Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio and low-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.

[1]  Flavio D. Garcia,et al.  Lock It and Still Lose It - on the (In)Security of Automotive Remote Keyless Entry Systems , 2016, USENIX Security Symposium.

[2]  J. LaFountain Inc. , 2013, American Art.

[3]  Ingrid Verbauwhede,et al.  On the Feasibility of Cryptography for a Wireless Insulin Pump System , 2016, CODASPY.

[4]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5]  Amir Moradi,et al.  A new remote keyless entry system resistant to power analysis attacks , 2009, 2009 7th International Conference on Information, Communications and Signal Processing (ICICS).

[6]  Bart Preneel,et al.  On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them , 2016, ACSAC.

[7]  Mani B. Srivastava,et al.  The bits and flops of the n-hop multilateration primitive for node localization problems , 2002, WSNA '02.

[8]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.