http://www.theregister.co.uk/2011/10/27/fatal_insulin_pump_attack/ By Dan Goodin in San Francisco The Register 27th October 2011 In a hack fitting of a James Bond movie, a security researcher has devised an attack that hijacks nearby insulin pumps so he can surreptitiously deliver fatal doses to diabetic patients who rely on them. The attack on wireless insulin pumps, made by medical devices giant Medtronic, was demonstrated Tuesday at theHacker Halted conference in Miami. It was delivered by McAfee's Barnaby Jack, the same researcher who last year showed how take control of two widely used models of automatic teller machines so he could to cause them to spit out a steady stream of dollar bills. Jack's latest hack works on most recent Medtronic insulin pumps, because they contain tiny radio transmitters that allow patients and doctors to adjust their functions. It builds on research presented earlier this year that allowed the wireless commandeering of the devices when an attacker was within a few feet of the patient, and knew the serial number of his pump. Software and a special antenna designed by Jack allows him to locate and seize control of any device within 300 feet, even when he doesn't know the serial number. "With this device I created and the software I created, I could actually instruct the pump to perform all manner of commands," Jack told The Register. "I could make it dispense its entire reservoir of insulin, which is about 300 units. I just scan for any devices in the vicinity and they will respond with the serial number of the device." [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Oct 27 2011 - 22:33:16 PDT
This archive was generated by hypermail 2.2.0 : Thu Oct 27 2011 - 22:41:47 PDT