Apnea Board Forum - CPAP | Sleep Apnea
Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - Printable Version

+- Apnea Board Forum - CPAP | Sleep Apnea (https://www.apneaboard.com/forums)
+-- Forum: Public Area (https://www.apneaboard.com/forums/Forum-Public-Area)
+--- Forum: Main Apnea Board Forum (https://www.apneaboard.com/forums/Forum-Main-Apnea-Board-Forum)
+--- Thread: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? (/Thread-Has-Anyone-Experienced-Malicious-Hacking-of-Their-CPAP-Machine-Remotely)

Pages: 1 2 3 4


Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - ThermPro - 06-29-2021

All of the machines have a modem, so they all could be hacked for some unpleasant results. I was just wondering if anyone had ever noticed this phenomenon. I realize I am new to this board but have been a member of another apnea board of which I left a while ago. I did not like how their board was operated.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - OpalRose - 06-29-2021

No, never heard of a situation where there was "malicious" hacking of your Cpap. Have you experienced this?

Now your Doctor or DME can access your data and also change settings on your machine. That's not hacking, that's just what they do... if you let them.

BTW, Welcome to Apnea Board!


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - ThermPro - 06-29-2021

(06-29-2021, 07:06 AM)OpalRose Wrote: No, never heard of a situation where there was "malicious" hacking of your Cpap.  Have you experienced this?

Now your Doctor or DME can access your data and also change settings on your machine.  That's not hacking, that's just what they do... if you let them.

BTW, Welcome to Apnea Board!

That is not what I am talking about. I was well aware they can do that. I am talking about someone changing the air pressure in real time while you sleep on a machine without changing the numbers set by your doctor. This way you would never know. I have been using a cpap for over 2 1/2 years now and lately no matter what I did the air pressure would spike all the way up to the machines max several times a night and then drop back down. I use OSCAR so I look at my charts everyday. I had a gut feeling that my apneas did not take that kind of pressure to clear. I thought it was a possibility that someone could be manipulating the pressures that had illegal access to my machine through the modem. I am a computer geek and hacking a mac address on a modem is pretty easy if you know how. The hacker would have full control why you sleep. So, I tested my theory. First night I put the machine in airplane mode which means the modem cannot be connected too. For the 1st night in years the big spikes in pressure simply disappeared. Instead of pressures hitting 18-20 the highest it went was 11! The next day I took apart the cpap machine and disconnected the modem from the circuit board permanently. I also build computers, so this was easy for me. After that was done, the large spikes magically disappeared. For a straight week now the pressure has not even topped 11. Mind you every night before that the pressures for the past two years spiked into the 16-20 range. Now they are gone. What conclusion would you come too?


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - Crimson Nape - 06-29-2021

Based on your description, you may be experiencing flow limitations from your sleeping position. Resmed CPAPs increase pressure in an attempt to overcome flow limitations. If the pressure feels excessive, I would recommend that you lower the maximum pressure. This is a more plausible than someone hacking the settings.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - OpalRose - 06-29-2021

Crimson Nape is correct, that is the exact answer I had for you. Flow Limitations will and can drive your pressure up to whatever maximum you set.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - ThermPro - 06-29-2021

(06-29-2021, 09:28 AM)Crimson Nape Wrote: Based on your description, you may be experiencing flow limitations from your sleeping position.   Resmed CPAPs increase pressure in an attempt to overcome flow limitations.   If the pressure feels excessive, I would recommend that you lower the maximum pressure.  This is a more plausible than someone hacking the settings.

Thanks. I did not understand the concept of flow limitations until now. I will still leave the modem unplugged because I own my machine and know how to enable administrative mode. If anyone wants the data, they will have to use my sd card and ask me for it. This way my information is private to me.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - factor - 06-29-2021

If you registered your machine ResMed collects your data.  I have never had anyone connect to my device that I know of.  I have my modem in Airplane mode.  Have not disconnected it yet.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - SarcasticDave94 - 06-29-2021

I would think that if somebody has knowledge to hack into anything of yours, it would be your banking information. They can claim your money. But to modify EPR or Max pressure to make you endure higher CPAP pressures probably not. Well OK maybe they're after your life insurance policy payout and are going to kill you off by high Apnea. Nah.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - Dog Slobber - 06-29-2021

ResMed devices cannot be connected to interactively. They aren't addressable.

Settings are not changed remotely by anybody calling your machine's "cell number" and then looking around and changing things.

ResMeds are remotely changed by clinicians using ResMed's Airview Remote Assist software, providing the changes, the settings are then stored on a ResMed server in the cloud. The settings will then be applied to the target machine when it connects to ResMed, typically after a session or at start time.

This is why there can be a delay before applying changes to a device. 

Security is applied by:
  • Needing access to the software
  • Authenticating
  • Limiting access to only devices associated with an clinician accounts

Your machines are not sitting around on the cell network, waiting for a cracker to telnet in and hack them.


RE: Has Anyone Experienced Malicious Hacking of Their CPAP Machine Remotely? - JJJ - 06-29-2021

This discussion has demonstrated that it is highly unlikely that anyone would hack an individual's PAP machine. I have to ask, why would someone do that? Even if you're a billionaire, they couldn't blackmail you into giving them money to restore your PAP to you - you'd just pick up the phone and order a new one.

But I am thinking of criminals, like those people who recently hacked into a US oil pipeline and demanded ransom of several millions. But if they hack into my machine, I'm pretty small fish. On the other hand, what if they can hack simultaneously into the machines of half a million users, and then demand ransom from the manufacturer to release the machines. Now, that might motivate a gang of criminals. So my question is, how connected are all our machines?

Personally, one of the first things that I did when I got my Dreamstation was remove the modem. I wasn't worried about being hacked; I just didn't want my care provider to have access. I mentioned this once to the provider's assistant, and her response was 'we've got 20,000 patients, like where would we have the time to check on anyone's machine?'

But I'm still a tiny bit worried that someone might be able hack all the machines at once.