Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McAfee Claims Successful Insulin Pump Attack

Soulskill posted more than 2 years ago | from the as-if-we-needed-more-biological-vulnerabilities dept.

Medicine 196

judgecorp writes "Intel security subsidiary McAfee has claimed a successful wireless attack on insulin pumps that diabetics rely on to control blood sugar. While previous attempts to attack insulin pumps have met with mixed success, McAfee's Barnaby Jack says he has persuaded an insulin pump to deliver 45 days worth of insulin in one go, without triggering the pump's vibrating alert safety feature. All security experts still say that surgical implants are a benefit overall."

cancel ×

196 comments

internet (0)

Anonymous Coward | more than 2 years ago | (#39637481)

Some thing just don't have any business being connected to the internet.

Re:internet (1)

Sez Zero (586611) | more than 2 years ago | (#39637503)

It isn't connected.

Re:internet (2)

ColdWetDog (752185) | more than 2 years ago | (#39637615)

It isn't connected.

But it could be (then you would patent it, I suppose.)

While this is interesting and all and potentially could be used at a high value directed target, as a general problem it's pretty limited. There aren't many insulin pumps out there, there are several manufacturers and I would imagine the exploit is device specific.

I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.

Re:internet (4, Interesting)

Samantha Wright (1324923) | more than 2 years ago | (#39637797)

Who needs a high-value target when you could hold any diabetic hostage for ransom? All it takes is a vulnerable wireless router with a sufficiently flexible transmitter, and the ability to scan for a nearby victim. Barring the implacable reality of device incompatibility, this is scary stuff.

Re:internet (2)

Reverand Dave (1959652) | more than 2 years ago | (#39637901)

I completely agree, if this gets in the wild what would stop some sociopathic miscreant from sitting outside of a wal-mart or whatever and randomly assassinating people using their insulin pumps. I don't think profit has to be a factor in the equation when the human animal is involved and a persons death is the end result.

Re:internet (0)

Anonymous Coward | more than 2 years ago | (#39639323)

The same thing that stops people from waiting outside walmart to randomly murder people otherwise I would imagine.

Re:internet (1)

Greyfox (87712) | more than 2 years ago | (#39638719)

It's kind of problematic if you want to hold a random arbitrary person hostage, though. First you'd have to give them diabetes. So maybe buy them a big gulp or something. And maybe an Xbox to keep them from exercising. It'd have to be a kinect-free Xbox. And a comfy chair. Then wait while they get an insulin pump installed. Seems like there are easier ways to hold people hostage...

Re:internet (2)

lgw (121541) | more than 2 years ago | (#39638799)

All it takes is a vulnerable wireless router with a sufficiently flexible transmitter, and the ability to scan for a nearby victim.

Or, you know, a gun. And anyone nearby for a victim.

Re:internet (1)

Darinbob (1142669) | more than 2 years ago | (#39638269)

Because wireless is cool! Being wired is just so 5 years ago.

Re:internet (1)

zlives (2009072) | more than 2 years ago | (#39638511)

"Because wireless is cool! Being wired is just so 2000 late."
FTFY

Re:internet (2, Informative)

Anonymous Coward | more than 2 years ago | (#39637633)

Indeed. Lots of technology benefits from wireless access but does not have adequate security, if any.

http://www.ted.com/talks/lang/en/avi_rubin_all_your_devices_can_be_hacked.html

Re:internet (1)

SomePgmr (2021234) | more than 2 years ago | (#39637585)

These are implant devices that respond to radio for diagnostic info, updates, etc. Much like a pacemaker.

McAfee for insulin pumps next (3, Funny)

the eric conspiracy (20178) | more than 2 years ago | (#39637511)

There is always that conspiracy theory that many if not most viruses are written by anti-virus software vendors.

After all we didn't have many viruses until these things appeared on the market.

I'm not one to believe this sort of conspiracy theory, but McAfee isn't doing themselves any favors by publicizing this.

Re:McAfee for insulin pumps next (5, Funny)

ColdWetDog (752185) | more than 2 years ago | (#39637571)

I'm not one to believe this sort of conspiracy theory

Says 'the eric conspiracy'.

Sometimes it is best to post as AC.

Re:McAfee for insulin pumps next (0)

the eric conspiracy (20178) | more than 2 years ago | (#39637653)

What part of this sort did you not understand?

Re:McAfee for insulin pumps next (3, Informative)

ColdWetDog (752185) | more than 2 years ago | (#39637775)

It's a funny. Laugh.

Re:McAfee for insulin pumps next (0)

Anonymous Coward | more than 2 years ago | (#39639253)

Eric is part of the conspiracy shh he's trying to get our names. Trustno1

Re:McAfee for insulin pumps next (1)

matrim99 (123693) | more than 2 years ago | (#39638407)

Relax, it's all part of the conspiracy.

Re:McAfee for insulin pumps next (0)

Anonymous Coward | more than 2 years ago | (#39637737)

...As opposed to The Dave Conspiracy [wikipedia.org] ?

Re:McAfee for insulin pumps next (1)

mrnobo1024 (464702) | more than 2 years ago | (#39637641)

That could have been believable back in the DOS days, when most viruses seemed to have no real purpose besides amusement, but today the vast majority of malware is written for profit. Selling antivirus software would be counterproductive if you're making a lot more money from owning a botnet and the antivirus would eat into that.

Re:McAfee for insulin pumps next (1)

viperidaenz (2515578) | more than 2 years ago | (#39637949)

Not really, you're just cornering both ends of the market. You make money off people buying your antivirus software, and those who don't you make money from them buy using them to run your botnet.

Re:McAfee for insulin pumps next (0)

Anonymous Coward | more than 2 years ago | (#39637693)

There is always that conspiracy theory that many if not most viruses are written by anti-virus software vendors.

After all we didn't have many viruses until these things appeared on the market.

I'm not one to believe this sort of conspiracy theory, but McAfee isn't doing themselves any favors by publicizing this.

Intel currently owns McAfee (http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/28/intel-completes-acquisition-of-mcafee). Intel also owns the VxWorks RTOS (http://www.windriver.com/news/press/pr.html?ID=7081). VxWorks is currently used on medical devices such as insulin pumps. This is more likely than you want to admit.

Re:McAfee for insulin pumps next (3, Funny)

ninjackn (1424235) | more than 2 years ago | (#39637739)

Gives new meaning to Intel Inside.

Murder by computer virus? (1, Interesting)

quangdog (1002624) | more than 2 years ago | (#39637583)

Usual run-of-the-mill computer viruses and exploits don't usually harm one's health in the say that this has the potential to do. I mean, seriously - a virus could infect your insulin pump and kill you??

I know it's naïve to even ask, but would this be used in the wild? What special sort of sicko would do this for kicks?

Re:Murder by computer virus? (1)

LordNimon (85072) | more than 2 years ago | (#39637601)

What special sort of sicko would do this for kicks?

Seriously? You have to ask?

Re:Murder by computer virus? (4, Funny)

Anonymous Coward | more than 2 years ago | (#39637669)

What special sort of sicko would do this for kicks?

Seriously? You have to ask?

Not for kicks, but lulz.

Re:Murder by computer virus? (2)

distilate (1037896) | more than 2 years ago | (#39637783)

What special sort of sicko would do this for kicks?

Seriously? You have to ask?

one who would walk into a school or university and start shooting random people.

unfortunatly these people exsist :-(

Re:Murder by computer virus? (4, Interesting)

Nidi62 (1525137) | more than 2 years ago | (#39637715)

I know it's naïve to even ask, but would this be used in the wild? What special sort of sicko would do this for kicks?

The Darzhavna Sigurnost (Bulgarian Secret Police) and the KGB killed Georgi Markov on a bridge in London by stabbing him in the back with an umbrella that fired a ricin filled pellet. The ability to assassinate someone by infecting their insulin pump would be a goldmine.

Re:Murder by computer virus? (1)

Guy Harris (3803) | more than 2 years ago | (#39637853)

The Darzhavna Sigurnost (Bulgarian Secret Police) and the KGB killed Georgi Markov on a bridge in London by stabbing him in the back with an umbrella that fired a ricin filled pellet. The ability to assassinate someone by infecting their insulin pump would be a goldmine.

...if your target happens to be a diabetic with an implanted insulin pump. Otherwise, it's just a pyrite mine. A poison will get you whether you happen to have an insulin pump or not.

Re:Murder by computer virus? (2)

Pentium100 (1240090) | more than 2 years ago | (#39637947)

Yes, but poison requires access. You have to be close enough to put it in the target's food or drink, or inject the target with the poison. Shooting the target leaves evidence - the bullet etc. However, this is a wireless attack, with a good antenna it probably can be done from quite far away and would leave no evidence.

Re:Murder by computer virus? (1)

Nidi62 (1525137) | more than 2 years ago | (#39637963)

I was using that as an example of how intelligence agencies love unconventional methods of eliminating targets. Now, granted, this kind of thing doesn't really happen too often, but it's always nice to have one more tool in the bag if you need it.

Re:Murder by computer virus? (1)

Sir_Sri (199544) | more than 2 years ago | (#39638613)

It's things like this that make me wonder if maybe dick cheney's new heart, which is uncommon for a 70 year old to get, might have been in part a security issue with the device he did have (not necessarily a problem like the one described in TFA).

