Wireless Signal Monitor Device

Insulin pump hacker says vendor Medtronic is ignoring security risk

Jerome Radcliffe scared a lot of people — including himself, since he is a diabetic — when he showed how easy it was to hack an insulin pump from a distance at the Black Hat security conference in Las Vegas early this month.

At the time, Radcliffe didn’t disclose the names of vendor names or models. He withheld the information to stay within legal boundaries, to protect himself, and to make sure he did not arm criminal hackers with the means to undertake the actual hacks. Today he revealed in a conference call that the company in question was Medtronic and it has not acknowledged that there is a security risk.

“I chose not to disclose the details to protect the public safety of diabetics,” he said today in a conference call. But that was before he ran into a brick wall with Medtronic.

Now he has worked with the Department of Homeland Security and the Computer Emergency Response Team to contact the vendor of insulin pumps. He said he expected to get honest, public disclosure from the vendor about what it would do to fix the problem.

“I expect a company to be truthful with any press statements and to do fact checking,” he said. “I expect a comprehensive solution in a timely manner.”

Today, Radcliffe revealed that the company was Medtronic, which had an engineer available at his talk in early August. Radcliffe said that on Aug. 9, Medtronic posted a statement on its web site that says it wasn’t really a security problem. Radcliffe was unsettled by that and emailed the engineer again. On Aug. 12, the DHS contacted the company and got no response. On Aug. 15, Congress sent a letter to the General Accounting Office asking for an investigation. And on Aug. 24 Medtronic gave an Associated Press reporter the same reinforced PR statement . CERT also contacted Medtronic.

“Medtronic takes very seriously the issue of information security of its devices,” the company said in a statement. “It’s an integral part of the very fabric of our product design processes.” It also said, “To our knowledge, there has never been a single reported incident of wireless tampering outside of controlled laboratory experiments in more than 30 years of use.

FCC: Signal Boosters Do More Harm Than Good | CTIA-The Wireless ...

Consumers demand wireless broadband anywhere at any time, and carriers compete vigorously by investing in towers and equipment to improve coverage. With limited spectrum available to transmit wireless data, wireless devices must finely tune into narrow spectrum bands so they can communicate with the network and provide consumers with service. Even though the U.S. is the most efficient user of spectrum in the world , any interference can negatively impact consumers’ wireless experiences when there are so many devices using the limited amount of spectrum.

The FCC recently issued an NPRM to evaluate the use of signal boosters to improve wireless coverage. While it may sound like a good idea in principal, signal boosters can easily cause interference to wireless networks and do far more harm than good. In our comments , we urged the Commission to proceed carefully because the use of illicit signal boosters can cause serious disruptions to wireless networks and interfere with vital public safety communications.

To address the interference issue caused by signal boosters, CTIA recommends an industry-based solution. Since the FCC lacks the authority to license signal boosters for use in licensed spectrum under the “citizens band radio service” provision of the Communications Act and instead of trying to create a regulatory framework, CTIA encourages the Commission to allow the industry to develop certification standards.

With the huge risk of harmful interference, it is critical the Commission affirm and enforce its existing requirements that state a FCC license or licensee consent is needed in order to buy or operate a signal booster. Otherwise, an unauthorized user can cause co-channel interference that degrades network coverage and quality of service for other users. Signal boosters also have the potential to create inaccurate location estimates for 911 calls, potentially affecting emergency responders. If it was unlawful to sell or operate an unlicensed signal booster, there would be a dramatic reduction on wireless interference.

802.11 wireless networks, the definitive guide

Wireless

Wireless communications

Wireless, from Marconi's black-box to the audion

Signal processing for telecommunications and multimedia