HACKERS COULD TARGET medical devices such as insulin pumps for the diabetic, as security flaws have been discovered by a diabetic security researcher.
Security problems highlighted by Jay Radcliffe mean that attackers could alter the read outs of insulin pumps remotely, so diabetics could get too little or too much insulin.
Radcliffe shared the findings of his experiment with the Associated Press ahead of his presentation at the Black Hat security conference in Las Vegas today.
He told the AP, "My initial reaction was that this was really cool from a technical perspective. The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."
Other devices at risk include pacemakers and operating room monitors, some of which can be remotely controlled by medical staff.
He added, "Everybody's pushing the technology to do more and more and more, and like any technology that's pushed like that, security is an afterthought."
Not surprisingly, those who make the devices say that as experiments are only undertaken by expert security researchers, they are unlikely to be replicated in a real life scenario. It seems these companies are thinking more about profits than they are about patients' well being, as usual.
And they could well be wrong. Radcliffe found his insulin pump could be reprogrammed to respond to a stranger's remote and all he needed was a USB device.
He looked at data being transmitted from the computer with the USB device to the insulin pump, and could then instruct the USB device to tell the pump what to do - a very scary thought indeed. µ