Hacker News new | past | comments | ask | show | jobs | submit login

The gentlemen who wrote this post takes an approach I'm not comfortable supporting: The signal and commands haven't been successfully reversed engineered yet so this isn't a real threat.

A little bit about my background: 10+ years successfully (legally) reverse engineering software technology that required both client software and packet manipulation in industries that have been very proactive against it.

Seeing as the medical devices are hardware items issued to unique individual recipients the issue could easily be fixed with a 1024+ Public Private Key-Pair between the devices unique to each issuance.

However, this does nothing to protect the many millions of individuals, using today's devices, potentially exposed to the threat described by Jay Radcliffe.




It's a little less severe than that. First the device has to support remote management, then the device has to have remote management turned on, and finally the attacker would have to have the device's serial number (which seems to be used as a security mechanism) in order to successfully send the device commands.

Also, if you don't like needles, don't watch the youtube video at the bottom of the post :|


This is assuming you only want to control the pump. If the individual is unable to view any information on their monitor, or their monitor is displaying improper data, it may cause other serious health issues in high risk patients.

Not to mention that some devices may be controlled by the monitoring device and it may require a constant stream of good data.

I agree that not all setups and individuals are at risk but some most likely are.


RSA is a little bit too computationally intensive for these devices I'm afraid




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: