For diabetics, dealing with an insulin pump is enough of a hassle—and sometimes worry—without taking malevolent hackers into account. In this month’s IEEE Spectrum, Morgen E. Peck sounds the alarm about medical-device hacking. Peck and others at the Black Hat 2011 security conference watched a diabetic hack his own insulin pump at a security conference. There was no encryption on the device, nor did it issue a warning that the settings had been changed. Still, the risk is largely hypothetical at this point: Hacking an insulin pump “requires the advanced technical know-how of a security expert and a proximity of no more than 30 meters.” The man who hacked his own pump, Jerome Radcliffe, isn’t bothered enough to stop wearing his device.
But as Chester Wisniewski, another diabetic who was at Black Hat, points out on the blog Naked Security, “At this point in time it is not possible to ‘patch’ the firmware on a device, leaving it vulnerable for the life of the device (usually five to 10 years).” Today’s minor threat could as companies release more implanted, autonomous medical devices, and as hackers become more sophisticated, it’s not impossible to imagine some truly harrowing scenarios—for instance, a rogue nation or terrorist hacking a world leader’s defibrillator.
Read more on IEEE Spectrum.