Hello Guest, Welcome to Apnea Board !
As a guest, you are limited to certain areas of the board and there are some features you can't use.
To post a message, you must create a free account using a valid email address.

or Create an Account


New Posts   Today's Posts

Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
#21
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
Have they. Maybe.

There has been people who have jailbroken the firmware. They can make a resmed airsense 10 autoset run like a ivap or ventilator. 

So if people are doing that then there will be people looking at if they can hack them. I'm sure there is a hacker or 2 with sleep apnea that would not be able to resist trying.

Anything especially if exposed to a network can be exposed to hackers. 

Search engines like shodan and zoomeye make this even more likely as they index anything  and everything they find on an ip address. They have indexed Power plants, traffic lights, and hospital systems to name a few.

Hackers went and do go wild with these. You might get a nice hacker just seeing if they can and then warning someone or someone who sees what settings they can change.

I would like to know how much time was spent making sure a CPAP's Web facing backed was checked for security issues.

They may not change the machine. But it is a way into your internal network if connected to wifi. Who knows what they could do then.

To think it can't or won't is kidding yourself.
Post Reply Post Reply
#22
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
CPAP machines do not connect to Wi-Fi. The modem inside these PAPs connect to mobile cellular.
INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEBSITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.
Post Reply Post Reply
#23
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
(07-05-2021, 04:51 PM)SarcasticDave94 Wrote: CPAP machines do not connect to Wi-Fi. The modem inside these PAPs connect to mobile cellular.
Thanks.  Wasn't exactly sure if they were just 4g or had option to wifi connect.


I don't have one yet. Just got my perscription so still learning about them.

But if the mobile data is connected it will be internet facing with an ip address so can be discovered and hacked. 

They appear to run the machines on linux/Unix. So could be vulnerable to a known exploit still. 

Then there is the remote access to company and doctors. Logins can be bruteforced or exploited.

I personally will be keeping mine off the internet. Last thing I need is some kid on the otherwise of the world seeing what turning everything to max looks like.
Post Reply Post Reply
#24
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
They are not connected to the internet. The manufacturers use a subscription cellular service that requires the machine's serial number for the connection to complete. Since you can't get a loan based on your CPAP data, what would justify the time and effort for one's sleep data settings?
Crimson Nape
Apnea Board Moderator
www.ApneaBoard.com
___________________________________
Useful Links -or- When All Else Fails:
The Guide to Understanding OSCAR
OSCAR Chart Organization
Attaching Images and Files on Apnea Board
Apnea Helpful Tips

INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.
Post Reply Post Reply
#25
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
The CPAP machines themselves do not connect to the internet. They can call out, via cellular connection, to the manufacturer's site and report information. They cannot take incoming calls. Now the manufacturer's site will be web-accessible but your data will be mixed in with that of a million others. The manufacturer's site theoretically could be hacked and told to cause every machine that calls in to change something, but why would anyone bother?
Useful links
Download OSCAR (current version is 1.5.1)
Best way to organize charts
How to attach charts to your post

Apnea Board Monitors are members who help oversee the smooth functioning of the Board. They are also members of the Advisory Committee which helps shape Apnea Board's rules & policies. Membership in the Advisory Members group does not imply medical expertise or qualification for advising Sleep Apnea patients concerning their treatment.
Post Reply Post Reply
#26
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
(07-05-2021, 06:41 PM)Crimson Nape Wrote: They are not connected to the internet.  The manufacturers use a subscription cellular service that requires the machine's serial number for the connection to complete.   Since you can't get a loan based on your CPAP data, what would justify the time and effort for one's sleep data settings?

The challenge is all the incentive they need. Either way still needs to have IP. Which means it can be scanned and services found.
Post Reply Post Reply
#27
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
God i need another coffee. Didn't see the cellular service part.

Ok so had a look. New models can use wifi, bluetooth and cellular.

So the wifi and bluetooth components could be hacked.
Post Reply Post Reply
#28
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
(07-05-2021, 07:25 PM)GuyScharf Wrote: They cannot take incoming calls.

If not, I'm not sure how the DME's tech loaded my Rx to the new AirSense 11. Out-of-the-box, it was set to 5-20cm; now it's at my Rx of 8-12cm. 

-Jeff
Post Reply Post Reply
#29
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
(07-05-2021, 08:44 PM)jprestonian Wrote: If not, I'm not sure how the DME's tech loaded my Rx to the new AirSense 11. Out-of-the-box, it was set to 5-20cm; now it's at my Rx of 8-12cm. 

-Jeff

Your tech made a change to your settings, this did *NOT* result in an immediate update to your device.

The settings the tech changed updated files on ResMed's servers.
The next time your device connected to ResMed servers, it uploaded your therapy data, then checked to see if there were any updates for it. There were, so it applied the changes.

At no time did your tech or anybody interactively connect to your machine.
Post Reply Post Reply
#30
RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely?
(07-06-2021, 09:02 AM)Dog Slobber Wrote: Your tech made a change to your settings, this did *NOT* result in an immediate update to your device.

The settings the tech changed updated files on ResMed's servers.
The next time your device connected to ResMed servers, it uploaded your therapy data, then checked to see if there were any updates for it. There were, so it applied the changes.

At no time did your tech or anybody interactively connect to your machine.

That may be the case, but if so, the tech was able to push that "call home" command, 'cause it changed in seconds  while we were on the phone together. It didn't happen during the "normal" noonish schedule where the PAP reports to the mothership, as the telemedicine set-up appointment was at 2 p.m., and we were several minutes late getting started, as one tech had passed me off to another before I even got called. It seems feasible that perhaps the PAP checks in more frequently if it's still set at the default pressure range, of course.  

Receiving packets across a cell network which cause a near-instantaneous change on the device may not be "interactive," but it's not something I've seen done until now, with the AirSense 11.

-Jeff
Post Reply Post Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Feel like my CPAP machine is killing me jimbob123 1 87 Yesterday, 05:42 AM
Last Post: Rich66
  Need help new on CPAP machine Jimasripper 10 305 03-22-2024, 03:08 PM
Last Post: Jimasripper
  Ready to buy CPAP machine NewlyDiagnosed 29 624 03-21-2024, 01:42 PM
Last Post: NewlyDiagnosed
  UARS diagnosis? No improvements on CPAP. What Bilevel machine to get and where? empiricismandstatistics 8 199 03-21-2024, 04:29 AM
Last Post: empiricismandstatistics
  Is a travel CPAP machine worth it? BobbieM 21 5,733 03-14-2024, 01:55 PM
Last Post: tommystix
  New to CPAP- Need advice on purchasing a machine JuanSiesta 4 366 02-14-2024, 09:31 PM
Last Post: JuanSiesta
  [CPAP] Newby not sure if CPAP is the right machine for me tcinoz 24 1,291 02-13-2024, 08:13 PM
Last Post: tcinoz


New Posts   Today's Posts


About Apnea Board

Apnea Board is an educational web site designed to empower Sleep Apnea patients.