Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

Luca Reverberi; David Oswald

Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio and
low-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.

Original language	English
Title of host publication	Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17)
Publisher	USENIX Association
Number of pages	10
Publication status	Published - 14 Aug 2017
Event	WOOT '17, 11th USENIX Workshop on Offensive Technologies - Vancouver, Canada Duration: 14 Aug 2017 → 15 Aug 2017

Conference

Conference	WOOT '17, 11th USENIX Workshop on Offensive Technologies
Country/Territory	Canada
City	Vancouver
Period	14/08/17 → 15/08/17

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

https://www.usenix.org/conference/woot17/workshop-program/presentation/reverberiLicence: Creative Commons: Attribution (CC BY)

Cite this

@inproceedings{a7155c91fb0a46ceaf5f672737e86ee4,

title = "Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System",

abstract = "A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient{\textquoteright}s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio andlow-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.",

author = "Luca Reverberi and David Oswald",

year = "2017",

month = aug,

day = "14",

language = "English",

booktitle = "Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17)",

publisher = "USENIX Association",

note = "WOOT '17, 11th USENIX Workshop on Offensive Technologies ; Conference date: 14-08-2017 Through 15-08-2017",

}

Reverberi, L & Oswald, D 2017, Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System. in Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17). USENIX Association, WOOT '17, 11th USENIX Workshop on Offensive Technologies, Vancouver, Canada, 14/08/17. <https://www.usenix.org/conference/woot17/workshop-program/presentation/reverberi>

TY - GEN

T1 - Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

AU - Reverberi, Luca

AU - Oswald, David

PY - 2017/8/14

Y1 - 2017/8/14

N2 - A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio andlow-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.

AB - A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio andlow-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.

M3 - Conference contribution

BT - Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17)

PB - USENIX Association

T2 - WOOT '17, 11th USENIX Workshop on Offensive Technologies

Y2 - 14 August 2017 through 15 August 2017

ER -

Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

Abstract

Conference

UN SDGs

Access to Document

Fingerprint

Cite this