Re:Murder by computer virus? (0)

Anonymous Coward | more than 2 years ago | (#39638973)

It's things like this that make me wonder if maybe dick cheney's new heart,

Whaddaya mean, new heart? ;-)

Re:Murder by computer virus? (1)

couchslug (175151) | more than 2 years ago | (#39637843)

Needn't be "kicks", and could be for profit.

Re:Murder by computer virus? (1)

AHuxley (892839) | more than 2 years ago | (#39637975)

The family and/or leadership of 'bad' country. The boss of a 'bad' company. The boss of a 'bad' area exporting drugs/weapons without state support.
The top science person of a "bad" research centre.. That lone wolf blogger who "was" somebody/got a real story....
You really think all the interest in home wireless is just to watch your web cam, track your power needs and log your mail/web 2.0 use?
http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/ [wired.com]

Re:Murder by computer virus? (1)

Meeni (1815694) | more than 2 years ago | (#39638075)

Or a lunatic could cough at you with the flu and kill you. Stop the paranoia.

Re:Murder by computer virus? (1)

nurb432 (527695) | more than 2 years ago | (#39638475)

It wouldn't really be a virus.But instead a direct attack.

Stuxnet could cause death too, with poorly designed lockouts ( for example ). Just have a robot wait a few moments after the lock is engaged then swing wildly.. trying to catch a person in the cage with it.

National security agents (0)

Anonymous Coward | more than 2 years ago | (#39638689)

CIA, Mossad, FSB, etc.

Re:Murder by computer virus? (0)

Anonymous Coward | more than 2 years ago | (#39638947)

Any three letter intelligence agency with or without oversight in any nation.

Next question?

And no, this isn't wild ass speculation and conspiracy theory. Assassination is a dirty little public secret in modern politics. A public secret in american ones--now called "targeted killing".

The notion of making something look like a heart attack or equipment malfunction is well within standard operational parameters.

Wow (0)

Anonymous Coward | more than 2 years ago | (#39637607)

"All security experts still say that surgical implants are a benefit overall"

For those who aren't familiar with insulin, and can't be bothered to read the article, a dose of 45days will kill you.

This is effectively a wireless security breach that will kill a person.

I'm a diabetic and the risk of this happening terrifies me. I don't need the pump, so won't be going on it any time soon, hopefully this kind of crap (yes, it is crap, we know that secure networks can be designed and implemented) is ironed out and eliminated as soon as possible.

Re:Wow (4, Insightful)

zAPPzAPP (1207370) | more than 2 years ago | (#39637723)

So what?
If someone throws a rock into your windshield, you die. We still drive cars.
Hell, if someone sticks a knife into you, you die. Everyone uses knives.

If someone wants you dead, there are a miriad ways to do it. The problem is not with those attack vectors, but with the fact, that someone is after your life.
This is not a 'security breach', is is murder. And it takes a murderer to do it.

This is just another case of 'same old, but now on the intertubes/with a computer!!'.

Re:Wow (2)

ChrisGoodwin (24375) | more than 2 years ago | (#39637889)

True, but most people don't come with "instant wireless death button" enabled.

And it takes a murderer to do it.

No, in this case it takes a script kiddie.

Re:Wow (1)

lgw (121541) | more than 2 years ago | (#39638909)

True, but most people don't come with "instant wireless death button" enabled.

Pretty sure a bullet counts as wireless, unless someone's mugging you with a TOW missile. Not to say this shouldn't be secure on general principles, but the limiting factor on killing someone will always be the will to do so.

Re:Wow (2)

CelticWhisper (601755) | more than 2 years ago | (#39637923)

I think the fear of this comes not from the fact that it's possible, but the fact that it seems much more difficult to investigate, and thus more appealing to a would-be killer, than other forms of murder. Harder to investigate translates to less likelihood of getting caught, which in turn translates into less apprehension about committing the crime.

Re:Wow (5, Interesting)

dgatwood (11270) | more than 2 years ago | (#39638457)

Try essentially impossible to investigate. How many people do you walk within twenty feet of in any given week? Any given year? Now imagine that any one of those people might have been the person who injected code that waits a predetermined period of time, does something bad, and then erases the location where the time delay is stored so that the original value cannot be recovered after the fact.... Or worse, overwrites the time delay with a value that implicates someone else.

Re:Wow (4, Insightful)

Reverand Dave (1959652) | more than 2 years ago | (#39637973)

Yeah but a lot of the time people don't kill other people because of the evidence trail, or just sheer inconvenience of it. If it was as easy as hitting a "run" button on your smartphone, people might not be so hesitant. The fear of being caught keeps a lot of people honest and if people didn't have that fear, how honest would people really be in today's society? I doubt that i'd have the restraint at, say, a westboro protest or a teaparty rally.

Re:Wow (1)

Pentium100 (1240090) | more than 2 years ago | (#39638087)

If someone sticks a knife into me, I die, but he leaves evidence, maybe someone sees him. Throwing a rock into my windshield (when I'm driving) is quite difficult. Also, the murderer needs to be stronger than me, or I could fight him off or run away.

