Jerome Radcliffe's Continuous Glucose Monitor Analsis: A Critical Review: [Essay Example], 1200 words GradesFixer
exit-popup-close

Haven't found the right essay?

Get an expert to write your essay!

exit-popup-print

Professional writers and researchers

exit-popup-quotes

Sources and citation are provided

exit-popup-clock

3 hour delivery

exit-popup-persone
close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Jerome Radcliffe's Continuous Glucose Monitor Analsis: a Critical Review

  • Category: Science
  • Subcategory: Chemistry
  • Topic: Glucose
  • Pages: 3
  • Words: 1200
  • Published: 10 April 2019
  • Downloads: 11
Download Print

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

blank-ico
Download PDF

Diabetes is a disease in which the body has a shortage of insulin, a decreased capacity to use insulin, or both. People with this disease have to administer a synthetic insulin replacement into the body to regulate and stabilize their blood-sugar level. The traditional insulin delivery method is through injection by a needle and syringe. Deciding when to introduce insulin into the body requires frequent blood tests (poking the finger). An alternative to this method uses a Continuous Glucose Monitor (CGM) with a wireless sensor attached to a wire inserted into body tissue to measure electrical elements of fluids.

As a diabetic, Jerome Radcliffe, Cyber Threat Intelligence Analyst at IBM, admits to joking around about a hacker breaking into his CGM. He imagined that he would give himself an unwarranted extra dose of insulin, forcing his blood-sugar level too low and render him unconscious, leaving him in a coma or even dead. After attending Defcon in 2009, he began to ponder the possibility of such a scenario. So, he hacked his own CGM to show how vulnerable wireless medical devices are to cyber threats. He demonstrated this hack at Black Hat USA 2011.

According to Radcliffe, he first collected publicly available data on his Medtronic CGM, focusing on the wireless communication frequency and modulation method. The user manual acted as a starting point, and opening the CGM provided him more information, like the RF chip model number. Next, Radcliffe recognized US regulations require all wireless devices sold receive approval by the Federal Communication Commission (FCC). On approval, wireless devices receive a unique ID, found in product manuals, and detailed FCC verification and analysis documents become public. Radcliffe also combed the US Patent Office for documents and found instructions on the CGM’s functionality and manufacturing specifications (Radcliffe).

From his research, Radcliffe discovered the CGM sensor operated at 402.142MHz under the MedRadio band, an unlicensed, mobile radio service designated by the FCC for transmissions associated with medical devices. Also, the CGM worked off a 1.5v battery for two years (Hanselman). Consequently, he inferred that his CGM lacked cryptography since it would need more processing power than offered by the current voltage. Moreover, the CGM used non-bidirectional communication, and the sensor did not have knowledge of what CGM received the data. Therefore, each packet must include a unique identifier unless it is initially programmed through Java-based software from an operating system of Windows XP or earlier. In addition, Medtronic CGM sales promoted lifespan of several years without having to update (or patch) (BD Diabetes Education Center).

Armed with technical specifications about the Medtronic CGM, Radcliffe found an Arduino model based on the Texas Instrument’s CC1101 wireless chip to work on this frequency. This microcontroller, and its 108-page manual, cost Radcliffe less than $10 (Hansel). Even with 20 years of ham radio experience, an overwhelmed Radcliffe commented on the manual’s complexity. “One of the challenges of crossing over from computer security research to hardware hacking research is the ease of use of the devices… none of it tells you how to program the device. [T]his was designed for the experienced electrical engineer to use, not the computer geek” (Radcliffe WP).

After failing to configure the CC1101 to the same frequency and modulation type as the Medtronic CGM, Radcliffe sought a different approach. By programming the CC1101 to capture the wireless data from the CGM using the “Direct Mode” or “Serial Mode,” Radcliffe could manually decode transmissions and decipher the data packets (Appendix A). After capturing several packets when his blood-sugar level was stable, Radcliffe identified patterns in the transmissions, including that all packets lacked a timestamp and that 80% of the packets had the same first 21 bits. These bits did not directly translate to the transmitter’s unique identifier (Radcliffe).

The breakthrough in his hack came from using the Java based application that Medtronic used to configure their CGMs. The application allowed Radcliffe to capture his CGM’s messages and responses. According to Radcliffe, this was easy: “In the properties file, the logging was set to NONE, which I changed to HIGH” (Radcliffe WP). He then inspected the lone Java library file (JAR file) to discover the encoding method. However, Medtronic did not obfuscate this file, allowing Radcliffe to reproduce the encoding, message formats, and command codes for the CGM (Radcliffe). With this knowledge, Radcliffe could spoof transmissions for his Medtronic CGM and perform replay attacks.

