×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Probing Insulin Pumps For Vulnerabilities

Soulskill posted more than 2 years ago | from the panic-versus-sanity dept.

Medicine 81

Several readers have sent in news of a presentation at the Black Hat security conference from a diabetic security researcher, Jerome Radcliffe, who is looking into the security of automated insulin pumps. While most of the headlines are sensationalist, referencing "lethal attacks from a half-mile away," Scott Hanselman breaks down the media reports and weeds out the inaccuracies, explaining that while this is a valid area of concern, diabetics don't need to cover themselves in tinfoil just yet. "Just to be clear, Jerome has not yet successfully wirelessly hacked an insulin pump. He's made initial steps to sniff wireless traffic from the pump. I realize, as I hope you do, that his abstract isn't complete. Hopefully a more complete presentation is forthcoming. I suspect he's exploiting the remote control feature of a pump. ... What Jerome has done, however, is posed a valid question and opened a door that all techie diabetics knew was open. It is however, an obvious question for any connected device. Anyone who has ever seen OnStar start a car remotely knows that there's a possibility that a bad guy could do the same thing."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

81 comments

There is a bigger picture. (0, Troll)

Dr.Bob,DC (2076168) | more than 2 years ago | (#36997312)


The problem is not insulin pumps, the larger issue is the epidemic of diabetes the world is dealing with. It's not all about the HFCS you eat.

Did you know that diabetes has been associatted with nervous system disorder? [jamesfamil...ractic.com]

and also associated with musculoskeletal issues? [dynamicchiropractic.ca]

Yet more proof that a poorly functioning or subluxation-laden nervous system is the root cause of our suffering.

If you have classic signs of diabetes such as drastic weight loss, frequent urination, loss of energy or loss of appetite please visit a reputable Chiropractic office. Tell the Doctor you are there for symptoms of diabetes. He will examine your spine and radiating nerves for telltale signs of diabetes-causing subluxation and will treat them. You should see relief from your symptoms in only a few short weeks.

If you've suffered real pancreatic damage from, for example, a car accident or gunshot, then you may need to see an MD for insulin.

Take care,
Bob.

Re:There is a bigger picture. (1, Informative)

somersault (912633) | more than 2 years ago | (#36997446)

The weird thing is not knowing if you're just crazy, stupid, or a very patient troll..

The first link is from 2006, you'd be better posting the follow up of if/when they did a study on humans.

Your second link also just says that diabetes causes problems, not that those problems cause diabetes.

Re:There is a bigger picture. (1)

Anonymous Coward | more than 2 years ago | (#36997448)

Would you please apply some chiropractic treatment to your brain? It seems in need of one.

explointing (0)

Anonymous Coward | more than 2 years ago | (#36997724)

I think the article should say exploiting, not explointing.

YOU WILL NOT PASS! (1)

Thud457 (234763) | more than 2 years ago | (#36997746)

Dr. Bob, to be honest, I'm much more concerned about the infiltration of our society by fatass cyborgs.
Kudos to Jerome Radcliffe in his fight to defend Sarahs Conners' doughnuts.

Frist psot or was it? (-1)

Anonymous Coward | more than 2 years ago | (#36997492)

I would have made frist psot but my insulin pump got hacked and I went into a diabetic coma.

What pump has *control* via wireless? (2, Informative)

Anonymous Coward | more than 2 years ago | (#36997510)

Various pumps record RF transmission of blood glucose readings from glucometers, or from continuous glucose sensors that connect to a pump. This includes the Medtronic Paradigm I'm wearing right now. But this number is visibly displayed as part of the setting to request a "bolus" of insulin, and no current pump that I can find closes the feedback loop and allows the glucose sensor to directly control the pump: this is because the continuous sensors are, basically, very expensive ouija boards that require frequent recalibration with an actual finger-prick based glucometer. They're basically no more useful than checking in the mirror for muscle tremors or changes in vision associated with extremely high and extremely low blood sugars, or keeping track of how often you need to pee. (I've tried the continuous sensors: they all suck.) There is no pump on the market that is directly controlled by a continuous sensor: they're not accurate enough to rely on.

It is theoretically possible to skew the continuous sensors over a long period and encourage over, or under, dosing of insulin. This could particularly be an issue during the night, when actually verifying it with a finger-stick blood sample is unlikely. But such errors would show up pretty quickly as being out of sync with morning measurements, and with remotely good control, most of us diabetics have learned to detect, without instruments, what our blood sugar is. The sensors provide invaluable calibration and fine tuning for that sense, but gross errors would be noticeable to most of us.

Of course, if I caught anyone screwing with my glucose readings this way, they'd die the death of a million blood samples before I was done with them.

Re:What pump has *control* via wireless? (4, Informative)

Gunnut1124 (961311) | more than 2 years ago | (#36997618)

Omnipod and OneTouch Ping both use the same type of wireless control unit, though not directly inline with a CGM. The system he tested (Paradigm Reveal) is a 2 part loop that requires human interaction. (ie CGM tells you a glucose reading, then you use the pump to decide how much insulin to deliver.) All he was able to do was jam the data from the real CGM sensor and spoof it with false data. That's not exactly "hacked" but is a threat. The pumps with wireless control units are where I'd expect to see the primary fault and possible loss of control. (FYI, I'm a diabetic with a deep knowledge of both these systems from a user's perspective, as well as an IT worker in a medical field. These may not be perfect credentials, but I figure it might be relevant.)

Re:What pump has *control* via wireless? (0)

Anonymous Coward | more than 2 years ago | (#36997768)

My medtronic minimed pump can be controlled wirelessly as well.

Re:What pump has *control* via wireless? (1)

MattJD (1020453) | more than 2 years ago | (#37000268)

I know Animas's OneTouch Ping also is remotely controllable from its meter. It isn't a closed loop, but you could definetly pour a good amount of insulin into someone.

Also, studies have shown that people cannot accurately predict there glucose levels. While people can tell they are off (especially low), exact numbers are hard to produce.

