Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

Authors: 

Luca Reverberi and David Oswald, School of Computer Science, University of Birmingham, UK

Abstract: 

A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio and low-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {206152,
author = {Luca Reverberi and David Oswald},
title = {Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System},
booktitle = {11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/reverberi},
publisher = {{USENIX} Association},
}