Stories
Slash Boxes
Comments

SoylentNews is people

Johnson & Johnson Issues Security Warning About Insulin Pump

posted by janrinok on Wednesday October 05 2016, @01:08PM   Printer-friendly

takyon writes:

Johnson & Johnson has issued a security warning about one of its products:

Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.

Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Johnson & Johnson Issues Security Warning About Insulin Pump | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by butthurt on Wednesday October 05 2016, @03:24PM

    by butthurt (6141) on Wednesday October 05 2016, @03:24PM (#410641) Journal

    > WTF does an important health care device need a WIRELESS connection, to anything?

    One use is mentioned in the article: to "order the pump to give [...] a dose of insulin." For an insulin pump, I would suppose that is a key feature.

    > Way back in the earliest of the 1900's the army figured out that wired communications could be made secure, but wireless communications could not.

    Wires can be cut; wires can be tapped; wires can be seen; wires can be followed; misleading signals or damaging currents can be fed into wires or induced in them.

    The German military made limited use of frequency hopping for communication between fixed command points in World War I to prevent eavesdropping by British forces, who did not have the technology to follow the sequence.

    -- https://en.wikipedia.org/wiki/Frequency-hopping_spread_spectrum#Multiple_inventors [wikipedia.org]

    Spread-spectrum signals are highly resistant to deliberate jamming, unless the adversary has knowledge of the spreading characteristics. Military radios use cryptographic techniques to generate the channel sequence under the control of a secret Transmission Security Key (TRANSEC) that the sender and receiver share in advance.

    -- https://en.wikipedia.org/wiki/Frequency-hopping_spread_spectrum#Military_use [wikipedia.org]

    The subsequent paragraph on that page gives specific examples of military radio equipment. It's used not only by armies, but by navies as well.

    > Little has changed since.

    Right, apart from the transistor, the integrated circuit, the microprocessor, the ADC and DAC, digital electronics in general, information theory, block ciphers, error-correcting codes, radio communication is basically the same as it was in the 1930s.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3