Johnson & Johnson has issued a security warning about one of its products:
Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.
Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.
(Score: 2) by HiThere on Wednesday October 05 2016, @06:58PM
The traditional answer was a device that requires a magnetic (I think) induction loop to be placed ON the body and held in position while adjusting the device. This is certainly the approach used by my wife's pacemaker. No USB port but also no distance adjustment. Even for an external device this would have it's points, as it would avoid jostling what must be a sensitive connection. (I've had USB ports that required considerable force to use.)
But wireless?!? That's just insane. And unencrypted wireless? They must WANT the devices to be compromised.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.