Tagged: insulin pump

Using a HackRF SDR to Withhold Treatment from an Insulin Pump

A MiniMed Insulin Pump

Recently Arstechnica ran a story about how during this August's Black Hat security conference, researchers Billy Rios and Jonathan Butts revealed that a HackRF software defined radio could be used to withhold a scheduled dose of insulin from a Medtronic Insulin Pump. An insulin pump is a device that attaches to the body of a diabetic person and deliveries short bursts of insulin throughout the day. The Medtronic Insulin Pump has a wireless remote control function that can be exploited with the HackRF. About the exploit MiniMed wrote in response:

In May 2018, an external security researcher notified Medtronic of a potential security vulnerability with the MiniMedTM Paradigm™ family of insulin pumps and corresponding remote controller. We assessed the vulnerability and today issued an advisory, which was reviewed and approved by the FDA, ICS-CERT and Whitescope.

This vulnerability impacts only the subset of users who use a remote controller to deliver the Easy Bolus™ to their insulin pump. In the advisory, as well as through notifications to healthcare professionals and patients, we communicate some precautions that users of the remote controller can take to minimize risk and protect the security of their pump.

As part of our commitment to customer safety and device security, Medtronic is working closely with industry regulators and researchers to anticipate and respond to potential risks. In addition to our ongoing work with the security community, Medtronic has already taken several concrete actions to enhance device security and will continue to make significant investments to improve device security protection.

In addition to this wireless hack they also revealed issues with Medtronic's pacemaker, where they found that they could hack it via compromised programming hardware, and cause it to deliver incorrect shock treatments.

Earlier in the year we also posted about how an RTL-SDR could be used to sniff RF data packets from a Minimed Insulin pump using the rtlmm software, and back in 2016 we posted how data could be sniffed from an implanted defibrillator.