Re:What pump has *control* via wireless? (1)

Lehk228 (705449) | more than 2 years ago | (#37001110)

biological neuro nets are inherently bad at making exact estimates, but they make up for it by being able to be sensitive to extremely small variations. compare perceived light levels indoors under lamps vs outdoors in sun, or perceived smell when a stench is first introduced to 6 hours later. look at the blue/yellow optical illusions, http://www.lottolab.org/illusiondemos/Demo%2012.html# [lottolab.org] when you activate the mask it will look like it is cheating and the squares are changing colors, confirm the honesty with ms paint, the squares really are all the same grey squares

Re:What pump has *control* via wireless? (2)

tirerim (1108567) | more than 2 years ago | (#37004412)

There's an optional remote control [minimed.com] for the Paradigm that can be used to deliver insulin. It's a $150 accessory, and of the several pumpers I know (including myself), I don't know anyone who has one, but it does exist. Since you have to turn on the option from the pump (Utilities -> Connect Devices -> Remotes, on the 723), it's probably impossible to exploit on someone who doesn't already have a remote, but it seems entirely plausible to do so if they do.

And I'm right there with you on the CGMSs. Bloody useless (literally) -- I tried it for about a month and gave up. They might work better for people with nice, consistent schedules for eating and exercise, whose blood sugars don't change that much or that rapidly, but if you have that I don't see why you would need a CGMS in the first place.

I have a hackable device (1)

Wyatt Earp (1029) | more than 2 years ago | (#36997524)

I have a Medtronics Nerve Stim in my chest with a wireless remote.

In my experience you have to get the handheld remote or it's antenna lead within a half inch of my skin right over the device.

http://professional.medtronic.com/products/primeadvanced-spinal-cord-neurostimulator/index.htm [medtronic.com]

Re:I have a hackable device (1)

AJWM (19027) | more than 2 years ago | (#36998022)

Or further away with a more powerful transmitter and a directional antenna. Of course at the limit the attacker does away with the subtle apporach and just blasts the device with an EMP (or you with a shotgun). Depends on how "accidental" he wants it to look.

Re:I have a hackable device (1)

pnewhook (788591) | more than 2 years ago | (#36999264)

Of course at the limit the attacker does away with the subtle apporach and just blasts the device with an EMP (or you with a shotgun)

Yes, because an attacker is going to set off a nuke to generate an EMP with the sole purpose of frying everyones medical implants.

Agree a shotgun would be a lot easier and less evil-fanatic like.

Re:I have a hackable device (1)

AJWM (19027) | more than 2 years ago | (#37012132)

There are ways to generate a (small, but lethal in this case) EMP that don't require a nuke. But a shotgun is still easier.

Re:I have a hackable device (1)

Chewbacon (797801) | more than 2 years ago | (#36998400)

Put a magnet over a pacemaker or AICD and it's hacked. Probably won't do any damage and unless the patient is asleep, they'll just pull it off.

"Easy to make" (2)

0100010001010011 (652467) | more than 2 years ago | (#36997612)

Medical Device #1 costs $500. It was made with an embedded RTOS on a ROM. It does one thing, ALL the time.

Medical Device #2 costs $250. It was made with Windows CE, a cheap TTL motor and a simple full screen app that launches at boot. It was developed fast, breezed through FDA 'certification'.

Which one is the normal consumer going to buy?

See also voting machines, ATMs, etc.

Re:"Easy to make" (2, Funny)

Anonymous Coward | more than 2 years ago | (#36997658)

The one that really whips the llama's ass?

Re:"Easy to make" (2)

magusxxx (751600) | more than 2 years ago | (#36997912)

You forgot Medical Device #3 which can run Doom.

Re:"Easy to make" (1)

cayenne8 (626475) | more than 2 years ago | (#36998170)

Hey, just wait for the federally mandated, remotely accessible Harkonnen heart plugs are installed into everyone.

Then there will be NO more protests.....citizen.

......or else...

Re:"Easy to make" (1)

Rich0 (548339) | more than 2 years ago | (#36998164)

Yeah, but in this case medical device #1 costs $5k - insulin pumps may be simple, but they are NOT cheap.

In theory the whole reason medical devices are so expensive is precisely because the vendor has to ensure that stuff like remote wireless hacks can't happen.

I've thought about what it would take to build an insulin pump. To do a cheap job probably wouldn't be very hard - a simple pump just needs a syringe with a plunger and a motor that runs at constant speed.

But, start thinking about all the "what if's". The device has to be designed so that if you shake it the syringe or whatever won't push out a few mL of insulin, and then aspirate back in some air or interstitial fluid or whatever. If you try to change the syringe without detaching it from your body it shouldn't suddenly gravity flow or whatever. If you invert the thing it can't cause any problems. If the battery starts to go too low it needs to warn the user and not do something stupid like run at the wrong rate.

Oh, and any random combination of keypresses/etc has to result in the device staying in a controlled state. Now, you can't prevent all user error like the user telling the device they just ate a cheesesteak when they skipped a meal, but you need a reasonably robust UI and never have a failure mode that results in something that doesn't make sense.

So, something like an insulin pump requires both good software engineering and good hardware engineering. Oh, and our crazy regulatory/insurance system is going to probably require a bazillion tests to show that it meets some kind of medical outcome (and not just test that when you say you output 2 units per hour you do that). Then you're going to be selling thousands of these and not millions, so the per-unit sunk cost is pretty high.

So, I can see why it costs a fortune.

Re:"Easy to make" (1)

Anrego (830717) | more than 2 years ago | (#36998540)

I imagine liability also plays largely into it. They have to be covered when one of these things kills someone and the family sues them for 3 billion dollars.

I've thought about what it would take to build an insulin pump.

When I first read this, I thought you were planning to do so! After reading the whole post I realized that wasn't your point, but at first I was envisioning some arduino controlled contraption. I can't wait till this actually starts happening.. OSS/DIY medical gear!

Re:"Easy to make" (1)

orangesquid (79734) | more than 2 years ago | (#36998834)

"OSS/DIY medical gear!"
Measurement is already here.
Link #1 - http://openeeg.sourceforge.net/doc/ [sourceforge.net]
Link #2 - http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=homemade+ekg [google.com]
Of course, control is another issue, but there's still some things you can do with little more than a soldering iron:
Link #3 - http://www.instructables.com/id/Build-A-TENS-Machine-to-Remove-Pain/ [instructables.com]

Re:"Easy to make" (1)

Rich0 (548339) | more than 2 years ago | (#37006792)

Yup, measurement is definitely the safer place to start - especially with non-invasive gear.

If somebody ever creates a closed loop sugar measurement / insulin pump system it probably would wipe out half of the world's healthcare spending...

Re:"Easy to make" (1)

pnewhook (788591) | more than 2 years ago | (#36999282)

As a designer of medical devices, based on the description device #2 could never exist.