Shooting me with a pistol is loud and someone will most likely hear the gunshot, maybe see the killer running away with the gun or throwing the gun away. Also, a gun is quite difficult to get (in my country), I assume the murderer won't want a legal gun that can be traced back to him, but even to buy a gun legally you need to pass various checks.
Shooting me with a sniper rifle is difficult because it is difficult to actually obtain a sniper rifle and it requires skills to shoot accurately over long distances.

On the other hand, pointing a high gain antenna and running a pre-made script is easy and does not leave any evidence. Or just walking past me with a transmitter in pocket programmed to transmit the required codes.

Re:Wow (1)

Anonymous Coward | more than 2 years ago | (#39637919)

An insulin pump reservoir holds nowhere near 45 days worth of insulin, it isn't even safe to keep insulin out at room temperature (much less worn close to your body temperature) for anywhere near that long.

On the extremely unlikely chance that someone decided to murder you with your insulin pump, I'd suspect well over 99% of "murder victims" would survive. You can feel that much insulin going in, and you can definitely pick up it's effects on a blood glucose meter (or in the symptoms of hypoglycemia coming on, if you experience them, which even people with hypoglycemic unawareness likely would at this high a dose.)

If at any point in time before the hour minimum for that dose of insulin to become dangerous you notice that a huge pocket of insulin was just injected in your body (or you happen to listen and hear your pump injecting that huge dose, which takes time, or you saw/felt it in the pump and tubing itself), or you test your blood glucose and realize it's going unexpectedly down, or you start to feel weird, and you just go and eat or drink something sweet, this is a very survivable overdose.

Getting a full reservoir full of insulin at once would suck, and it's legitimate to be concerned about how well manufacturers are protecting these devices from outside attack. But this is not likely to be an effective means of killing anyone, and it's not a rational reason to fear getting an insulin pump. The effects of not having the improved glucose and a1c control an insulin pump offers (if you need insulin therapy) are extraordinarily more likely to kill you.

Re:Wow (0)

Anonymous Coward | more than 2 years ago | (#39638823)

To be extra-clear, upon consuming the juice you would need to go to the hospital. I should have said that when I originally posted, but I wanted to make it clear that people can and do survive doses 200 units and well above when they get glucose in their body quickly and seek help.

Re:Wow (1)

Anonymous Coward | more than 2 years ago | (#39638825)

Mine holds about 3 days supply and my body processes a bolus in about 2 hrs so I would have 2 hours from to notice the issue, be coherent enough to find ~1.8 kg of relatively fast-acting carbs to ingest and then get those carbs down in two hours. I have quite good hypoglycemic awareness but I'm not 100% perfect and onset rates are not always consistent.

I think the issue is overblown but not for the reasons you mention. My pump has a hard-coded bolus limit (20 units per bolus) that I'm guessing they couldn't override wirelessly (the wireless function is purely for administering bolus doses on my pump). I would at least have chance to hear one or two bolus beeps before it got through the full reservoir. I've also turned the wireless receiver of the pump off since I don't use a compatible glucometer.

The pump tested here is not available to the public (implantable insulin pumps are only for research at this point) so they are hacking a device that only people in trials would be using...equipment that is not fully featured and/or ready for market.

Two answer a different question I've seen posed in other posts: Some of the currently available pump models can team up with a glucometer so that the user can administer a does wirelessly. This is handy if your pump is packed away somewhere that is hard to get to (eg. a bride wearing a wedding dress).

Re:Wow (0)

Anonymous Coward | more than 2 years ago | (#39639009)

The pump mentioned here has a 300 unit cartridge, which leads me to believe that it is being erroneously referred to as an "implant" as external insulin pumps often are, and is not the extraordinarily uncommon implantable insulin pump.

Also, as I clarified in a followup comment, that person should consume glucose and seek medical care. I didn't mean they should lounge around at home with some orange juice and should have been more clear.

That's assuming, as you said, the limitations of how much your pump can bolus at a time are over-ridden and you actually got 200 units without noticing, not got 20 or 40 in and went "hey, something's really wrong" and disconnected it.

Re:Wow (1)

Anonymous Coward | more than 2 years ago | (#39638905)

Room temperature insulin is good for 28-30 days (source: Wisconsin department of Health Services [wisconsin.gov] ).

The unit in question had a 300 unit reservior. Even assuming an abnormally low usage of 10 units per day that is only 30 days, and 25 or more units is very common. The 45 days number is pure garbage.

Next up (3, Funny)

Hentes (2461350) | more than 2 years ago | (#39637655)

McAfee releases an antivirus product for insulin pumps.

Re:Next up (3, Funny)

Anonymous Coward | more than 2 years ago | (#39637685)

Insulin pump performance degraded, people die from not getting injections.

