Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System
Abstract
A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied. In this paper, we analyze a widely used wireless blood glucose monitor, the Dexcom G4. We practically demonstrate a series of security issues in this device that enable, amongst others, the tracking of a user and the forging of incorrect sensor readings. The attacks can be carried out at minimal cost using software-defined radio and low-cost RF chipsets. Finally, we devise and practically implement an efficient protocol based on best practices and well-known crypto algorithms to mitigate the weaknesses we discovered.