Re:"Easy to make" (1)

RockDoctor (15477) | more than 2 years ago | (#37004554)

Not doubting your assertion, but on what grounds?

Re:"Easy to make" (1)

pnewhook (788591) | more than 2 years ago | (#37008176)

Basically everything stated:

- "Windows CE" Any device must be proven by the manufacturer to not cause patient harm if an component within it fails. This includes software, and when calculating probability of failure, software is assumed to fail 100% of the time.

- "cheap TTL monitor" Any hardware must conform to stringent medical standards and if fails be proven not to cause patient harm

- "Developed fast" The amount of documentation required on process, design, testing and validation means it simply cannot be 'developed fast'

- "breezed through FDA certification" FDA certification takes years, including patient trials to show it is safe. You simply cannot 'breeze' a product through certification.

The poster is simply talking out of his ass, not knowing what he's saying.

Re:"Easy to make" (1)

RockDoctor (15477) | more than 2 years ago | (#37012568)

-Since all software is assumed to fail 100% of the time, and by implication all software failures will cause harm, then no medical devices can include software of any sort? Is that what you're saying?

What about a "cheap TTL monitor" would fail which medical standards and necessarily cause patient harm on failure. TTL (transistor-transistor logic, unless it means something else in this field) can include fairly substantial voltages, but proper (not necessarily expensive, just proper consumer-grade design) is perfectly capable of preventing the user from coming into contact with these voltages. I'd guess that anything above IP44 (Ingress Protection [wikipedia.org]) would do, perhaps IP56 for "wet" patient care areas. Appropriate earthing. and isolations.
Standard electrical/ electronic regulations, if adhered to, mean that when I'm using a keyboard, I'm not particularly bothered by the fact that an associated CRT monitor has tens of kilovolts inside it. It's not a significant hazard, which is easily controlled to present a low risk.

- "developed fast" certainly is associated with inadequate documentation, but not necessarily. Poor documentation is more strongly associated with "developed cheaply" than "developed fast". IMHO.

-"breezed through $CERTIFICATION" is pure hyperbole, and dismissed as such.

Again, not doubting your credentials, but what precisely is it about specifically Windows CE that would render it automatically unsuitable for the application in question? Or, by your implication, for use in any medical device? Compared to, for example, an embedded Linux on some small PLC? For the application described, hard real-time isn't necessary (take a reading ; calculate the amount of insulin needed ; prime the pump ; fire the pump ; after a few minutes, repeat), so if the system crashes and comes back up in a matter of only a few minutes, then it's not going to cause a problem as long as the code is appropriately resilient. (That's things like detecting repeated failures and raising an alarm, auditing the pump ; using some sort of system to verify the concentration of drug supplied to the pump ... IANAmedical-device-designer, but this is up to the device and software designer, not the OS per se

Oh, sorry, by the criteria you've stated, you can't have any sort of software in the device. Because all software fails, and fails harmfully.

So, since by your statement, no medical devices can use software, if I rip apart (say) the emergency defibrillator on the wall beside my desk (I'm sharing an office with the rig's HSE guy), I'd not find a line of software inside it anywhere? Right.

Re:"Easy to make" (1)

pnewhook (788591) | more than 2 years ago | (#37020670)

Since all software is assumed to fail 100% of the time, and by implication all software failures will cause harm, then no medical devices can include software of any sort? Is that what you're saying?

No. Software can fail and not cause harm. That's the art to system design - no matter what single failure happens to software on my systems, absolutely nothing hazardous can happen to the patient.

cheap TTL monitor

What you say is perfectly correct. It comes down to patient safety and whether all electrical design and safety have been taken into account. The medical device manufacturer would have to certify any monitor (or any other commercial device) for compliance, cheap or not.

Poor documentation is more strongly associated with "developed cheaply" than "developed fast". IMHO.

You not only have to document the software, but the architecture, and the process used. Testing must be complete and recorded properly. If it has a GUI then it also must go through user trials to show the GUI is clear and not confusing to the operator. This all takes time.

what precisely is it about specifically Windows CE that would render it automatically unsuitable for the application in question?

I never said it was unsuitable. I just said any device must be proven that it will not cause harm if it fails. It all depends on the device and your argument that it doesn't matter if it crashes since that patient cannot be harmed is valid. So then it comes down to can it miscalculate the times (double dose or miss a dose), or calculate the dose incorrectly or fail to restart if crashed.

Oh, sorry, by the criteria you've stated, you can't have any sort of software in the device

I never said nor implied that

Because all software fails, and fails harmfully.

Clearly false. As I said as a designer of medical devices (with lots of software) you can have medical devices with software. You just have to prove that no matter what the software does, the system will not harm a patient. If you cannot then it will certainly fail the certification process.

if I rip apart (say) the emergency defibrillator on the wall beside my desk (...), I'd not find a line of software inside it anywhere?

Of course you will find software, but you will also find failsafes in hardware (or possibly independent software) that ensure that if the software did fail, it's impossible for the patient to be shocked incorrectly

Re:"Easy to make" (1)

RockDoctor (15477) | more than 2 years ago | (#37031696)

Oh, sorry, by the criteria you've stated, you can't have any sort of software in the device

I never said nor implied that

That was certainly the implication that I picked up ; hence the RAA (definition [wikipedia.org]).

It comes down to patient safety and whether all electrical design and safety have been taken into account. The medical device manufacturer would have to certify any monitor (or any other commercial device) for compliance, cheap or not.

Again, I'm reading that as --no medical device manufacturer can ever say "plug in a COTS monitor with resolution between [this] and [that]" -- ; every time, they've got to specify their own non-commodity, not-off-the-shelf device. Which in the real world would probably mean that they have to buy a warehouse full of one batch from a factory somewhere, batch-test, then sell them on as certified monitors at horrendous costs.

Sounds insane, but also sounds credible.

