connected insulin pump

The first season of The Sentryo Files: Industries vs Cyberattacks comes to an end here. In this season finale, Sentryo discusses the cyberattack on a connected insulin pump.

Live cyberattack on a connected insulin pump

In 2011, a researcher in cybersecurity took control of a connected insulin pump after having intercepted radio frequency communication between glucose sensors and the injection pump. This researcher wanted to raise awareness among manufacturers of connected medical devices of the vulnerability of the IoT.

Context of the demonstration

The demonstration took place at Hacker Halted in Miami in October 2011. Barnaby Jack, a researcher at McAfee, demonstrated how he took advantage of a security flaw to take control of a connected insulin pump.

The attack was carried out live and was aimed at educating: the goal was to raise awareness among manufacturers of connected medical devices of the vulnerability of certain connected equipment.

How did the researcher take control of the insulin pump?

Thanks to a radio antenna bought on eBay for less than 100 euros, Barnaby Jack captured the data the glucose sensors transmitted to the insulin pump.

Based on the manufacturer’s documentation for the device, he determined a list of useful instructions for controlling the device and constructed several attack scenarios:

  • modifying information transmitted by the sensor in order to administer an overdose;
  • send radio commands directly to the pump to modify the injected doses without passing through the sensors.

What are the risks for patients?

Although this intrusion was aimed at revealing the security flaws in a connected insulin pump, it also brings into question the level of protection of IIoT and IoT, especially in the health industry. This type of cyberattack would have dramatic effects on diabetic patients whose well-being depend on these devices. Hacking into connected medical devices could even open the path towards a new type of crime (demanding ransoms, bribery, etc.).

Securing the IoT

Most often, connected objects transmit and receive unencrypted data which is susceptible to hacks. As for the connected insulin pump, a log analysis revealed a Java application that had not been obfuscated. Obfuscation renders code unintelligible by humans in order to provide protection against hacks. The security flaw is the result of the lack of anticipation of risks during device design.

To secure this type of connected object, several protection measures can be implemented:

  • reinforce the mutual authentication of glucose sensors and insulin pumps;
  • encrypt the signals exchanged in order to make them unreadable in the event of an external interception.

These security criteria must be taken into account starting from the design phase of these connected devices and external control systems. They should be able to cover the 3 major vulnerabilities of the IoT: confidentiality, encryption and authentication.

Confronted with the cyber risks of connected medical devices (insulin pumps, pacemakers, brain implants…), the US Food and Drug Administration opened an investigation. In its report, the FDA recommends that medical device manufacturers work closely with cybersecurity experts to detect vulnerabilities, correct flaws and monitor systems.

Go further

Sources: article written with the help of reports drafted by the SCADA work group of the French Information Security Club (Clusif) in 2017.