Using a HackRF SDR to Withhold Treatment from an Insulin Pump

A MiniMed Insulin Pump

Recently Arstechnica ran a story about how during this August's Black Hat security conference, researchers Billy Rios and Jonathan Butts revealed that a HackRF software defined radio could be used to withhold a scheduled dose of insulin from a Medtronic Insulin Pump. An insulin pump is a device that attaches to the body of a diabetic person and deliveries short bursts of insulin throughout the day. The Medtronic Insulin Pump has a wireless remote control function that can be exploited with the HackRF. About the exploit MiniMed wrote in response:

In May 2018, an external security researcher notified Medtronic of a potential security vulnerability with the MiniMedTM Paradigm™ family of insulin pumps and corresponding remote controller. We assessed the vulnerability and today issued an advisory, which was reviewed and approved by the FDA, ICS-CERT and Whitescope.

This vulnerability impacts only the subset of users who use a remote controller to deliver the Easy Bolus™ to their insulin pump. In the advisory, as well as through notifications to healthcare professionals and patients, we communicate some precautions that users of the remote controller can take to minimize risk and protect the security of their pump.

As part of our commitment to customer safety and device security, Medtronic is working closely with industry regulators and researchers to anticipate and respond to potential risks. In addition to our ongoing work with the security community, Medtronic has already taken several concrete actions to enhance device security and will continue to make significant investments to improve device security protection.

In addition to this wireless hack they also revealed issues with Medtronic's pacemaker, where they found that they could hack it via compromised programming hardware, and cause it to deliver incorrect shock treatments.

Earlier in the year we also posted about how an RTL-SDR could be used to sniff RF data packets from a Minimed Insulin pump using the rtlmm software, and back in 2016 we posted how data could be sniffed from an implanted defibrillator.

8 comments

  1. Anon

    The image associated with this article is a new MiniMed pump (likely a 670G) while the vulnerability is reported to be in the older Paradigm line of pumps. There’s an optional “remote” that can be used by nurses or other caregivers to administer insulin without disrupting the wearer. In situations where the patient may have cognitive impairments (dementia, alzheimer’s, etc.) the controls on the pump can be disabled and the remote used to administer insulin instead to prevent inaccurate dosing. There isn’t quite quite enough information in the article, but I believe this remote is the attack vector used here. These older pumps are well known to have vulnerabilities which are exploited by the diabetic community to create more advanced therapy solutions. They operate on the 433mhz ISM band using a proprietary protocol and ship with a USB transceiver (CareLink) that can be used to control it. The protocol has been reverse engineered and the devices are secured with a simple 4 digit hex code which is easily brute forced. These researchers appear to be using an HackRF in place of the CareLink transceiver, which is a great advancement as I believe they’re no longer manufactured.

    I’m a ham and a diabetic that has used both the Paradigm line of pumps as well as the 670G pictured. I follow these events with great anticipation. MiniMed makes a great pump, but they’re really bad at software.

  2. DirtyCode

    The hackrf is a transceiver. Get your facts straight before you criticize you troll. You can definitely capture and jam or replay signals using a hackrf.

  3. John Clere

    Seems like FAKE NEWS. The SDR is a receive Software Defined Radio receiver. That being said it can see the frequency in use. Maybe it can observe the frequency and mode of digital commands but it’s not a transmitter. There’s a growing trend o journalism today to click bait you the reader to read sensational written stories based on misleading headlines and hype. Whoever wrote and approved to publish this fake news needs called out on it and should be getting corrected statements on this site as soon as they got it approved by the editor. It’s totally wrong and unless they use a SDR they shouldn’t be allowed to publish total nonsense about the SDR which is a great general coverage multi mode receiver that installs n between an antenna and a computer. Yes there is SDR Radios that do transmit, but that was not mentioned in any way. About me: I’m a licensed Amateur Radio Operator. I’m wondering if the arthor of this article has any credentials or is familiar with a $100.00 wonderful radio receiver called SDR Play? It has coverage, ( May Vary), between 100 kilohertz and 2 gigihertz. It can decide AM, WBFM, NFM, CW, fast scan TV, Slow Scan TV and many strictly Digital modes of communication. It’s a stretch to say that patients who need their insulin pump to inject them is gonna be remotely interfered with a SDR receiver!!! Thanks and my story is dead on opposing this grossly untrue, fake news story; as such it will probably be erased, but I said what had to be said. Thanks from John Clere Call sign N8TUY.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.