Re:Last year (2)

InvisiBill (706958) | more than 2 years ago | (#39637825)

Not next, previously. FTFA:

McAfee has previously announced products to secure embedded devices [techweekeurope.co.uk] , which could include implants.

wow, McAfee has fallen to new lows! (0)

Nyder (754090) | more than 2 years ago | (#39637659)

So,not only being one of the most crappiest AV Vendors around, they now are branching out to making viruses?

I never trusted you before and I sure as fuck do NOT trust you now.

Re:wow, McAfee has fallen to new lows! (3, Insightful)

Zorque (894011) | more than 2 years ago | (#39637697)

You've really never heard of security companies coming up with exploits first so they know how to solve them in case somebody else has the same idea?

Re:wow, McAfee has fallen to new lows! (0)

mutherhacker (638199) | more than 2 years ago | (#39638399)

You've never heard of a company doing something evil to boost sales?

Re:wow, McAfee has fallen to new lows! (1)

mrnobo1024 (464702) | more than 2 years ago | (#39637747)

Finding a security vulnerability is not "making viruses". Would you prefer that this be first discovered by someone who's not so nice as to disclose their findings, so that insulin pumps just start mysteriously "malfunctioning" and killing patients?

Regardless of what you may think of the quality of McAfee's software, they're not being anything besides white-hat here.

Re:wow, McAfee has fallen to new lows! (1)

ChrisGoodwin (24375) | more than 2 years ago | (#39637897)

It's called proof of concept.

Ethics of publicizing this? (0)

Anonymous Coward | more than 2 years ago | (#39637681)

It's one thing to publicize an exploit of Firefox or IE that could cause the user's PC to become enlisted in a botnet, but another to show how a twisted mind could kill someone in a most painful fashion and avoid detection while doing so.

Re:Ethics of publicizing this? (1)

viperidaenz (2515578) | more than 2 years ago | (#39638019)

Apparently its not that painful. With extremely low blood sugar you get colds sweats followed by a coma, then death.

Easier than that. (1)

PRMan (959735) | more than 2 years ago | (#39637683)

I can also just stab the old lady with a kitchen knife. But either way I'm probably going to jail for the rest of my life, which keeps me from doing it.

Re:Easier than that. (1)

jxander (2605655) | more than 2 years ago | (#39637847)

Knives can be fought back against, and if you do stab someone, there's fingerprints and other ways to figure out whodunnit.

If something like this becomes viable in the wild, there's virtually no way to fight back (aside from not being diabetic or not having a pump) and no way to trace it back to the source. Especially if said source is smart: pre-paid no-contract phone bought with cash and rigged up to send the "virus."

On the flip side, this would have to be a very specifically targeted attack. A very low percentage of the American populace is running around with an insulin pump, and even fewer still advertise it. One of the guys I work with has one, and at a glance it just looks like a pager/cell phone/other electronic device on his hip. This vulnerability isn't something that can just be easily exploited for the lulz

Re:Easier than that. (1)

Score Whore (32328) | more than 2 years ago | (#39637997)

...there's virtually no way to fight back...

Eating a twinkie is too hard?

Re:Easier than that. (1)

mcl630 (1839996) | more than 2 years ago | (#39638101)

Receiving more than a months worth of insulin at once is going to take much more than a twinkie. Also the attack disables the vibration that indicates to the patient that he/she is receiving a dose.

Re:Easier than that. (1)

Pentium100 (1240090) | more than 2 years ago | (#39638147)

It depends on whether you have to adapt the "virus" to the specific device or not. If not (or you can write a script to do that for you automatically), then someone may just walk with a transmitter programmed to send the virus in a busy street or some concert and see how many people die. After all, there are serial killers who do it for the fun of killing, not the money or something else.

Re:Easier than that. (1)

zAPPzAPP (1207370) | more than 2 years ago | (#39637851)

Or, you know... conscience.

Re:Easier than that. (1)

mcl630 (1839996) | more than 2 years ago | (#39638125)

+1... fear of jail time isn't the only reason not to do something you know to be wrong/immoral.

Re:Easier than that. (1)

sjames (1099) | more than 2 years ago | (#39638581)

That's just the thing though, with this exploit, you could kill that old lady at a distance in a way that looks like an equipment malfunction and leaves no evidence that you were ever there. It's a much smaller pool of potential victims and a smaller pool of potential perpetrators, but a much lower risk crime.

All in all, I think people with an insulin pump would rather not have the vulnerability.

The Matrix (1)

Gothmolly (148874) | more than 2 years ago | (#39637711)

The Matrix giveth, and the Matrix taketh away.

All security experts.. (1)

laurent420 (711504) | more than 2 years ago | (#39637717)

"All security experts still say that surgical implants are a benefit overall." I'm impressed they managed to ask *all* the security experts of the world for their opinion.