War story :
When I started in industry, we did a lot of long-term monitoring (24x7x[several weeks] runs were, and remain, common) using 19in rackmount multi-channel chart recorders with multiple channels. 1% accuracy was more than sufficient. Cheap and dirty when the system was designed in the early 1980s. Come the early 1990s and we could not get suitable analogue chart recorders anywhere. We could get digital ink-jet ones, where you had to spend 5 minutes typing on a phone-style keypad to put up a comment "KD@1234.56m, and where the ink would run if the sweat from your brow dripped onto the paper, and the paper was so thin that the shift's log disintegrated into confetti the third time it was unfolded to be looked at. Crap designs, not suitable for the job, at 5 times the price. (And then the price of consumables!! Every design full of non-interchangeable consumables ; different models in the same family using different parts ; excellent business design, terrible to work with.)
The only suitable analogue recorders we could find were antiques (i.e. mid-1970s models) for the medical market. Which were eye-wateringly expensive, as I'm sure you can imagine.
Until one of the holding companies went bust and, so the story I was told goes, one of our buyers found about a thousand of these recorders in a "fire sale" in some mid-Western-US middle-of-nowhere town and brought up enough to keep the company globally operating for another 4 or 5 years.
I still think the ink-on-paper recorders do a better job than the digital display screens. The mid-90s digital display in the corner of my office has just frozen - again ; third time today - and still plots 15 parameters illegibly on one grid and displays a maximum of 2 hours of operations history. Crap. but that's history.

(Incidentally, we're in the business of interpreting these displays ; there's no money in doing the monitoring itself, which is why typical global R+D budgets for these companies are in the 10s of thousands of euros. And why this job has Win2k terminals driving DOS-5 digital chart recorder applications and databases. There's no budget for developing anything new. Nor, TBH, any desire to.)

Re:"Easy to make" (1)

rhalstead (1864536) | more than 2 years ago | (#37006582)

I'm amazed that the simple system using Windows even passed the FDA validation tests. It would not have passed a simple FDA network validation if there is any chance that a signal could interfere with the operation. I was a project manager for implementing Laboratory Information Management Systems, better known as LIMS and we would have had a problem using wireless devices just to pass data from testing. If another wireless device on the same frequency or close to it could block or interfere is would have failed.

My experience (2)

TheCabal (215908) | more than 2 years ago | (#36997632)

My wife uses the OmniPod disposable pumps. They are controlled by a wireless PDA-like device. When she was switching from a conventional pump to the Omnis, I wrote to the company and asked them to explain to me how their wireless technology works, what protocols are they using, what security measures they have taken to protect the pods from malicious activity. My concern was the possibility of an outside party either deliberately or accidentally messing with the pod settings, and minimizing insulin delivery or pushing a huge bolus.

I even offered to sign an NDA. Obviously, the company was less than willing to divulge their proprietary secrets, and I was shuffled off to a PR flack, who just reiterated the same marketing material over and over.

Re:My experience (1)

TheCabal (215908) | more than 2 years ago | (#36997978)

Just a followup to this, I posted a summary of the article on Facebook, and my wife predictably reacted the same way the press did.

Me: "Guy gives a talk about the *possibility* of hacking a wireless insulin pump"
Wife filter: ZOMG HACKERS ARE GOING TO KILL US!

After answering questions of responsible disclosure and security through obfuscation, she asked why someone would want to do such a thing as try to kill a diabetic. She was unfamiliar with the term "for teh lulz"

Re:My experience (1)

Rich0 (548339) | more than 2 years ago | (#36998276)

Well, why would anybody kill anybody?

Certainly if you are going to build a medical device that uses wireless technology you need VERY strong security controls around authentication/etc. If somebody steals your handheld controller and does a mission impossible on it I could understand that no security is perfect. On the other hand, I shouldn't be able to take apart my insulin pump and then use what I learn to remote control your insulin pump.

The wireless features are handy. The typical use cases I'm aware of are:

1. You test your sugar with a glucose monitor. You tell the monitor what you are about to eat. The monitor recommends a dose, and upon confirmation tells your pump to administer the dose.

2. You have a four year old with diabetes. You set the pump on full lockout mode so that they don't kill themselves, and then just manage their diabetes with the remote monitor. At the appropriate age you start teaching them what you're doing. You don't even have to wake them if they're sleeping to adjust things.

Never owned a pump, but I've been the the position of having to shop around for them recently...

Re:My experience (1)

DrgnDancer (137700) | more than 2 years ago | (#36998432)

I think both you and your wife are missing the most likely threat vector here. Black Hat hackers may not be, in general, the most empathic of people; but I doubt there are many that would simply kill a random diabetic for the Hell of trying a new hack. A much more plausible situation is someone using a mature form of this to kill a specific person that they hate or who has something they want, who also happens to be a diabetic, in a nearly untraceable way.

Motiveless murders, while they grab headlines becasue of their horror and senselessness, are pretty rare. Murders with motives and murders who'd like to stay out of prison are much more common. The number of people who would "want to kill diabetics" in an abstract sense, is vanishingly small. The number of people who might want to kill a specific diabetic, for a specific reason (probably having to do with money or sex) is doubtless much higher.

Re:My experience (1)

TheCabal (215908) | more than 2 years ago | (#36998596)

Note that I also said I was concerned that an outside party accidentally changes the settings on the pods. I think that is far more likely, but people aren't really going think that walking past the microwave or the 802.11 router is really a threat.

Re:My experience (1)

pnewhook (788591) | more than 2 years ago | (#36999304)

but people aren't really going think that walking past the microwave or the 802.11 router is really a threat.

If it is a certified medical device, there is no way walking past a router or microwave is going to change the settings.

Re:My experience (1)

LWATCDR (28044) | more than 2 years ago | (#37000334)

I wouldn't worry about people trying to kill random people how ever I do think that there are way too many people that would think it was "funny" to really mess with people. "Dude, did you see those four just drop like a rock! That was so cool!"
For example http://en.wikipedia.org/wiki/Anonymous_(group)#Epilepsy_Foundation_forum_invasion [wikipedia.org]
I just hope that they hackers are being as responsible as possible and are not going to publish this until any vulnerabilities are fixed. I would suggest publishing the results to all medical device makers so they can also check their devices for simular issues.

I came here to say: (0)

Anonymous Coward | more than 2 years ago | (#36997634)

Insulin pumps - Because an actual cure wouldn't make your life depend on their wealth.

It's not ... what you thought
When you first began it
You got ... what you want
Now you can hardly stand it though,
By now you know
It's not going to stop
It's not going to stop
It's not going to stop ... 'til you wise up

You're sure ... there's a cure
And you have finally found it ...
You think ... One drink
Will shrink you 'til you're underground
And living down
But it's not going to stop
It's not going to stop
It's not going to stop ... 'til you wise up

Prepare a list of what you need
Before you sign away the deed
'Cause it's not going to stop
It's not going to stop
It's not going to stop .. 'til you wise up
No, it's not going to stop
'til you wise up
No, it's not going to stop
So just ... give up

(Aimee Mann - Wise Up)

Re:I came here to say: (1)

MightyYar (622222) | more than 2 years ago | (#36997670)

Yeah, those insulin-making fat-cats are just a bunch of societal parasites.