During his Black Hat presentation, Radcliffe addressed the limits of his hack. The hack relies on the unique identifier, which every transmission, every five minutes, carries encoded. This makes passive discovery easy if the attacker can gain physical access to the individual’s personal space because of the CGM’s limited 100 to 200 feet RF range. He also discussed that while an attacker might be able to manipulate the diabetic’s administration of insulin, it is common for a diabetic to introduce incorrect insulin amounts because of external variables. Successfully harming the diabetic would require hours of constant manipulation by an attacker (Radcliffe).

Diabetics still have significant control in the decision-making of delivering their medication. Radcliffe points out “some security risks in manipulating some of the data the person uses, but ultimately, an attacker cannot directly manipulate the amount of insulin given.” However, Radcliffe is quick to note, “The industry has plans to remove the human intervention from this equation though. The Juvenile Diabetes Research Foundation is pushing a campaign called the ‘Artificial Pancreas Project.’” According to Radcliffe, the unfortunate result would be less oversight. Combined with the lax wireless security on medical devices is something Radcliffe believes should be of concern to companies like Medtronic.

Before releasing his findings, Radcliffe had reached out to Medtronic through the US Department of Homeland Security, an ethical approach in his eyes (Smith). Furthermore, a Medtronic engineer who had attended Radcliffe’s presentation at Black Hat received a copy of the presentation and exhaustive technical details previously not disclosed. When Radcliffe followed up by email three days later, the engineer did not reply (Rashid). Finally, after three weeks of waiting for a response, Radcliffe released his discovery. Eventually, Medtronic released a PR statement, after denying receiving any contact from Homeland Security, stating, “Medtronic takes the issue of device information security very seriously. It is an integral part of the very fabric of our product design process” (Statement Regarding Insulin Pump Hacking). Nevertheless, there is no statement on plans to address such security flaws.

Appendix A

The Direct Mode from the CC101 connects using “two pins: one is a clock and the other is data. In this two pin setup, there is a continuous clock signal being generated by the RF module. This provides the timing for reading any signals that the RF module picks up, which would come in from the data pin. The best way to think of the clock signal is like a metronome when playing music. The metronome helps a musician keep time, so they can play a note for the proper amount of time. In [this] case, it tells us how to read the 1s and 0s coming in on the data line. Visually it looks like this”

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Find Free Essays

We provide you with original essay samples, perfect formatting and styling

Cite this Essay

To export a reference to this article please select a referencing style below:

Jerome Radcliffe’s Continuous Glucose Monitor Analsis: A Critical Review. (2019, April 10). GradesFixer. Retrieved December 2, 2020, from https://gradesfixer.com/free-essay-examples/jerome-radcliffes-continuous-glucose-monitor-analsis-a-critical-review/
“Jerome Radcliffe’s Continuous Glucose Monitor Analsis: A Critical Review.” GradesFixer, 10 Apr. 2019, gradesfixer.com/free-essay-examples/jerome-radcliffes-continuous-glucose-monitor-analsis-a-critical-review/
Jerome Radcliffe’s Continuous Glucose Monitor Analsis: A Critical Review. [online]. Available at: <https://gradesfixer.com/free-essay-examples/jerome-radcliffes-continuous-glucose-monitor-analsis-a-critical-review/> [Accessed 2 Dec. 2020].
Jerome Radcliffe’s Continuous Glucose Monitor Analsis: A Critical Review [Internet]. GradesFixer. 2019 Apr 10 [cited 2020 Dec 2]. Available from: https://gradesfixer.com/free-essay-examples/jerome-radcliffes-continuous-glucose-monitor-analsis-a-critical-review/
copy to clipboard
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

    By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

    close

    Attention! this essay is not unique. You can get 100% plagiarism FREE essay in 30sec

    Recieve 100% plagiarism-Free paper just for 4.99$ on email
    get unique paper
    *Public papers are open and may contain not unique content
    download public sample
    close

    Sorry, we cannot unicalize this essay. You can order Unique paper and our professionals Rewrite it for you

    close

    Thanks!

    Your essay sample has been sent.

    Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

    thanks-icon Order now
    boy

    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

    GradesFixer.com uses cookies. By continuing we’ll assume you board with our cookie policy.