Insulin-Pump

Hacking Assistive Devices

Many of the assistive devices that we use in our day to day lives fall within the category of SCADA – Supervisory Control And Data Acquisition – devices.

To better understand the concept here, lets look at the situation where a person may be a diabetic. In order to help control their condition, they need to monitor their blood sugar levels, and inject insulin doses based upon their current blood sugar level.

Insulin-Pump
Insulin-Pump
In more severe cases, this monitoring and dosage administration process might be assigned to a very sophisticated set of devices, such as a blood glucose monitor that is attached to the patient’s body, along with an insulin pump, also attached to the patient’s body. These devices are permanently attached, and perform their functions every day of the week, 24 hours of every day.

The more advanced of these units communicate with each other using two way radio – basically like so many other devices around the home also do today. Consider your cordless phone, your mobile phone, and your laptop computer, for instance.

This method of communication – two way radio – is not going to go away any time soon. In fact, it’s going to become more and more prevalent, and we’re going to see it appear in many more devices as well.

It’s essential, therefore, that the manufacturers of these devices ensure that an adequate level of security is built into these systems, in order to ensure that the safety and well being of those people whose lives are dependent upon the proper and accurate functioning of these devices is not compromised.

A diabetic named Jay Ratcliffe presented a paper entitled Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System to a recent Black Hat Hackers conference.

Ratcliffe documented his attempts to hack into his own SCADA systems, in order to see whether it was theoretically possible to compromise his treatment regime. While he wasn’t able to fully succeed, the bottom line is that the levels of security employed within these devices was not as good as it could, or should, be.

So, if you’re looking to get medical devices that rely upon radio communications to monitor and control your health outcomes, do be sure to ask questions about the levels of security employed within the radio technology in use.

For your own health’s sake.