Wireless Medical Devices Need Security Testing
As technology continues to advance, and people become more comfortable (and more skilled) at manipulating technology, we’re going to have to address scenarios we’ve never dreamed of before.
With hacking becoming more prevalent it seems we’re at one of those cross roads. The General Accountability Office is preparing a report on the security vulnerability of wireless medical devices. The report is due next month and may propose that a federal agency review device security before devices are approved for public use. Wireless medical devices, such as pace makers and automatic insulin pumps, have been in use for years – long before patients and doctors had to worry about the possibility of outside forces wirelessly tampering with the devices’ functionality. Now, that possibility is not so remote. Malware has already been found on some wireless medical devices and the possibility of a live hack was recently demonstrated. Here’s what happened, from Information Week:
Congressional interest in the issue was prompted by a public demonstration of how easy it is to hack into a medical device: Security researcher Jeremy Radcliffe hacked his own insulin pump at a recent conference in Las Vegas, using a dongle attached to a PC port to change settings on the device wirelessly.
In 2008, researchers at the Medical Device Security Center in Amherst, MA, also hacked pacemakers and defibrillators wirelessly. An article in Wired Magazine noted that an attacker could use such an approach to kill somebody by sending a fatal shock to a pacemaker, for example.
The FDA has so far received no reports of patient safety incidents tied to the hacking of medical devices such as heart monitors and infusion pumps. But a Department of Veterans Affairs (VA) study showed that between January 2009 and spring 2011, there were 173 incidents of medical devices being infected with malware. The VA has taken the threat seriously enough to use virtual local area networks to isolate some 50,000 devices.
Read the full report at Information Week >>>
Technology is so weaved into our everyday lives that it can be easy to forget about it. Or easy to think it’s safe because it has always been. But as technology continues to advance it’s going to become increasingly important to back track and thoroughly test older technologies against today’s threats.
Security testing, especially skilled white-hat testing, is going to be a key need for new technologies – like wireless car starters, auto driving functions and advanced medical devices. But it’s going to be even more important to existing technologies, like pacemakers, insulin pumps and home security systems.
Forgive me if I sound cold, but is this *really* worth the kind of time and expense it would demand to “secure” these devices… and would any of it actually stop someone determined to kill someone?
Personally, I think this is a waste of time and money — No, I don’t have a personal, wireless medical device. Yes, I would be comfortable with one knowing the wireless security risks… basically ’cause I know that if I piss someone off enough to want me dead, they are gonna make me dead — with or without wireless medical device hacking… and if someone wants *lots* of people dead, there are *way* easier ways to make *way* more people dead.
It isn’t a matter of targeting someone explicitly per se, it’s a matter of protecting from black hat hackers. Malware didn’t get on those 173 devices by someone targeting 173 people they wanted to kill. They idly built attacks against wireless devices like these to see if they could, but implemented it instead of reporting it.
Since they, like you, don’t have a wireless medical device, their idleness may have much more drastic an effect than intended. Or they may even maliciously build attacks, without regard for the effects.
The point is, a great many hackers today who do a lot of damage don’t try and target people–on the contrary, they write as generic an attack as possible just to see how well it spreads. Which is far more dangerous and does indeed demand security.
I read in many respects risk of violation of safety of wireless medical instruments is extremely small, because for hackers it is necessary to know many parameters, beginning from which instrument (which is at you) to special codes on which this instrument hands over the functional information!
I would be very interested in becoming a tester for this, I do have a pacemaker and I don’t feel targeted ,however it is possible to havethe pacemakers hacked, and from what I experienced they could really do some damage..
Thank you.
American Health Journal is interested in content based partnerships with webmasters in the health niche. AHJ is a health site with over 3000 of high quality health videos. We can offer content exchanges, link exchanges, and exposure to your website. Come contact us at our contact form on our site.