Privacy News Insulin Pump Flaw Allows Hackers to Trigger Overdose

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Johnson and Johnson has disclosed a security vulnerability found within its insulin pumps that could allow hackers to overdose patients.

The issue involves the Animas OneTouch Ping insulin pump system, a popular but older pump with a blood glucose meter that services as a remote control via RF communication. That communication is not encrypted, and Rapid7 researchers were able to intercept messages and alter them to trigger the pump without a user’s knowledge.

“In order to prevent such instances from occurring, encrypted communication between any two endpoints is critical for medical devices, and all IoT devices,” said Aaron Lint, vice president of research for application security company, Arxan, via email.

The issue was responsibly disclosed and J&J is now notifying hospitals and patients of the issue. Users can avoid danger by disabling the radio functionality on the device via the set-up screen. Fortunately, the pump isn’t connected online, so this is purely an over-the-air concern.

Jay Radcliffe, security researcher at Rapid7 and Type I diabetic, urged patients not to panic:

“First, know that we take risks every day. We leave the house. We drive a car. We eat a muffin. We guess the amount of carbs. All entail risk. This research uncovers a previously unknown risk. This is similar to saying that there is risk of an asteroid hitting you, a car accident occurring or miscalculating the amount of insulin for that muffin you ate…These are sophisticated attacks that require being physically close to a pump. Some people will choose to see this as significant, and for that they can turn off the RF/remote features of the pump and eliminate that risk.”

Medical hacking that can kill is not a new idea—remember the pacemaker virus? Eve Maler, vice president, Innovation & Emerging Technology, ForgeRock, said via email that while the risk in this case is limited by this 2008 insulin pump's lack of internet "smarts," the news should be a big red flag for the industry.

Full Article. http://www.infosecurity-magazine.com/news/insulin-pump-flaw-allows-hackers/
 
L

Lucent Warrior

This is enough to make one want to commit their lives to hunting down Hackers that would even consider this, and bury them so deeply they have to have air piped to them.

This statement above provided by a user who's significant other is a stage 1 diabetic.
 
  • Like
Reactions: LabZero

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top