(Wow)

Re:I came here to say: (0)

Anonymous Coward | more than 2 years ago | (#37006110)

Yes. Why else would Eli Lily hand Prozac and Speed (Adderall) to school children like candy?

They are drug dealers! Not in the nice kind. In the "making money off of junkies" kind.

So fuck you, for defending those who make our children in to junkies for the quick buck!

Can you spell ACTUAL CURE, you disgisting retard?

Re:I came here to say: (1)

MightyYar (622222) | more than 2 years ago | (#37013562)

That's a nice little rant there... Now back to insulin.

How is producing insulin evil? There ARE people trying to cure diabetes, and I'm guessing you aren't one of those people.

Had a pump for 8 years (3, Interesting)

sheepweevil (1036936) | more than 2 years ago | (#36997646)

I've had a minimed paradigm for about 8 years now, and all of what Scott said makes sense. In addition, there are a few more things which make this impractical. I assume the researcher is trying to hack the "Remote" option. Not only do you need to turn the remote option on, you need to add IDs of the remotes to the pump itself. So unless you can figure out how to add IDs remotely, you have to find someone with a remote, and get the ID from the remote.

Second, there's a limit (at least on my Paradigm version) of 20 units of insulin at a time. I haven't tried this, but I think there's a system to prevent you from giving multiple 20 unit boluses at a time. Since I take around 14 units for some meals, 20 units of insulin is conceivable to overcome just by eating sweets, and there's always glucagon injections in a pinch. My pump makes a sound when it is done giving a bolus, meaning the diabetic could notice that a bolus was given (perhaps the beep is turned off for continuous glucose monitoring systems though).

Finally, hypoglycemia is rarely fatal. From wikipedia [wikipedia.org]: "In nearly all cases, hypoglycemia that is severe enough to cause seizures or unconsciousness can be reversed without obvious harm to the brain." So even if you figure out how to give a remote bolus and succeed, it isn't likely to kill the diabetic.

Re:Had a pump for 8 years (0)

Anonymous Coward | more than 2 years ago | (#36997732)

Agreed. Type 1 diabetic here, and while it wouldn't be great to have someone slipping me insulin, it wouldn't be fatal for most diabetics. Some do have less sense of low blood sugar, but most of us do feel it coming on and can act appropriately. The danger I imagine would be in doing this to someone who has another issue preventing them from being in full control, like illness, drunkenness, being a child, etc.

Re:Had a pump for 8 years (1)

TheCabal (215908) | more than 2 years ago | (#36997860)

I disagree. My wife is a brittle diabetic, and she's spent so much time in her childhood years at extreme highs and lows, she's become somewhat desensitized to low blood sugar until she's in the 50 range. There have been a few cases where she has felt a low coming on and collapsed before she could get to something to eat. Other times, she's acted drunk while hypoglycemic and refused to eat anything.

Of course, she's probably one of the exceptions for the "most diabetics" case, but it matters to me.

Re:Had a pump for 8 years (1)

X0563511 (793323) | more than 2 years ago | (#36997842)

Do you wear these systems all the time? What would happen if such a thing happened while you were, say, driving? Or doing something else where the symptoms could result in maiming?

Re:Had a pump for 8 years (1)

tirerim (1108567) | more than 2 years ago | (#37004504)

As a rule, the symptoms don't just come out of nowhere—if you're driving, and start to go hypoglycemic, you just pull over, treat it, wait 15 minutes, and start up again. (There is a such a thing as hypoglycemia unawareness, in which the symptoms do come on much faster and at a lower level of blood glucose, but that's an individual-specific thing that results from having too many lows to begin with, so it doesn't affect the general population of diabetics.) The bigger danger, as I said in my reply to sheepweevil, is in situations where you're less likely or able to notice the symptoms.

You brush over the danger of hypoglycemia (2)

Shivetya (243324) | more than 2 years ago | (#36997850)

Sorry, but my mother is type 1 as well and Hypoglycemia is the biggest danger she faces on a daily basis. Why? Because it can occur without her recognizing it. Sure we all know the symptoms, she certainly does, but one problem with low blood sugar is that your not always thinking clearly and you don't always arrive at low blood sugar at the same rate. Worse, depending on many other issues one day's low blood sugar can have different results than another.

The real threat here is for those type 1s who are not in constant contact with other people, like a spouse or children in the same home. I made a trip to my parents one day to drop some boxes off, I was under the impression they were not going to be home. I saw my mom's car in their garage but still was under the assumption that she was with my dad. Well low and behold she was in the house and barely conscious. When I was able to recover her (that wonderful rescue shot plus tabs/juice) we went over what happened. She knew she was low and was going to fix it... but.. but... and there she went. She sat down started to check her pump and passed out. Her blood sugar fell. Now imagine, your asleep. I know the pump vibrates, well it falls to the side, it the needle comes out, or any other many problems that can occur... and if your alone or not checked for how many hours - well you get the picture.

Now contrast this with hyperglycemia (too much), she has never gone unconscious in this state. She has had throw up fits and such, but she was always able to try and fix it. She could even get herself to the hospital. She has been well past 600+, she knows people who went higher. She spent days over 400 with the hospital unable to explain it. She was fully functional. You cannot same the same for low blood sugar.

I just wanted to reply so that people don't get the idea it rarely is fatal which implies its not dangerous. Its very much going to be fatal if someone is not around to help you and honestly, if your type 1 I would make sure people know that if your not where you should be then there might be a problem.

Re:You brush over the danger of hypoglycemia (0)

Anonymous Coward | more than 2 years ago | (#36997956)

I'm a type 1 diabetic that has lived alone for over 10 years, and I somehow have survived. Diabetes is a pain in the ass, but it is manageable, especially if you're willing to test often, modify your diet, and know your body.

Re:You brush over the danger of hypoglycemia (1)

Rich0 (548339) | more than 2 years ago | (#37000030)

Yup, hypoglycemia is no joke - I help take care of somebody who is diabetic. Hospitals always error on the side of hyperglycemia as a result - it is harder for them to control sugar with everything going on so they'd rather go too high than too low.

