase the amount of insulin injected by the pump, or reduce it. In both cases the pump showed no signs of being tampered with, and it did not generate a warning that he was probably about to die. “I can get full remote control,” Radcliffe said. “If I were an evil hacker, I could issue commands to give insulin, without anyone else’s authority. This is scary. And I can manipulate the data so it happens in a stealth way.”
The problem with these wireless devices is that, rather insanely, they are not designed with security in mind. As with early computer networks, no one believes that someone would even try to hack a wireless insulin pump or pacemaker, and so they are left relatively unsecured. Some SCADA systems do use encryption, like the wireless control systems used by government facilities, airports, and power plants, but encryption adds complexity, power usage, and cost. The manufacturer of Radcliffe’s insulin pump obviously had to decide between being cheap and quick to market, or secure. Needless to say, now that Radcliffe has shown that it’s rather easy to kill a user of this insulin pump, the manufacturer will now move rather quickly to secure it before it loses billions of dollars in a lawsuit.
Unfortunately the weakness of “non-vital” SCADA systems is endemic. Three years ago, a similar vulnerability [PDF] was found in wireless pacemakers — and according to Brad Smith, a security researcher and also a registered nurse, these same wireless control systems can be found in other medical devices, too. The only saving grace is that no hacker has yet gone public with the exact process required to hack a modern, actively-used medical device — and indeed, the process will vary from device to device — but it does make you feel a little queasy that someone could park up outside a hospital or care home and kill with wireless, untrackable impunity.
The only solution, as with wired and wireless computer networks, is to step up security. Proprietary hardware would be a good start, and encryption could also be used — but in the case of implanted devices that must go for months or years without a change of batteries, the increased power draw of complex circuitry is highly undesirable. Ultimately, these wireless control devices must simply be built with the assumption that hackers will eventually break in. In the case of the insulin pump, it should contain hardware-level sanity checking. It could contain a piece of read-only memory that contains the minimum and maximum amounts of insulin that should ever be injected into the patient.
Read more at Scott Hanselman’s blog and VentureBeat