Johnson & Johnson has issued a security warning about one of its products:
Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.
Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.
(Score: 3, Insightful) by Arik on Wednesday October 05 2016, @02:13PM
"Getting too high or too low a dose of insulin could severely sicken or even kill."
So they made a device that they know can kill you, and rigged the controls using cleartext radio transmissions?
When are people going to jail for this?
If laughter is the best medicine, who are the best doctors?
(Score: 2) by FatPhil on Wednesday October 05 2016, @02:53PM
Anyway, I've got to jump in my old car and drive on the non-ABS motorway home.
Where I'll boil me a nice cuppa coffee using my caffeine-free kettle.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Arik on Wednesday October 05 2016, @03:44PM
Funny, but there's a more charitable way to parse it.
"via its an unencrypted radio frequency communication system"
So I read 'unencrypted' and 'radio frequency' as separate adjectives modifying 'communication system' rather than reading 'unencrypted' as modifying 'radio frequency' - either being possible I would choose the one that makes sense.
The 'an' is completely out of place no matter how I parse though.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by DannyB on Wednesday October 05 2016, @04:11PM
You know, they could just build the device with reasonable safeguards.
No wireless command can cause the pump to inject more than XX units of insulin per YY unit of time. To do that you need to use the keypad on the pump.
That would be sort of like an IoT thermostat being commanded to lower the temperature to 20 °F so the pipes freeze. Or heat the house to 110 °F in summer. Maybe the user should be able to set some sane limits on the thermostat which limit what IoT commands can actually do.
The lower I set my standards the more accomplishments I have.