
Insulin pump hack delivers fatal dosage over the air - sehugg
http://www.theregister.co.uk/2011/10/27/fatal_insulin_pump_attack/print.html
======
jcampbell1
What is the simplest solution to this problem from a non-technical user's
perspective? Maybe: "hold the '+' button for 3 seconds to initiate a sync."?

I don't fully understand the problem. Are these things always open to wireless
communication? My friend's syncs with USB.

~~~
nknight
Different models will work differently, the ones this guy worked on are
apparently always open, despite the manufacturer's intent.

The simplest solution that doesn't make ridiculous assumptions about the time
and place is to just do HMAC + replay prevention, as has already been
mentioned.

Don't do infosec half-assed, they'll just get in through the other cheek.

------
Groxx
A bit frightening, and then you realize that this is _entirely_ unsurprising.
Why would they spend the money to develop it, drain the battery more quickly,
and complicate the whole setup to make it secure when people aren't going
around exploiting them?

It's just capitalism at work, people. Even if someone does use this to kill
off a handful of people, the cheaper devices might just have saved 100x more
before secure models start appearing. Is it a fair trade-off? People haven't
been demanding their insulin pumps be secure, so apparently they think it is
(edit: yes yes, ignorance - they don't _have_ to be, ya know. I'd get to know
the thing keeping me alive, personally).

~~~
eps
It needs not have a full-blown PKI/TLS stack. In fact it does not need the
encryption, it only needs authentication of the exchange and the replay
protection. These are as simple as numbering messages with increasing IDs and
HMAC'ing them with pre-shared key (that in turn can be generated on one side
and passed to another during the pairing sequence). This is _cheap_ in terms
of CPU usage.

I doubt the lack of security provisions is due to the $ matters. It is far
more likely to be just the developers' ignorance on the subject... which _is_
entirely unsurprising, totally agree here.

~~~
Jach
How many "see, capitalism makes people take short cuts!" can be explained
better by "the company was just ignorant about this case"?

~~~
Groxx
How many ignorance cases can be explained better by delegation in the face of
cost? They're essentially one and the same most of the time - unlimited time /
money lets you be infinitely careful, but you have competitors. But yes,
capitalism tends to encourage people to make cuts where they will be least
noticed - like this one, until _one person_ got it in their head that they
might be hackable. They were fine for _years_ prior to that occurrence.

------
anigbrowl
That's disturbing, to say the least.

~~~
nknight
No, it was disturbing 20+ years ago when the possibility was first raised of
these kinds of attacks. Today it's just expected. And depressing.

The sectors that need to understand information security the most are the ones
that have absolutely no grasp of it.

I see no sign of that changing. Every time an improvement is made to the
security of one system, somebody pops up with a new one that has utterly
failed to learn the lessons of the last one.

~~~
noonespecial
Add to that "shoot the messenger-ism" (pointing out an exploit is the same as
exploiting it nefariously; punishment as follows), plus a good dose of
information paralysis (we can't add that security feature, we can't prove its
safe), and finally a dash of "the device we have now is already approved, we'd
have to do it again and it took _8 years_ last time"... You've got a recipe
for some choice badness.

------
jusob
You an check out Barnaby' previous work on hacking ATMs:
<http://www.youtube.com/watch?v=htDMu7USsZQ>

------
ramidarigaz
I find it deeply disturbing that there isn't some simple sanity check that
prevents the device from delivering a fatal dose.

~~~
shabble
I don't know about diabetes and insulin specifically, but what constitutes a
fatal dose might not be easily calculable up-front.

Obviously, there'll be a dose that will be deadly in all cases - the LD100.
But the statistical "half the people given this dose" LD50 measure could
easily vary by ± 100% or more. Things like metabolic rate, body-weight, route
of administration, insulin tolerance, and relative blood-sugar levels could
all factor into the dosing system, and I'm guessing the whole point of having
it remotely configurable is to minimise the processing effort on the embedded
chunk.

~~~
carbocation
I see that your self-asserted lack of domain-specific knowledge did not
prevent you from giving the correct answer. Good.

------
jakeonthemove
I doubt anyone will use this to kill someone, but it's good that the
vulnerability was discovered so soon - the next models will have protection.
Besides, people have been killing each other for millions of years - doing it
with a wireless device instead of a knife doesn't change much.

------
weego
wasn't this debunked in the previous article on the same subject?
<http://news.ycombinator.com/item?id=2849716>

~~~
nknight
Where do you see a "debunking" there? I sure don't. Just a downplaying of the
risks of the previous type of attack.

This is a new, MUCH worse attack from a different researcher -- one with
significant existing credibility, I might add.

------
sp332
I know security researchers must do this stuff by reflex, but this "insight"
seems useless. It's not like this could happen by accident. So for this to
happen, you would need someone to want to kill you, and there are simpler ways
to do that.

~~~
Retric
True, but few ways to kill someone will look like a software glitch.

