Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System

DEF CON 19

Presented by: Jerome Radcliffe
Date: Saturday August 06, 2011
Time: 09:00 - 09:50
Location: Rio Pavilion 7
Track: Skytalks

As a diabetic, I have two devices attached to me at all times; an insulin pump and a continuous glucose monitor. This combination of devices turns me into a Human SCADA system; in fact, much of the hardware used in these devices are also used in Industrial SCADA equipment. I was inspired to attempt to hack these medical devices after a presentation on hardware hacking at Defcon in 2009. Both of the systems have proprietary wireless communication methods. Could their communication methods be reverse engineered? Could a device be created to perform injection attacks? Manipulation of a diabetic's insulin, directly or indirectly, could result in significant health risks and even death. My weapons in the battle: Arduino, Ham Radios, Bus Pirate, Oscilloscope, Soldering Iron, and a hacker's intuition. After investing months of spare time and an immense amount of caffeine, I have not accomplished my mission. The journey, however, has been an immeasurable learning experience - from propriety protocols to hardware interfacing – and I will focus on the ups and downs of this project, including the technical issues, the lessons learned, and information discovered, in this presentation "Breaking the Human SCADA System."


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats