SoylentNews

Johnson & Johnson Issues Security Warning About Insulin Pump

posted by janrinok on Wednesday October 05 2016, @01:08PM   

takyon writes:

Johnson & Johnson has issued a security warning about one of its products:

Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.

Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.

---

Original Submission

• Criminal negligence Criminal negligence (Score: 3, Insightful) by Arik on Wednesday October 05 2016, @02:13PM

  by Arik (4543) on Wednesday October 05 2016, @02:13PM (#410597) Journal

  "it might be possible to take control of the pump via its an unencrypted radio frequency communication system"
  "Getting too high or too low a dose of insulin could severely sicken or even kill."
  
  So they made a device that they know can kill you, and rigged the controls using cleartext radio transmissions?
  
  When are people going to jail for this?
  

  --
  If laughter is the best medicine, who are the best doctors?

  Starting Score:	1		point
  Moderation		+1
  Insightful=1, Total=1
  Extra 'Insightful' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Re:Criminal negligence Re:Criminal negligence (Score: 2) by FatPhil on Wednesday October 05 2016, @02:53PM

  by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Wednesday October 05 2016, @02:53PM (#410625) Homepage

  But what, you have to ask, is an unencrypted radio frequency that makes it different from any other radio frequency? Confusing the channel and the payload, methinks.
  
  Anyway, I've got to jump in my old car and drive on the non-ABS motorway home.
  Where I'll boil me a nice cuppa coffee using my caffeine-free kettle.

  --
  Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

  Parent

  • Re:Criminal negligence (Score: 2) by Arik on Wednesday October 05 2016, @03:44PM

    by Arik (4543) on Wednesday October 05 2016, @03:44PM (#410655) Journal

    "But what, you have to ask, is an unencrypted radio frequency "
    
    Funny, but there's a more charitable way to parse it.
    
    "via its an unencrypted radio frequency communication system"
    
    So I read 'unencrypted' and 'radio frequency' as separate adjectives modifying 'communication system' rather than reading 'unencrypted' as modifying 'radio frequency' - either being possible I would choose the one that makes sense.
    
    The 'an' is completely out of place no matter how I parse though.

    --
    If laughter is the best medicine, who are the best doctors?

    Parent

• Re:Criminal negligence (Score: 2) by DannyB on Wednesday October 05 2016, @04:11PM

  by DannyB (5839) on Wednesday October 05 2016, @04:11PM (#410673) Journal

  You know, they could just build the device with reasonable safeguards.

  No wireless command can cause the pump to inject more than XX units of insulin per YY unit of time. To do that you need to use the keypad on the pump.

  That would be sort of like an IoT thermostat being commanded to lower the temperature to 20 °F so the pipes freeze. Or heat the house to 110 °F in summer. Maybe the user should be able to set some sane limits on the thermostat which limit what IoT commands can actually do.

  --
  The lower I set my standards the more accomplishments I have.

  Parent