Hacked medical device sparks Congressional inquiry

Two members of Congress have asked the Government Accountability Office to review the Federal Communications Commission's approach to medical devices with wireless capabilities to ensure that the devices are "safe, reliable, and secure." The letter to the GAO, from Reps. Anna G. Eshoo (D-CA) and Edward J. Markey (D-MA)--both members of the House communications and technology subcommittee--was sparked by a medical device hacking demonstration earlier this month at the Black Hat conference in Las Vegas. While most Black Hat presentations typically detail exploits launched against others or more benign forms of hardware hacking, security researcher Jerome Radcliffe actually hacked--live and onstage--his own insulin pump, which he relies on to subcutaneously administer multiple doses of insulin per day. Radcliffe, 33, said he was diagnosed with diabetes at age 22. Next came the medical device hardware hacking. Specifically, Radcliffe reverse-engineered the wireless commands sent from the small controller that ships with his pump, and which is used to tell the pump what dosage of insulin to administer.