Re:All security experts.. (1)

edelbrp (62429) | more than 2 years ago | (#39637735)

And for a medical opinion, at that! ;')

Re:All security experts.. (1)

ColdWetDog (752185) | more than 2 years ago | (#39637793)

Well, they could ask four out of five doctors.

Re:All security experts.. (1)

sconeu (64226) | more than 2 years ago | (#39638061)

I always wondered why that fifth dentist didn't like sugarless gum...

Re:All security experts.. (1)

BronsCon (927697) | more than 2 years ago | (#39638555)

He's an oncologist.

Re:All security experts.. (1)

BronsCon (927697) | more than 2 years ago | (#39638571)

Shit. You said Dentist, not Doctor.

Glaring errors in the techweek article. (4, Informative)

Anonymous Coward | more than 2 years ago | (#39637727)

An insulin pump is NOT implanted inside the user's body, and it is NOT a medical implant. A small, disposable cannula attached to the pump via plastic tubing is inserted by the user under the skin just a few mm, and is exchanged by the user every few days. There is no permanently inserted component to an insulin pump.

Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth! Someone who is not insulin resistant using a 200 unit model would get 6, 7 days out of it tops. People who use the bigger ones because they are very insulin resistant might use 300 units in just a couple of days.

The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."

This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains. Some people require a very large amount of insulin for very small amounts of carbs, some people require barely any insulin for a large amount. Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."

While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full. But that's all assuming we're taking someone who has clearly made several mistakes in their reasoning for their word when they say they can access these devices.

If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump. It would involve the manufacturer mailing you a replacement and you switching it out.

Re:Glaring errors in the techweek article. (0)

Anonymous Coward | more than 2 years ago | (#39637893)

The reference to batteries was when talking about Heart Defibrillators. Following your logic, given your glaring mistake perhaps we should ignore the rest of your comments.

Re:Glaring errors in the techweek article. (0)

Anonymous Coward | more than 2 years ago | (#39637969)

Fair enough, I misread. The rest of my comments stand.

Re:Glaring errors in the techweek article. (5, Informative)

Guy Harris (3803) | more than 2 years ago | (#39638053)

An insulin pump is NOT implanted inside the user's body

Except when it is [diabeteshealth.com] , although you might have to live in Europe to get it [diabeteshealth.com] .

Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth!

In an implanted pump, it probably would be a larger supply.

The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."

This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains.

I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.

Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."

Again, a simplification, but I'm not sure it's a severe oversimplification in an article written for a general audience; it doesn't invalidate the point of the article.

While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full.

Well, for an implanted pump, it could be a lot more than 300 units; how fast it takes action is another matter, so maybe spending a while with your local store's entire supply of orange juice might be sufficient.

If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump.

Again, not for an implanted pump.

Re:Glaring errors in the techweek article. (0)

Anonymous Coward | more than 2 years ago | (#39638153)

That type of pump seems to be extraordinarily rare. The article says the author attacked a pump with a 300 unit reservoir, which is an external pump, the kind employed by everyone but those few patients.

Re:Glaring errors in the techweek article. (1)

DramaGeek (806258) | more than 2 years ago | (#39638489)

Insulin only lasts a week or so unrefrigerated, and that's at room temperature. I'd imagine it would be significantly less when warmed to internal body temp. Either way, nowhere near 45 days.
Also (because of the point above), the only reason to carry more insulin would be due to insulin resistance in the user. Meaning that the so-called "deadly" dose would have even less effect.

Re:Glaring errors in the techweek article. (1)

slash.dt (701002) | more than 2 years ago | (#39638615)

yes there is such a beast as an implanted pump, but in practice, the things are very, very rare and you are unlikely to meet any diabetic who is even aware that the device exists, let along find someone who has one.

The version that is out there is 20 years old and is basically being maintained, there isn't new models coming out all the time. Common approaches to security 20 years ago is not the same as we would view them now.

Yes, it is something that should be addressed in future models (if they ever appear) but the GP points about pumps are much more relevant when there are thousands more external pumps than there are implantable ones.

Re:Glaring errors in the techweek article. (1)

Kid Zero (4866) | more than 2 years ago | (#39638835)

I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.

A 16oz Filet Mignon has zero carbs. 1/8 of a chocolate cake (with icing) would be 35 carbs. Think Carb = Sugar, and you're right.

Re:Glaring errors in the techweek article. (1)

Guy Harris (3803) | more than 2 years ago | (#39639025)

I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.

A 16oz Filet Mignon has zero carbs.

...which is why I mentioned it - it's arguably a heavy meal, but no bolus would be needed.

1/8 of a chocolate cake (with icing) would be 35 carbs. Think Carb = Sugar, and you're right.

As long as "Sugar" doesn't mean only "actual sucrose or glucose or fructose or... in the dish"; a nice big plate of rice would not have much of those simple sugars, but it'd have a pile-o-carbohydrates (about 51 g/cup of cooked white rice, and 45 g/cup of cooked brown rice, if I remember correctly).

Re:Glaring errors in the techweek article. (0)

Anonymous Coward | more than 2 years ago | (#39638369)

I seriously doubt that ANY diabetic could push enough glucose into their body after a 200-300 unit Bolus, unless they were already on an IV or had a port they could push IV glucose into.

When the blood glucose drops too fast or too low, you have a seizure. This is the body's way of quickly extracting glucose from your muscles. You dump a bunch of adrenaline into the blood stream too. Your brain also reboots during a seizure, so you are incapacitated for a solid 30-60 minutes, and that is IF you have help immediately nearby.

The bottom line is that a 200-300 unit bolus is very likely to either a) kill you b) leave you severly incapacitated c) in a clinical setting, survive

Re:Glaring errors in the techweek article. (0)

Anonymous Coward | more than 2 years ago | (#39638539)

You're not going to have a seizure after ten minutes. It takes time for an injected dose of insulin to tank your glucose, during which you'd have enough time to get sweet stuff and seek medical care. Or the person could notice their insulin pump giving them a huge unscheduled bolus, and disconnect it, preventing themselves from receiving the full dose.

Many people have survived many insulin overdoses way larger than 200-300 units. Especially since it can form a "pocket" that doesn't absorb quickly or properly, many/most people should be able to survive that kind of overdose, even if the cartridge is full AND the entire dose is dispensed without them noticing.

Lets say someone needs 1600 grams of carbs to cover a 200 unit accidental bolus. If you chugged a bottle of orange juice or soda on your to the hospital, there isn't a likely situation where that kind of overdose would kill you, especially if you had glucagon with you as a backup plan. To say nothing of people who are super insulin resistant and might barely feel a dent in their glucose levels with a 200 unit bolus, as they're already taking big doses daily.

Yes, it's dangerous to take that kind of dose and nobody should be going around fucking with people's insulin pumps. But at some point the user themselves would need to fail to take basic care of themselves for this to become fatal. Most diabetics will accidentally give themselves big overdoses at least once or twice, and most of them survive just fine because they react appropriately once they realize what's happened.

Re:Glaring errors in the techweek article. (0)

Anonymous Coward | more than 2 years ago | (#39638395)

An insulin pump is NOT implanted inside the user's body, and it is NOT a medical implant. A small, disposable cannula attached to the pump via plastic tubing is inserted by the user under the skin just a few mm, and is exchanged by the user every few days. There is no permanently inserted component to an insulin pump.

Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth! Someone who is not insulin resistant using a 200 unit model would get 6, 7 days out of it tops. People who use the bigger ones because they are very insulin resistant might use 300 units in just a couple of days.

The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."

This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains. Some people require a very large amount of insulin for very small amounts of carbs, some people require barely any insulin for a large amount. Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."

While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full. But that's all assuming we're taking someone who has clearly made several mistakes in their reasoning for their word when they say they can access these devices.

If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump. It would involve the manufacturer mailing you a replacement and you switching it out.

You are mistaken, I am a diabetic and even a moderate dose in insulin would trigger a hypoglycemic attack which would be fatal in 30 minutes. if an entire cartridge was emptied into my body, or even half a cartridge, I would doubt that I could ingest enough sugar to counteract the effects of the insulin and would most definitely enter a coma rapidly. With half a cartridge injected I doubt I would even survive even with rapid hospital treatment. Blood monitoring would be of no use and considering the pump is under clothing, even if I did notice it immediately I would struggle to disconnect it from my body before the fatal dose was delivered.

actually, implantable pumps exist (4, Informative)

Chirs (87576) | more than 2 years ago | (#39638415)

There are different kinds of pumps. The most common is the type you describe, but there are in fact implantable insulin pumps which get refilled via syringe, and this is the type described in the article:

"The pumps hold 300 units of insulin, enough for about 45 days, and are refilled by a syringe."

Re:actually, implantable pumps exist (0)

Anonymous Coward | more than 2 years ago | (#39638665)

300 units is not a 45 day dose. 300 units is typical of an external, non-implanted pump which represents virtually all pump users. The external cartridge is refilled with a syringe.

Re:Glaring errors in the techweek article. (1)

Berfert (831562) | more than 2 years ago | (#39639227)

While most of your comment is fairly accurate, the following is somewhat less so:

Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets

I've been a diabetic for ~25 years and currently take 8-20 units of short acting insulin with a meal (depending on what I eat), plus 50 units once/day of a 24 hour insulin that's taken separately. I once accidentally took 50 units of the short acting insulin and it was quite an adventure. While it's possible I could have handled it with orange juice and lots of testing, I decided it was worth a trip to the hospital for 4 hours waiting for the insulin to finish it's time in my system.

