Stories
Slash Boxes
Comments

SoylentNews is people

Johnson & Johnson Issues Security Warning About Insulin Pump

posted by janrinok on Wednesday October 05 2016, @01:08PM   Printer-friendly

takyon writes:

Johnson & Johnson has issued a security warning about one of its products:

Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.

Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Johnson & Johnson Issues Security Warning About Insulin Pump | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by Snow on Wednesday October 05 2016, @03:04PM

    by Snow (1601) on Wednesday October 05 2016, @03:04PM (#410629) Journal

    I think it's pretty obvious why wireless is the preferred option here. Unless you want a micro-USB port sticking out of your body (there is a docking joke in there somewhere...). Leaving it unencrypted is pretty negligent though...

    Starting Score:    1  point
    Moderation   0  
       Insightful=1, Overrated=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday October 05 2016, @03:12PM

    by Anonymous Coward on Wednesday October 05 2016, @03:12PM (#410633)

    Unless you want a micro-USB port sticking out of your body

    Obligatory XKCD [xkcd.com]

  • (Score: 2) by mcgrew on Wednesday October 05 2016, @04:56PM

    by mcgrew (701) <publish@mcgrewbooks.com> on Wednesday October 05 2016, @04:56PM (#410701) Homepage Journal

    The pump isn't inside the body. I think you need some more coffee. It's a PUMP that injects insulin. If the whole thing were installed inside your body, how would you refill or recharge it? Of course it has some sort of jack or plug to recharge the battery, and I'll bet it's a USB port.

    There is ZERO reason to have these things in any way hackable. Putting bluetooth in them was idiotic. If there's no reason to have a device on a network, KEEP IT OFF THE NETWORK.

    --
    Carbon, The only element in the known universe to ever gain sentience

    • (Score: 2) by Snow on Wednesday October 05 2016, @05:12PM

      by Snow (1601) on Wednesday October 05 2016, @05:12PM (#410715) Journal

      Ahh, good call. I didn't actually click the link or anything, but what you say makes perfect sense.

      -- Snow

    • (Score: 2) by PocketSizeSUn on Wednesday October 05 2016, @06:30PM

      by PocketSizeSUn (5340) on Wednesday October 05 2016, @06:30PM (#410755)

      There are both kinds of drug pumps. Implanted and external.
      Most of the insulin ones are external (The ones I've seen look like a pager attached to a belt) with a fixed drip line (that also has it's own issues).

      For the implanted pump the reservoir is usually refilled with a needle. Not sure about external pumps.

  • (Score: 2) by Runaway1956 on Wednesday October 05 2016, @05:39PM

    by Runaway1956 (2926) Subscriber Badge on Wednesday October 05 2016, @05:39PM (#410730) Homepage Journal

    Let me think about this for just a moment . . . .

    They are sticking some foreign object into your body already, right? Just how difficult would it be to put a jack into your body, with which to connect to the device? I mean - there you have the body, insert part A, and part B on a trailing tail. Need it be USB? How about at least micro-USB? I'm not into medicine, really, but where does that first implant go? Somewhere in the trunk of the body, I suppose. Wonder how irritating a micro-USB would be sitting in your navel?

    What I think is, not enough crazy people are thinking outside the box here. You certainly don't want everything you rely on to be connected wirelessly to the great IOT. That's just insane.

    --
    Hail to the Nibbler in Chief.

    • (Score: 2) by HiThere on Wednesday October 05 2016, @06:58PM

      by HiThere (866) on Wednesday October 05 2016, @06:58PM (#410767) Journal

      The traditional answer was a device that requires a magnetic (I think) induction loop to be placed ON the body and held in position while adjusting the device. This is certainly the approach used by my wife's pacemaker. No USB port but also no distance adjustment. Even for an external device this would have it's points, as it would avoid jostling what must be a sensitive connection. (I've had USB ports that required considerable force to use.)

      But wireless?!? That's just insane. And unencrypted wireless? They must WANT the devices to be compromised.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.