John Sutter reports:
Nathanael Paul likes the convenience of the insulin pump that regulates his diabetes. It communicates with other gadgets wirelessly and adjusts his blood sugar levels automatically.
But, a few years ago, the computer scientist started to worry about the security of this setup.
What if someone hacked into that system and sent his blood sugar levels plummeting? Or skyrocketing? Those scenarios could be fatal.
“If your computer fails, no one dies,” he said in a phone interview. “If your insulin pump fails, you have problems.”
As sci-fi as it sounds, Paul’s fears are founded in reality.
[…]
Some of the suggestions would protect the devices with passwords. But that poses further complications, Denning said, because doctors and nurses have to be able to control the devices in the event of an emergency, even if the patient who knows the password is unconscious.
It may be possible to get around that issue by tattooing a barcode containing the password on the patient’s skin, either with visible ink or ink that can be seen only under ultraviolet light, she said.
Patients also could wear bracelets with their passwords on the inside, or doctors could carry devices that would de-activate a pacemaker or defibrillator’s security protections in the event of an emergency.
Denning said it will be important to standardize security measures.
“If you have a patient that’s unconscious on the ground, you really don’t want the medical staff to have to figure out what security system they’re using,” she said in the presentation.
Read more on CNN.
Related Research Report: Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses (pdf)