Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Glurp
8721 posts

Uber Geek
+1 received by user: 4004

Subscriber

Topic # 204574 7-Oct-2016 14:10
2 people support this post
Send private message

Forget car hacking. According to an article on The Register, American insulin pumps have no security at all and can be activated by unencrypted radio signals. The manufacturers insist no-one has ever been overdosed this way and the risk is minimal, but my question to any diabetics out there is would you feel comfortable depending on a device like this? I certainly wouldn't and while I am not diabetic, my dad was. Isn't this being just a leetle bit non-chalant with people's health and safety? (Apparently it costs more to make secure pumps.)

 

 





I reject your reality and substitute my own. - Adam Savage
 


Create new topic
5301 posts

Uber Geek
+1 received by user: 2149


  Reply # 1647343 7-Oct-2016 15:03
Send private message

I know someone who has a pace-maker and defibrillator with a WiFi interface. 





Mike

3512 posts

Uber Geek
+1 received by user: 986


  Reply # 1647348 7-Oct-2016 15:13
Send private message

MikeAqua:

 

I know someone who has a pace-maker and defibrillator with a WiFi interface. 

 

 

That plot device was used in Homeland in 2012...


 
 
 
 


3272 posts

Uber Geek
+1 received by user: 1282

Subscriber

  Reply # 1660749 30-Oct-2016 01:29
Send private message

It's not only the risk of overdose. You could potentially also cause a denial of service attack. With the denial of service being no insulin injected even when the patient needs insulin. Could be easy as simply sending loads of random data over the radio interface. And either crashing the inbuilt software. Does the device have a watchdog timer? So if it crashes it will reset and boot up again by itself. Or by causing so many interrupt calls that the main code that manages insulin levels doesn't get to run. And then there are race conditions - Where if something happens at just the right time or order the software does unexpected things.

 

This is also ridiculous in that virtually every IC datasheet I have read says that the IC manufacturer doesn't warrant their devices for use in life support equipment. Or other applications where a failure would be expected to cause loss of life. (such as aerospace) And to contact the IC manufacturer if you are intending to use their products in a life support device. And often the ICs concerned would be simple logic or analogue ICs. So no software involved. So component manufacturers are taking life support systems reliability seriously.

 

 

 

I wonder if the approvals process for medical devices that use software. Have any kind of testing of the software beyond seeing if it produces the expected output? It should be a requirement that as part of testing and device certification. The testing body should be provided with copies of the source code. So if failures happen later they can be fully investigated. And as an incentive for better software testing.






622 posts

Ultimate Geek
+1 received by user: 12


  Reply # 1660754 30-Oct-2016 02:30
Send private message

thats odd news.. was a kiwi hacker.. pacemaker insulin pump and atms spitting out cash

 

 

 

https://www.rt.com/usa/hacker-pacemaker-barnaby-jack-639/


622 posts

Ultimate Geek
+1 received by user: 12


  Reply # 1660755 30-Oct-2016 02:34
Send private message

plus his death was suspicious at the time.. some claim he was over dosed not by his own hand

 

 

 

https://en.wikipedia.org/wiki/Barnaby_Jack


Mad Scientist
19341 posts

Uber Geek
+1 received by user: 2531

Trusted
Lifetime subscriber

  Reply # 1660758 30-Oct-2016 07:06
Send private message

Aredwood:

 

It's not only the risk of overdose. You could potentially also cause a denial of service attack. With the denial of service being no insulin injected even when the patient needs insulin. Could be easy as simply sending loads of random data over the radio interface. And either crashing the inbuilt software. Does the device have a watchdog timer? So if it crashes it will reset and boot up again by itself. Or by causing so many interrupt calls that the main code that manages insulin levels doesn't get to run. And then there are race conditions - Where if something happens at just the right time or order the software does unexpected things.

 

This is also ridiculous in that virtually every IC datasheet I have read says that the IC manufacturer doesn't warrant their devices for use in life support equipment. Or other applications where a failure would be expected to cause loss of life. (such as aerospace) And to contact the IC manufacturer if you are intending to use their products in a life support device. And often the ICs concerned would be simple logic or analogue ICs. So no software involved. So component manufacturers are taking life support systems reliability seriously.

 

 

 

I wonder if the approvals process for medical devices that use software. Have any kind of testing of the software beyond seeing if it produces the expected output? It should be a requirement that as part of testing and device certification. The testing body should be provided with copies of the source code. So if failures happen later they can be fully investigated. And as an incentive for better software testing.

 

 

No insulin delivered is very safe. You have days-weeks to years if not decades to live (depending on specifics of condition - although those who can do years-decades are likely not to have a pump at this stage).

 

Too much insulin = instant d (minutes, but less than hour depending on how much OD).





Swype on iOS is detrimental to accurate typing. Apologies in advance.


664 posts

Ultimate Geek
+1 received by user: 114


  Reply # 1666555 9-Nov-2016 14:27
Send private message

joker97:

 

 

 

No insulin delivered is very safe. You have days-weeks to years if not decades to live (depending on specifics of condition - although those who can do years-decades are likely not to have a pump at this stage).

 

Too much insulin = instant d (minutes, but less than hour depending on how much OD).

 

 

 Hardly.

 

If you are on insulin, not taking any is likely to kill you in a lot less than years, probably a lot less than months too.

 

My partner has low sugar issues (type 1 on insulin). It's not instant death either.

 

First you act a bit off, then like you're drunk, talking rubbish, staggering about.

 

Then you hit the floor.....you're still not unconscious at this point but will be so soon if you have taken enough long acting (not the short acting stuff).

 

 

 

Once unconscious it's a matter of hours...but quite a few.  I found him once when I came home from work. I got in around 6:30pm and as far as I could tell he lost it at about 11am.

 

He was a mess but once revived back to his normal self.

 

Doing this a lot for years, however, can lead to brain damage.

 

 

 

 


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.