That said, I've heard that studies have shown that tight sugar control improves hospital outcomes. That being the case I don't know why hospitals don't just put all their diabetics on insulin IV pumps. Check their sugar hourly until you get a baseline and then maybe back off on the checks. If something goes wrong you can stop the pump and the insulin will clear very quickly (IV insulin has a half-life measured in minutes I think - much faster than even a pump). If they're concerned about interruptions/etc they could use lantus/etc for baseline coverage as well and augment with an IV.

The more I've read up on pumps the more convinced I've become that we should be treating a lot more people with them. Sure, if you can get your A1C down to 6 or whatever without a pump and without hypoglycemic episodes, then why deal with the complications. However, many people have fairly poor control from oral meds and it probably is a lot better to be more aggressive. I'd also love to see continuous glucose monitoring become more popular - it would allow for more aggressive treatment and in the long term probably save a lot more than it costs...

Re:You brush over the danger of hypoglycemia (0)

Anonymous Coward | more than 2 years ago | (#37001010)

Most people who uses pumps are type 1 diabetics. Type 1 diabetics do not use oral medications as they treat insulin sensitivity, and type 1 is the result of a lack of insulin production by the body.

Re:You brush over the danger of hypoglycemia (1)

Rich0 (548339) | more than 2 years ago | (#37006852)

Absolutely true on all points, and I still stand by what I said.

What I was getting at is that more type 2 diabetics should be treated with pumps. I think that too many doctors settle for "the best that can be done with oral meds."

If that is good glucose control, then fine. However, often it isn't. From what I've both read and seen firsthand unless you're talking about an 85-year-old who you're consigned to putting in "hospice," you're much better off being more aggressive. While shots or a pump are inconvenient, the kinds of health problems that come up after 5-10 years of high blood sugar are FAR worse.

By all means try to fix the insulin resistance first. But, until you've figured out how to fix that pumping a patient full of insulin will at least keep them from having to get their more essential arteries stented, their eyes lasered, and so on. The best way to do that I've seen is aggressive monitoring with frequent medication tweaks until they're stable, and if that isn't working a pump gives you the most fine-grained control possible.

Re:You brush over the danger of hypoglycemia (0)

Anonymous Coward | more than 2 years ago | (#37012256)

"hypoglycemia is rarely fatal"
That's like saying most people hit by a gunshot survive. It's something we try to make as rare as possible because it can be fatal, and even if it's not fatal it can cause brain damage, and even if it doesn't kill or cause brain damage, it's a horrible thing to go through.
It's irrelevant that it's "rarely fatal."

Re:Had a pump for 8 years (1)

cnettel (836611) | more than 2 years ago | (#36997910)

You are assuming there are no holes in the protocol. How is the ID pairing truly done? Is it possible to do some kind of hardware reset over the wireless interface, either by design or by an implementation flaw? Is the ID sent in clear, or is there some proper handshake going on? If there is a cryptographic handshake, is it based on a single common certificate? (Reverse engineering one remote would then still be enough to spoof the ID of any other.)

If the secret of the ID itself is supposed to maintain security, how many requests can be sent in a certain timeframe. Can the pump be fooled to drain its battery receiving bogus wireless messages? There are so many possible attack venues. That does't mean this is necessarily a bad thing, but a high-level understanding of how the system is supposed to work hides so many possible ways to circumvent it.

You didn't even bother to mention the classics. (0)

Anonymous Coward | more than 2 years ago | (#36998224)

Buffer overflows and hard-coded priviliges! Where's the love?

Re:You didn't even bother to mention the classics. (1)

Nemo's Night Sky (1051346) | more than 2 years ago | (#37002230)

there is probably a debug ID that is hard coded to be accepted by all pumps within the model version. basing my statements on absolutely nothing i am pretty sure this is the case just because this is how the tech world works. factory testing, device failure analysis, recovering locked out units with lost/broken remotes are not necessarily, but certainly most easily and cheaply (in terms of material and man work hours), implemented by hard coded privileges "protected" only by obfuscation... the burden of proof shouldn't be on me or some black hat to say it is or isn't so. the burden is on the manufacturer to prove this to the customers and government oversight. (lol @ government oversight) p.s. malformed packets ftw as for buffer overflows. now who wants to bet the protocol is nothing more than a heavily modified ZigBee?

Re:Had a pump for 8 years (2)

fermion (181285) | more than 2 years ago | (#36998206)

Remote IDs, at least for some wireless, is not an issue. Sniff the network for IDs, spoof those ids, and you're in. That is why on networks I want to remain private, I not only close the network, require MAC, but also have a password.

As far as the 20 unit limit, the security of this is dependent on whether the setting is in hardware or software. If it is in software, there is a possibility that the limits can be overridden and all insulin can be dumped. Even if in hardware, and constraints between dumps is likely software, and can be hacked.

I cannot fathom a reason why someone would want to mess with the instrument, other than to show it can be done which hopefully will result in a more secure device. A more secure device will reduce the possibility of accidental dosage errors.I mean really all that needs to be done is figure out a way to remotely disable the injection mechanism while making everything show normal and that could quickly lead to a fatal condition. if that is accidental, and not malicious, the outcome is the same. It is like those warning to turn off electronic devices on an airplane. It is scary knowing that one gameboy could down a plane, though I know it is not quite that bad.

Re:Had a pump for 8 years (0)

Anonymous Coward | more than 2 years ago | (#36998598)

all that needs to be done is figure out a way to remotely disable the injection mechanism while making everything show normal and that could quickly lead to a fatal condition.

Disabling the injection mechanism would result in high blood sugar, not low blood sugar. That would not quickly be fatal unless you're not testing your blood sugar regularly like you should. The biggest danger would be finding a way to get the pump to send a megadose of insulin. The user would likely feel the burn of the injection but by then it would be too late to stop it.

Re:Had a pump for 8 years (1)

tirerim (1108567) | more than 2 years ago | (#37004490)

No, there's nothing to prevent you from giving multiple consecutive boluses. I occasionally eat enough in one sitting that I need about 30 units, and I just give myself a second bolus right after the first one. (More often one of them is actually a dual or square wave, but it does happen that both of them are normal boluses.) It's designed to guard against human error, nothing more.

