Life Threatening Vulnerabilities presented at BlackHatAbuDhabi 2011

by Barnaby Jack,

Summary : Diabetes currently affects 285 million people worldwide which is 6.4% of the population. This number is expected to reach 438 million by the year 2030.
Many diabetics are looking to technology to treat their disease and insulin pumps provide a convenient alternative to manual insulin injections.
All modern insulin pumps support some form of wireless communication. Thanks to this wireless capability, a remote attack surface exists.
The topic of insulin pump security may sound familiar to some. At Black Hat USA 2011, Jay Radcliffe who is himself a diabetic reviewed the security of his own pump. Jay revealed that the communication protocol used by the pump does not implement encryption.
His finding could potentially allow replay attacks if you were in the vicinity of a diabetic during a legitimate transmission. Jay was able to issue commands to his own pump, but he required the serial number of the device which is used as authentication.
In this talk, I will walk through the process I took to find a critical remote vulnerability in the Medtronic line of insulin pumps, the most widely used insulin pumps in the US. In a live but controlled environment, I will demonstrate software which leverages this vulnerability to locate any insulin pump within a 300 foot radius, and issue commands to the pump - including the ability to dispense a full reservoir ofinsulin.
No prior knowledge of the pumps serial isrequired.