Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

Colleges, School and Institutes

External organisations

  • School of Computer Science, The University of Birmingham

Abstract

A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio and
low-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.

Details

Original languageEnglish
Title of host publicationProceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17)
Publication statusPublished - 14 Aug 2017
EventWOOT '17, 11th USENIX Workshop on Offensive Technologies - Vancouver, Canada
Duration: 14 Aug 201715 Aug 2017

Conference

ConferenceWOOT '17, 11th USENIX Workshop on Offensive Technologies
CountryCanada
CityVancouver
Period14/08/1715/08/17