As for the dangers of hypoglycemia... yes, it is fairly easy to treat a hypoglycemic seizure. I've had quite a few of them, though none since getting a pump ten years ago. But I was also lucky enough that someone else was there to help me each time. If one of those had happened while I was alone, it could easily have killed me, especially if it were induced by a significant overdose, rather than just a bit too much long-acting insuling and being tired enough that I didn't wake up when it hit. If you're unconscious, you can't eat glucose or give yourself a glucagon injection. And if you're already asleep, you might not notice the bolus being given, and you might not wake up for the hypoglycemia, either, or might wake up too late—I had one instance in which I woke up low, started shoveling glucose tablets into my mouth, and still lost consciousness and started seizing before they hit my bloodstream. Again, there were people around, but if there hadn't been, and especially if there were still a significant amount of insulin in my system at that time, I probably would not be here talking to you.

Re:Had a pump for 8 years (0)

Anonymous Coward | more than 2 years ago | (#37006150)

I'm a brittle diabetic and I've been using MiniMed's insulin pumps for the past decade. 1 unit of insulin will lower my sugar 70 points. If I were to get 20 units in one bolus with my sugar being 100 at the time it would lower my sugar to -1300. I'm pretty sure that would kill me.

look out or you may be faceing attempted murder ch (1)

Joe_Dragon (2206452) | more than 2 years ago | (#36997652)

look out or you may be facing attempted murder changes just for trying to hack some thing like this.

Re:look out or you may be faceing attempted murder (1)

X0563511 (793323) | more than 2 years ago | (#36997854)

Yea, because he's totally doing this on live machines attached to patients who depend on them...

One thing I'm getting tired of for sure. (0)

Anonymous Coward | more than 2 years ago | (#36997666)

Media is picking up on every tiny thing and blowing it out of proportion. It's like suddenly every news station is Fox News Jr.

Heart devices are similar (0)

Anonymous Coward | more than 2 years ago | (#36997710)

Many heart devices being implanted into people surviving (or having been determined to be at risk of) e.g. cardiac arrest also has wireless access. For example, a friend of mine has an implanted ICD (http://en.wikipedia.org/wiki/Implantable_cardioverter-defibrillator - basically an implanted heart monitor and defibrillator), which wirelessly connects every now and then to a modem he has at home, which in turn forwards data from the device to the local hospital. In addition to transfering data from the devivce, the wireless connection can also be used the other way around, for changing the configuration settings of the device (including which hearth rate the person should have), or even trigger a defibrillation shock.

One has to hope that these things were built with security in mind, but if the history of communication security is any guide...

Re:Heart devices are similar (1)

camperdave (969942) | more than 2 years ago | (#36998376)

One has to hope that these things were built with security in mind, but if the history of communication security is any guide...

One should not have to hope that these things were built with security in mind. One should be able to find out definitively. One should even be able to find out definitively that the FDA, or the AMA, or whoever is in charge has checked and certified that these things were built with security in mind.

Re:Heart devices are similar (1)

pnewhook (788591) | more than 2 years ago | (#36999360)

The regulations surrounding medical devices require documentation, disclosure to regulatory bodies and fault analysis to the same degree of the safety surrounding manned space flight. It takes literally years to prove your device is safe before it can get released to the general public.

Pump User Here: (1)

DramaGeek (806258) | more than 2 years ago | (#36997734)

I realize many of these points are pointed out in the article, and I will be repeating them here for those of you who didn't read it:

There are several types of wireless communication built into my pump (A Minimed 722 with a CGMS sensor):
1.) Sensor (inserted elsewhere into body) sends current glucose level to pump
- Requires the sensor serial to be entered into the pump
- If hacked, would report a false glucose level to the pump. The pump NEVER acts on it's own, it only informs you of what the level is, so no danger. Also, for any treatment you are supposed to double check the level with a finger-poke as below.
- Also, if a level is reported that is out-of-pattern with the rest of values that the pump has been receiving, the pump assumes that the sensor is out of calibration or failing, and has you re-calibrate the sensor with a finger-poke.

2.) Meter (regular old finger-pokes) sends current glucose to monitor
- Requires meter serial to be entered into the pump.
- If hacked, the meter and the pump would show different numbers, making the manipulation obvious. Also, if someone randomly started sending values to my pump, I would know due to the fact that I wasn't currently checking my glucose.

3.) Remote sends instructions to deliver insulin
- Requires remote serial to be entered into pump
- Pump still vibrates/beeps to confirm delivery and dosage. Not exactly discrete.
- I'm not sure what other safeguards this has. I don't use it. I do know that if you don't have any serial numbers entered, it turns this feature off.

4.) USB Device gathers reports/programs pump
- Requires pump serial to be entered into computer.
- The 'USB Device' mentioned in the article is almost certainly a Carelink USB Upload device, used to upload data from the pump to a computer for gathering reports on glucose trends, patterns, other ways to fine-tune your treatment.
- I do know that these CAN be used to upload new settings to the pump, as I've seen them do it at my doctor's office.
- User software doesn't feature upload capability, so hackers would need to steal a copy of the 'pro' software from a doctor's office (additional security through obscurity?)

Of the four, the last two are the only ones that could alter insulin delivery, and the last one is the only one that would do it without notifying the user. You would have to develop a profile that had a high basal rate (background, continuous insulin delivery). Again, you would still need to get the serial number off the pump to initiate the upload.

Re:Pump User Here: (1)

X0563511 (793323) | more than 2 years ago | (#36997926)

You're assuming that the hacks wouldn't involve simulating the source of the signal. They don't actually have to obtain the professional software, they just have to figure out the protocol. This needs be done once.

Re:Pump User Here: (1)

DramaGeek (806258) | more than 2 years ago | (#36998066)

What else would a hack simulate but the signal source? In my first two instances, bad data is introduced, but there is no danger to the patient. In the third, bad instructions may be sent, but they are echoed by the pump before starting. In the fourth, you not only have to have a valid serial to simulate, but you have to address it directly to another serial.
Did you read the article? The would-be hacker HAS the serials of his own devices, and still hasn't figured out how to hack them.

Re:Pump User Here: (0)

Anonymous Coward | more than 2 years ago | (#36999034)

God i began reading this and I could barely skim through the rest of the post because of the pain caused by the stupidity.

A pump microprocessor has two ways to do anything. It can assign tasks to secondary circuits or it can do it all itself.

As an example consider a pump that determines it needs to inject. The use case: Beep, have the user confirm by pushing a button, then inject.
The pump can do two things : it can send a signal to a secondary circuit, which then beeps, waits for the user to push the button then injects,
or it can beep, wait for tyhe button push then inject.

