Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Lock him up!
10667 posts

Uber Geek

Lifetime subscriber

# 204574 7-Oct-2016 14:10
2 people support this post
Send private message

Forget car hacking. According to an article on The Register, American insulin pumps have no security at all and can be activated by unencrypted radio signals. The manufacturers insist no-one has ever been overdosed this way and the risk is minimal, but my question to any diabetics out there is would you feel comfortable depending on a device like this? I certainly wouldn't and while I am not diabetic, my dad was. Isn't this being just a leetle bit non-chalant with people's health and safety? (Apparently it costs more to make secure pumps.)

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


Create new topic
5385 posts

Uber Geek


  # 1647343 7-Oct-2016 15:03
Send private message

I know someone who has a pace-maker and defibrillator with a WiFi interface. 





Mike

4083 posts

Uber Geek


  # 1647348 7-Oct-2016 15:13
Send private message

MikeAqua:

 

I know someone who has a pace-maker and defibrillator with a WiFi interface. 

 

 

That plot device was used in Homeland in 2012...


 
 
 
 


3885 posts

Uber Geek

Subscriber

  # 1660749 30-Oct-2016 01:29

It's not only the risk of overdose. You could potentially also cause a denial of service attack. With the denial of service being no insulin injected even when the patient needs insulin. Could be easy as simply sending loads of random data over the radio interface. And either crashing the inbuilt software. Does the device have a watchdog timer? So if it crashes it will reset and boot up again by itself. Or by causing so many interrupt calls that the main code that manages insulin levels doesn't get to run. And then there are race conditions - Where if something happens at just the right time or order the software does unexpected things.

 

This is also ridiculous in that virtually every IC datasheet I have read says that the IC manufacturer doesn't warrant their devices for use in life support equipment. Or other applications where a failure would be expected to cause loss of life. (such as aerospace) And to contact the IC manufacturer if you are intending to use their products in a life support device. And often the ICs concerned would be simple logic or analogue ICs. So no software involved. So component manufacturers are taking life support systems reliability seriously.

 

 

 

I wonder if the approvals process for medical devices that use software. Have any kind of testing of the software beyond seeing if it produces the expected output? It should be a requirement that as part of testing and device certification. The testing body should be provided with copies of the source code. So if failures happen later they can be fully investigated. And as an incentive for better software testing.






622 posts

Ultimate Geek


  # 1660754 30-Oct-2016 02:30
Send private message

thats odd news.. was a kiwi hacker.. pacemaker insulin pump and atms spitting out cash

 

 

 

https://www.rt.com/usa/hacker-pacemaker-barnaby-jack-639/


622 posts

Ultimate Geek


  # 1660755 30-Oct-2016 02:34
Send private message

plus his death was suspicious at the time.. some claim he was over dosed not by his own hand

 

 

 

https://en.wikipedia.org/wiki/Barnaby_Jack


Mad Scientist
20903 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1660758 30-Oct-2016 07:06
Send private message

Aredwood:

 

It's not only the risk of overdose. You could potentially also cause a denial of service attack. With the denial of service being no insulin injected even when the patient needs insulin. Could be easy as simply sending loads of random data over the radio interface. And either crashing the inbuilt software. Does the device have a watchdog timer? So if it crashes it will reset and boot up again by itself. Or by causing so many interrupt calls that the main code that manages insulin levels doesn't get to run. And then there are race conditions - Where if something happens at just the right time or order the software does unexpected things.

 

This is also ridiculous in that virtually every IC datasheet I have read says that the IC manufacturer doesn't warrant their devices for use in life support equipment. Or other applications where a failure would be expected to cause loss of life. (such as aerospace) And to contact the IC manufacturer if you are intending to use their products in a life support device. And often the ICs concerned would be simple logic or analogue ICs. So no software involved. So component manufacturers are taking life support systems reliability seriously.

 

 

 

I wonder if the approvals process for medical devices that use software. Have any kind of testing of the software beyond seeing if it produces the expected output? It should be a requirement that as part of testing and device certification. The testing body should be provided with copies of the source code. So if failures happen later they can be fully investigated. And as an incentive for better software testing.

 

 

No insulin delivered is very safe. You have days-weeks to years if not decades to live (depending on specifics of condition - although those who can do years-decades are likely not to have a pump at this stage).

 

Too much insulin = instant d (minutes, but less than hour depending on how much OD).





Involuntary autocorrect in operation on mobile device. Apologies in advance.


809 posts

Ultimate Geek
Inactive user


  # 1666555 9-Nov-2016 14:27
Send private message

joker97:

 

 

 

No insulin delivered is very safe. You have days-weeks to years if not decades to live (depending on specifics of condition - although those who can do years-decades are likely not to have a pump at this stage).

 

Too much insulin = instant d (minutes, but less than hour depending on how much OD).

 

 

 Hardly.

 

If you are on insulin, not taking any is likely to kill you in a lot less than years, probably a lot less than months too.

 

My partner has low sugar issues (type 1 on insulin). It's not instant death either.

 

First you act a bit off, then like you're drunk, talking rubbish, staggering about.

 

Then you hit the floor.....you're still not unconscious at this point but will be so soon if you have taken enough long acting (not the short acting stuff).

 

 

 

Once unconscious it's a matter of hours...but quite a few.  I found him once when I came home from work. I got in around 6:30pm and as far as I could tell he lost it at about 11am.

 

He was a mess but once revived back to his normal self.

 

Doing this a lot for years, however, can lead to brain damage.

 

 

 

 


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.