Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Rikkitic

Awrrr
18657 posts

Uber Geek

Lifetime subscriber

#204574 7-Oct-2016 14:10
Send private message

Forget car hacking. According to an article on The Register, American insulin pumps have no security at all and can be activated by unencrypted radio signals. The manufacturers insist no-one has ever been overdosed this way and the risk is minimal, but my question to any diabetics out there is would you feel comfortable depending on a device like this? I certainly wouldn't and while I am not diabetic, my dad was. Isn't this being just a leetle bit non-chalant with people's health and safety? (Apparently it costs more to make secure pumps.)

 

 





Plesse igmore amd axxept applogies in adbance fir anu typos

 


 


Create new topic
MikeAqua
7773 posts

Uber Geek


  #1647343 7-Oct-2016 15:03
Send private message

I know someone who has a pace-maker and defibrillator with a WiFi interface. 





Mike




wellygary
8312 posts

Uber Geek


  #1647348 7-Oct-2016 15:13
Send private message

MikeAqua:

 

I know someone who has a pace-maker and defibrillator with a WiFi interface. 

 

 

That plot device was used in Homeland in 2012...


Aredwood
3885 posts

Uber Geek


  #1660749 30-Oct-2016 01:29

It's not only the risk of overdose. You could potentially also cause a denial of service attack. With the denial of service being no insulin injected even when the patient needs insulin. Could be easy as simply sending loads of random data over the radio interface. And either crashing the inbuilt software. Does the device have a watchdog timer? So if it crashes it will reset and boot up again by itself. Or by causing so many interrupt calls that the main code that manages insulin levels doesn't get to run. And then there are race conditions - Where if something happens at just the right time or order the software does unexpected things.

 

This is also ridiculous in that virtually every IC datasheet I have read says that the IC manufacturer doesn't warrant their devices for use in life support equipment. Or other applications where a failure would be expected to cause loss of life. (such as aerospace) And to contact the IC manufacturer if you are intending to use their products in a life support device. And often the ICs concerned would be simple logic or analogue ICs. So no software involved. So component manufacturers are taking life support systems reliability seriously.

 

 

 

I wonder if the approvals process for medical devices that use software. Have any kind of testing of the software beyond seeing if it produces the expected output? It should be a requirement that as part of testing and device certification. The testing body should be provided with copies of the source code. So if failures happen later they can be fully investigated. And as an incentive for better software testing.








kiwigeek1
637 posts

Ultimate Geek
Inactive user


  #1660754 30-Oct-2016 02:30
Send private message

thats odd news.. was a kiwi hacker.. pacemaker insulin pump and atms spitting out cash

 

 

 

https://www.rt.com/usa/hacker-pacemaker-barnaby-jack-639/


kiwigeek1
637 posts

Ultimate Geek
Inactive user


  #1660755 30-Oct-2016 02:34
Send private message

plus his death was suspicious at the time.. some claim he was over dosed not by his own hand

 

 

 

https://en.wikipedia.org/wiki/Barnaby_Jack


Batman
Mad Scientist
29760 posts

Uber Geek

Trusted
Lifetime subscriber

  #1660758 30-Oct-2016 07:06
Send private message

Aredwood:

 

It's not only the risk of overdose. You could potentially also cause a denial of service attack. With the denial of service being no insulin injected even when the patient needs insulin. Could be easy as simply sending loads of random data over the radio interface. And either crashing the inbuilt software. Does the device have a watchdog timer? So if it crashes it will reset and boot up again by itself. Or by causing so many interrupt calls that the main code that manages insulin levels doesn't get to run. And then there are race conditions - Where if something happens at just the right time or order the software does unexpected things.

 

This is also ridiculous in that virtually every IC datasheet I have read says that the IC manufacturer doesn't warrant their devices for use in life support equipment. Or other applications where a failure would be expected to cause loss of life. (such as aerospace) And to contact the IC manufacturer if you are intending to use their products in a life support device. And often the ICs concerned would be simple logic or analogue ICs. So no software involved. So component manufacturers are taking life support systems reliability seriously.

 

 

 

I wonder if the approvals process for medical devices that use software. Have any kind of testing of the software beyond seeing if it produces the expected output? It should be a requirement that as part of testing and device certification. The testing body should be provided with copies of the source code. So if failures happen later they can be fully investigated. And as an incentive for better software testing.

 

 

No insulin delivered is very safe. You have days-weeks to years if not decades to live (depending on specifics of condition - although those who can do years-decades are likely not to have a pump at this stage).

 

Too much insulin = instant d (minutes, but less than hour depending on how much OD).


pctek
807 posts

Ultimate Geek
Inactive user


  #1666555 9-Nov-2016 14:27
Send private message

joker97:

 

 

 

No insulin delivered is very safe. You have days-weeks to years if not decades to live (depending on specifics of condition - although those who can do years-decades are likely not to have a pump at this stage).

 

Too much insulin = instant d (minutes, but less than hour depending on how much OD).

 

 

 Hardly.

 

If you are on insulin, not taking any is likely to kill you in a lot less than years, probably a lot less than months too.

 

My partner has low sugar issues (type 1 on insulin). It's not instant death either.

 

First you act a bit off, then like you're drunk, talking rubbish, staggering about.

 

Then you hit the floor.....you're still not unconscious at this point but will be so soon if you have taken enough long acting (not the short acting stuff).

 

 

 

Once unconscious it's a matter of hours...but quite a few.  I found him once when I came home from work. I got in around 6:30pm and as far as I could tell he lost it at about 11am.

 

He was a mess but once revived back to his normal self.

 

Doing this a lot for years, however, can lead to brain damage.

 

 

 

 


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.