If you though Hackers Break into Car Using Android Smartphone was dangerous, think again! At the Black Hat security conference, security researcher Jerome Radcliffe has detailed how our use of SCADA insulin pumps, pacemakers, and implanted defibrillators could lead to untraceable, lethal attacks from half a mile away.
Security researcher Jerome Radcliffe is a diabetic who is connected to an insulin pump and glucose monitor at all times.This combination of devices turns me into a Human SCADA system.Radcliffe decided to find out if proprietary wireless communication could be reverse-engineered and a device used to launch an injection attack that would manipulate a diabetic’s insulin and possibly cause a patient’s death. At the Black Hat security conference, Radcliffe is sharing his findings in his presentation called, “Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System.”
He managed to intercept the wireless control signals, reverse them, inject some fake data, and then send it back to the pump. He could increase the amount of insulin injected by the pump, or reduce it. In both cases the pump showed no signs of being tampered with, and it did not generate a warning that he was probably about to die. “I can get full remote control,” Radcliffe said. “If I were an evil hacker, I could issue commands to give insulin, without anyone else’s authority. This is scary. And I can manipulate the data so it happens in a stealth way.”
Radcliffe wears an insulin pump that can be used with a special remote control to administer insulin. He found that the pump can be reprogrammed to respond to a stranger’s remote. All he needed was a USB device that can be easily obtained from eBay or medical supply companies. Radcliffe also applied his skill for eavesdropping on computer traffic. By looking at the data being transmitted from the computer with the USB device to the insulin pump, he could instruct the USB device to tell the pump what to do.