Taking 300 units of the short acting insulin (which kicks in in 10-20 minutes) would almost certainly be a life threatening situation, worthy of a quick trip to the hospital, plus drinking a lot of OJ to hold me over until I got there. While it's certainly survivable, there is also certainly a fair chance of death. Access to a sweet drink is not nearly enough to deal with that much of an overdose (at least, for me)

Caveat: The short acting insulin I take is one of the most powerful insulins (requiring a much lower dosage and acting significantly faster than most).

I don't get this at all (0)

Anonymous Coward | more than 2 years ago | (#39637757)

I can't imagine that this can be done very easily (at least with the insulin pump I have). The only wireless communications that it has is directly with a blood glucose meter to get readings from it... thats it. I also haven't seen any insulin pumps that use any standard wireless communication (it looks to be proprietary RF).

I still feel safer with this exploit running around than McAfee getting their software onto these devices...

Espionage/Assassination (0)

Anonymous Coward | more than 2 years ago | (#39637839)

With an aging population it seems terribly interesting that it could be possible to go after people wirelessly.
Doctor:"The deceased appears to have had a malfunctioned insulin pump, your honor."
Lawsuits out the yinyang, headlines, millions go to lawyers, but it was just a lone FBI agent who needed someone out of the way, or a smart outsider who wanted Dick Cheney to finally bite the bucket :)

Sleep tight, politicos of the world >:)

so.. (1)

uolamer (957159) | more than 2 years ago | (#39637873)

So McAfee is trying to find ways to kill my grandmaw?

What a shit design... (1)

Entropius (188861) | more than 2 years ago | (#39637977)

... it seems like if beaming a RF signal is all it takes to control the device, it's a terrible, terrible design.

If I were designing an implantable device that I wanted to be robust to attacks like this, I'd build in a two-stage security system. The first would be a piezoelectric element connected to an oscillator tuned to a particular frequency that acts as a switch for the radio receiver; only when exposed to a strong signal at the appropriate frequency will it even start *listening* for an RF signal. The advantage of this is that sound propagates quite strongly directly through tissue; it would be very difficult to trigger the receiver by just shouting at it, but fairly easy to just strike a tuning fork of the right frequency and place its base on top of the device, relying on the very strong mechanical coupling through the skin to amplify the transmission. If you want, make the frequency 440-A -- the goal here is not security through obscurity, but to require physical contact with the patient.

This turns on the RF receiver itself, which would then require authentication with some standard key-exchange method before agreeing to do whatever. The acoustic trigger is both there to serve as another "factor" for two-factor authentication and to guard against any sort of DoS attack by making the radio not even pay attention until some condition is met.

With that range, terrorists no longer need bombs (1)

American Patent Guy (653432) | more than 2 years ago | (#39638009)

"We can influence any pump within a 300ft [91m] range," Mr Jack told the BBC. "We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number."

So you're telling me that a bad actor could affix a computer with malicious software to a car, and drive it to the parking lot of a hospital that refills these insulin pumps, and kill lots of people?

And how would the police detect such a thing, let alone find who was responsible? A terrorist would be long gone before law enforcement had the first clue.

If I were the maker of one of these wireless medical devices, I'd be tempted to tell my users to wrap them in foil!

300 feet of wireless stupidity (2)

holophrastic (221104) | more than 2 years ago | (#39638433)

Who needs to update their heart from 300 feet away? One of the articles discusses encryption as a solution -- because the person is an idiot. My heart doesn't have any encryption. It has one very important security feature: it doesn't talk to devices 300 feet away.

It's very easy to screw with my organs, you come up to me and you hit them. It's really easy.

So who decided that an insulin pump needed full-range wireless connectivity? How about 3 inches. 3 inches would have been great. It's already refilled by a seringe. Ignoring, for the moment, that a seringe-like probe could have updated it without anything being wireless, a simple short-range induction or vibrational signal, or even IR -- actually, IR would have been fantastic because it would have been obscured by clothing, a security device that has resulted in every doctor everywhere asking patients to disrobe, and then leaving for another random amount of time.

but no, let's use a technology designed for long-distance communication. We talk to space telescopes and voyager probes this way, so it clearly makes sense that implanted devices be accessed this same way -- you know, in case voyager wants to screw with us.

45 days of insulin? What? (0)

Anonymous Coward | more than 2 years ago | (#39638607)

My pump only holds about 3 days of insulin, how did they come up with 300 units being a month and a half worth?

Thats nuts.

Baby and bathwater (0)

Anonymous Coward | more than 2 years ago | (#39639233)

[[All security experts still say that surgical implants are a benefit overall.]]

My house is a benefit overall. I still put a lock on the front door.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...