Guess which way is cheaper?

Any safeguard that is under control of the microprocessor can be subverted if the firmware is hacked, and even if one pump is safe y7ou can't say that about other pumps.

Now I'm a Type II who will be pumping sooner rather then later, and I will say that I'm not partyicularly fussed about pumps being hacked, but I don't want people to think there is no danger.

Re:Pump User Here: (1)

DramaGeek (806258) | more than 2 years ago | (#36999744)

The debate here isn't about hacked firmware. The firmware isn't updatable, just the settings, either through the wireless or otherwise. I'm sure they could probably flash it back at the factory, but there's no way for me or my doctor to do it.

Here's how it works (0)

Anonymous Coward | more than 2 years ago | (#36999926)

I have a Minimed Paradigm 722 and a Dexcom 7 continuous glucose sensor.
For the benefit of non-diabetics:
Insulin is measured in "units", with 100 units per mL. A unit is actually related to moles, not volume, and it is possible to have insulin concentrations other than 100U/mL, but I've never seen such a bottle. In practice it is used as a unit of volume.
Basal rate is the background rate of insulin delivery. It is adjustable hour-by-hour and is usually small (1U/hr for me). It is a 24-hour repeating pattern.
A bolus is a single large delivery of insulin, normally in response to food (before you eat, if possible) or high blood sugar.
Insulin does not start working immediately. The "fast acting" insulin used in pumps still takes at least 30 minutes to have any noticeable effect. For me (this probably depends on body fat, etc.) insulin has the most effect between one and two hours after delivery. Changes to basal rates of course take the same amount of time, but are more subtle because the doses are much lower.
Turning off or DoS-ing a pump will not be lethal. Sensational news stories try to present it like this, because in theory with no insulin you would die, but what really happens is you notice your blood sugar is too high and take more insulin to fix it. If the pump doesn't work, you go back to needles. NPH insulin (long-acting, for overnight use) is available without a prescription (last I checked, which was a long time ago). Insulin syringes are available without a prescription, and I have a few packs on hand in case my pump fails. Pump manufacturers take failures seriously and will replace the pump quickly (Disetronic used to always send two, so you had a hot spare - I'm not sure if Accu-Check, who bought them, still does this).
High blood sugar is a lot less damaging, short term, than low blood sugar. It may cause muscle cramps, which are bad if you're driving, and it makes you pee a lot and generally feel bad, but you won't go unconscious until you've been very high for a long time and are on the edge of coma.
Too much insulin is a more plausible way for a pump-hack to cause trouble. Many people have trouble identifying lows, so in some circumstances you could cause unconsciousness. I would keep drinking sodas or fruit juice until the problem went away, but in some cases it may be possible for a very large bolus to knock me out before I knew what was happening. People who are old or normally have poor control may be the most vulnerable to a secret-bolus attack.

I would be very surprised if there is any crypto in the protocols. By default, the pump does not listen to any remotes, meters, or sensors.
Messing with data from a meter or sensor is basically useless. The pump never acts on its own, but it will use a recent meter (not sensor) reading to calculate a bolus if the user requests it.
To add a remote, meter, or sensor, you have to enter the serial number of the remote on the pump itself. It may be possible to do this through the RF programming protocol.
The programming software always leaves the pump in suspend mode, which delivers no insulin and vibrates every few minutes. In fact, the pump doesn't do anything without vibrating or, if the battery is low, beeping. Some operations can't be done during others: if a new meter reading shows up during a bolus, it will be reported after the bolus is finished.

Sending a fake meter reading can only cause trouble if it happens immediately after a real meter reading but before the user commands a bolus. The user would still have to not notice the new, incorrect reading, and would have to approve the incorrect bolus.
Sending a fake sensor reading is just annoying. The Minimed sensor produces questionable results often enough that the user would either ignore it or recalibrate. The sensor sends a new reading every minute and the graph is updated every five minutes. A single bad reading means nothing, and no one should be taking insulin based on only a sensor reading.

If you could make the pump unusable by exploiting some error in the RF handling (keeping it busy or crashing it repeatedly), you could force the user to fall back to needles. Unless you can brick the pump remotely, this would require that you follow the user around with a transmitter...

It sounds like this guy isn't really trying. Minimed provides programming cables and a web site with Java applets that speak the protocol. There is an old serial programming interface (FCC ID OH27304) and a new USB one (OH27305).
The RF device used in the pump and at least the old BD Logic meter is the RFM TR1000:
http://www.rfm.com/products/data/tr1000.pdf
The newer USB Carelink interface uses the TI CC1100. See the FCC filings.

Signal strength is a problem here. These devices are not intended to work over long ranges, so a long-range hack which needs two-way communication with the pump will be fairly hard to pull off without an obtrusive antenna.

I think that the real lesson here is that, while there does need to be protocol-level security, the people writing articles about this (including those doing the research) need to be realistic about the effects and the scope of the attacks. It doesn't help your cause when everyone who could be affected by the attack is downplaying the research because it gets overhyped as a "lethal hack".

WiFi Medical Gear (1)

neowolf (173735) | more than 2 years ago | (#37000606)

I spent a LOT of time in various hospitals and long-term care facilities over the last year (friend with cancer), and found that most now rely heavily on WiFi enabled IV/Medication pumps and monitors. Almost every piece of equipment I looked at had a WiFi indicator light on it (some even actually said "WiFi"). There were also several secure WiFi networks operating within each facility, including- thankfully- free public Internet access. Depending on what can actually be done with them remotely- I found this a bit alarming though. If someone can hack an insulin pump, they will probably have the "keys" to other equipment, at least by the same manufacturer. This really opens the door to something like murder-by-WiFi.

Confusing Priorities (1)

izomiac (815208) | more than 2 years ago | (#37007304)

One should strive to create the most efficient and secure code possible for intrinsic reasons, and insulin pump control software is no exception. That said, there are far easier ways to kill a man from half a mile away. Our brains' defenses are wholly inadequate to contend with a bullet fired from a sniper rifle. This isn't a bug, it's recognizing that we live in a dangerous world. Yes, we should secure medical devices against unintentional interference, but securing them against malice is like developing body armor to specifically defend against weaponized Rube Goldberg machines. The chance of encountering a Bond villain that kills in such a convoluted way is quite remote. Also, ego aside (crux of the issue IMHO), none of us are James Bond and our enemies are unlikely to care enough to go to that amount of trouble.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...