An attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim, diabetic security researcher Jay Radcliffe has found, according to a Computerworld blog.

Radcliffe is a diabetic who is connected to an insulin pump and glucose monitor at all times. He said that a combination of devices turned him into a Human SCADA (supervisory control and data acquisition) system.

Radcliffe decided to find out if proprietary wireless communication could be reverse-engineered and a device used to launch an injection attack that would manipulate a diabetic’s insulin and possibly cause a patient’s death.

Radcliffe suggested scenarios where an attacker could be within a couple hundred feet of a victim, like being on the same airplane or on the same hospital floor, and then launch a wireless attack against the medical device. He added that with a powerful enough antenna, the malicious party could launch an attack from up to a half mile away.

“My initial reaction was that this was really cool from a technical perspective. The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive.”

Radcliffe shared his findings in a presentation called “Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System” [link], at the 2011 Black Hat security conference.