Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps

Originally published at: http://boingboing.net/2016/10/04/johnson-johnson-says-people.html

…

Anyone know of any incidents of this kind of attack happening in the wild? If not is it actually something worth worrying about over e.g. someone just shooting you?

Ford says Mustang owners don’t need to worry about potentially lethal bombs being wired into car ignition circuits.

Compared to shooting “me”, probably not. But since an attack like this could be done covertly, with a high likelihood of the perpetrator escaping notice and could be conducted in places where guns and other weapons might be screened against–airports, political speeches, courtrooms, public events–I’d say it’s probably worth worrying about enough to put in at least the most basic of security measures like encrypted communication before an incident happens in the wild. If anyone ever does put in the effort to make it happen, they likely will have something else in mind other than targeting some random diabetic on the street.

I think a better metaphor would be Ford saying that “Yeah we know that attackers can cause your Mustang to spontaneously combust with you in it, but it’s very specialized. Hardly anyone can do it.”

But original question. This sort of thing has been around for several years now, they are “notoriously insecure”, has anyone ever actually been attacked like this?

Really the point is wider. There are lots of ways to harm someone. Society fundamentally runs on the fact we don’t try and kill each other. If we were all trying to kill each other there are many many easier ways.

Did you know that someone with a simple brick can break into your house and cave your head in?

Well that’s a pretty good reason not to install any security software in an insulin pump. Hey, we’re all going to die some day, amirite?

Yeah, but they would leave a lot of evidence. Hacking into an insulin pump leaves relatively little evidence, and can be used a premeditated attack on one specific person, rather than a crime of passion or crime of opportunity. Someone motivated enough can do this, or find a script kiddie hack somewhere, or recruit some sketchy characters who do know how to do this.

Then again, I’m convinced that Michael Hastings was murdered, so…

What would distinguish someone being attacked like this from a general failure of the pump? Admittedly, the failure rate of these things is really damned low, but would someone looking into a death from an insulin overdose assume “random hacker attack” or “device error.”

Personally, I’m going to stick to doing my insulin manually and measuring the dosage by reading the numbers off the side of the syringes, but that’s not an option for everyone. Adding some actual encryption protocols to devices like this just seems like a no-brainer and failure to do so is just kind of irresponsible.

Sure, that’s why I lock my doors. Not encrypting devices like these? That’s like the construction company not even installing locks on the doors in the first place.

But they’d likely get caught–and there’s no benefit—and lots of risk–and they couldn’t do it en masse–or remotely–or to powerful figures that practice 24-hour brick-protection.

Did you know simple malware can mess up your computer, clear your bank account and steal your identity? And unlike the brick-thing, it happens ALL the time. Wonder what the difference is?

Hacking a device to lethal effect (whether it be a car or an insulin pump) is more akin, at least potentially, to the effect the development of remote controlled bombs had on society. I don’t think taking some basic and common sense security measures is being overly cautious even if we haven’t experienced an attack yet…

Well, of course they don’t need to worry, since worrying does not really make any difference. But people might need to actively do something about it.

Before we get all crazy about the security of the “internet of things”, let us remember:

Nothing is truly secure.

I am kinda with J&J on this. I mean, yes I think they should make their devices reasonably secure. But do they really need to be 100% secure? How many people are going to maliciously try to kill someone with a pump? I mean right now it isn’t as if one can’t fine an easy way to kill someone. This isn’t like the movies where people are killed with some convoluted plot. Usually there is an argument and someone is shot, stabbed, or bludgeoned to death…

I mean forget this far out death by technology, how secure is your home? A lot of people can have their doors easily kicked in. Most people can have it bashed in with a makeshift battering ram. Never mind windows.

Got a safe for your guns or bit coins or vintage Star Wars comics? Odds are they can be defeated with a long pry bar in under an hour. Some times way under an hour.

My daughter uses this exact same setup and to be honest I’m not too worried (and she gets a new one next Sept). As a 9 year old she hasn’t accumulated enough enemies yet. It’s not like she’s Dick Cheney.

There are far more people that know how to blow up a car than to hack an insulin pump. If the pump were online, I would be more worried, but since you have to be in proximity to the device, it really is about as scary as the bomb-under-the-car scenario.

I’d be more concerned with someone trying it out in a public venue just to see ‘what would happen’, as a test hack against the IoT, or ‘for the lulz’. I am not familiar with how difficult targeting a particular pump might be, so YMMV, although with a wide enough net, everyone with an insulin pump at Platform 15 suddenly collapsing in a diabetic coma would be pretty good proof of concept.

eta: see also the following post about the cheesy quality of malware needed to hack the IoT.

I don’t think there have been any attacks yet. That is not a very good reason to do nothing about it though.

I would expect something that can kill you would have better security than your WiFi router. Right now it seems it doesn’t even have the equivalent of the defeated wep protocol.

I would also hope this security gets better before anyone gets killed.

I think the issue is, in this case, J&J is making zero effort at securing communications. Even if nobody has been hurt (yet) it seems absurd not to place at least some encryption on the communication. Show you care just a tiny bit about the insecurity of medical IoT.

Oh well, I can easily envision the lawsuit that turns this all around.

For a medical device, though, this is pretty lame. Why not make the communication secure? We know that there a lot of criminals out there exploiting insecure network communications. Seems like it’s just a matter of common sense. Don’t they have to go through a risk analysis? Maybe the probability is low, but the risk is so high (death) that your basic engineer would say (or at least I would), “yeah, let’s take the extra time to encrypt. It’s not exactly a new thing.”

Yeah, but as I’ve already mentioned, this is like not having lock on your doors at all. Sure, if someone uses force, they can get into your house, but this is like random bozos being able to get into your house with the minimum effort possible of just turning the door knob. Actually, since the scenario I’m picturing is more like a random public attack, in many situations, they aren’t even going through that much trouble. An insulin overdose actually has a bit of latency to it. So bozo the hacker sits in a coffee shop with a laptop looking for unencrypted pumps, uploads the command to “Dump all available insulin now” and 15 minutes later, the victim has a BSL of 23 or so, as they’re driving down the road. (I’m lucky, I feel it when my blood sugar is diving. Not everyone has that.)

I’m also thinking back to when Ford decided that owners of the early model Pintos weren’t really at risk for fire in low speed collisions. How much of a problem that actually was is still somewhat contested, but it sure cost Ford a lot in both lawsuits, recalls, and reputation; not to mention the negative effect this decision ultimately had on some drivers and passengers.)

Ironically, my blood sugar dropped while I was typing this, so I had some glucose, as it’ll be a while before dinner.

Security is certainly on my list of reasons for not using Windows!

The difference though is that Ford isn’t shipping bombs under the car; the vehicle has to be altered or have components added to it to get it ready for the attack. The insulin pump is (pardon the expression) already primed.