"If your computer fails, no one dies. If your insulin pump fails, you have problems."
Hacking Can Kill
In 2010, Dr. Mark Gasson, a British cybernetics expert at the University of Reading, became the first person to come in contact with a real computer virus physically. He injected himself by the way of an RFID chip with a computer virus. He did this experiment to show how implantable devices. Though it couldn’t possibly be fatal, but now hackers have planned something new. he proved how hacking can kill.
“It is now possible for an attacker sitting up to a kilometer away, with some powerful antennas to launch a wireless hack to remotely control an insulin pump and potentially kill the victim”. Says Security researcher, Jay Radcliff at the Black Hat Security Conference. Jay Radcliff is a diabetic person, who is connected to an insulin pump and glucose monitor all time.
Radcliff in his presentation Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System showed how wireless communication could be reverse-engineered and a device used to launch an injection attack that would manipulate a diabetic’s insulin and possibly cause a patient’s death. All wireless devices such as pacemakers, defibrillators and insulin pumps are vulnerable to it.
In 2008 a group of hackers highlighted how someone could use an antenna, radio hardware and a PC to deliver a lethal shock to an implantable cardiac defibrillator (ICD).
In Hollywood there is a movie about the assassination of a political target. The hacker cum assassin exploited wireless vulnerabilities in pacemakers and insulin pumps to stop them from working leading the victim to die.
Radcliffe said to the press “My initial reaction was that this was really cool from a technical perspective. The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive.”
How This Kind Of Hack Works?
In order to hack medical devices, an attacker could intercept wireless signals and then broadcast a stronger signal to change the blood-sugar level readout on an insulin pump so that the person wearing the pump would adjust their insulin dosage. If done repeatedly, it could kill a person. Radcliffe also suggests scenarios where an attacker could be within a couple hundred feet of a victim, like being on the same airplane or on the same hospital floor, and then launch a wireless attack against the medical device. He added that with a powerful enough antenna, the malicious party could launch an attack from up to a half mile away.
Security Researchers all around the world are taking this seriously are worried of these potentially fatal hacking attacks. They are working on some security measures like password protection for such medical devices.
It is not just the medical field which is feeling the heat. Computer viruses are also responsible for many indirect deaths.
In 2008, the Spanish newspaper El Pais reported that computer viruses may have contributed to the Spanair plane crash which killed 154 people in Madrid two years ago. The 12,000 page accident summary report explains that the Spanair central computer was trojan-infected and therefore failed to trigger an alarm which would have grounded the plane. After this accident, FAA (Federal Aviation Administration) showed its inability to effectively monitor air traffic control from such cyber-attacks.
Author: Naveen Thakur