Johnson & Johnson notifies patients of insulin pump vulnerability

By Shawn Knight ยท 4 replies
Oct 5, 2016
Post New Reply
  1. Most security vulnerabilities lead to situations that are classified as more of an inconvenience than anything else. In other instances, however, an exploited flaw can be far more dangerous and potentially even fatal.

    Johnson & Johnson recently learned of one such vulnerability affecting its Animas OneTouch Ping insulin pump (Johnson & Johnson purchased Animas in 2006) and has sent letters (PDF) informing doctors as well as the approximately 114,000 patients that currently use the device of the issue.

    Animas said in the letter that a nefarious individual could potentially gain unauthorized access to the pump through its unencrypted radio frequency communication system. The probability of unauthorized access is extremely low, the company said, adding that it would require technical expertise, sophisticated equipment and proximity to the pump (within a distance of 25 feet or less) as it isn’t connected to the Internet or any external network.

    The company further pointed out that the system has multiple safeguards in place to protect its integrity and prevent unauthorized action. Users that are concerned can disable the pump’s radio frequency feature although this means they would have to manually enter blood glucose readings on the pump.

    Furthermore, users can program the pump to limit the amount of insulin that can be delivered and activate a vibrating delivery alarm that will notify the user each time a dose is being administered.

    Neither Johnson & Johnson nor the FDA have found any evidence that would suggest hackers have exploited the vulnerability in the wild.

    Permalink to story.

  2. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    Hopefully proximity and surveillance will help keep them from trying.

    An attack could be performed autonomously if you know where someone would be so this is still a potentially really nasty problem.
    Reehahs likes this.
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 3,355   +2,005

    I would think if Hilary or Donald were diabetic there would be a real threat .... but for the average Joe, why bother? Considering the kinds of code I've seen in similar devices, they should be able to encript this fairly quickly, as long as they can further safeguard more hacking ...... wishful thinking?
  4. Reehahs

    Reehahs TS Guru Posts: 575   +316

    Some people just want to watch the world burn. Nasty competitors of Johnsons^2 could encourage sabotage.
  5. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 747   +357

    It has no connection to an external network. It's saving grace is also it's failing in the particular case you bring up: they have no way to push software updates to it. They would have to recall them in order to update them, and this doesn't sound severe enough to warrant that. Instead, they can just replace them with fixed versions if someone has concern or as the pumps need to be replaced.
    Reehahs likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...