Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them.
Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America's medical drug watchdog the FDA also
issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps. These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis. It's a bizarre way to kill someone right by you, of course, when hitting them over the head with a wrench will do it, but you never know.
Medtronic said the recall
is voluntary, and has offered patients who send in their pumps replacement equipment: the newer MiniMed 670G models that do not suffer from the vulnerability, dubbed CVE-2019-10964. Those who cannot obtain a new pump for whatever reason are advised to avoid connecting their pump to any non-Medtronic devices and to unplug the CareLink USB device when not in use.
