Stories
Slash Boxes
Comments

SoylentNews is people

Johnson & Johnson Issues Security Warning About Insulin Pump

posted by janrinok on Wednesday October 05 2016, @01:08PM   Printer-friendly

takyon writes:

Johnson & Johnson has issued a security warning about one of its products:

Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.

Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Johnson & Johnson Issues Security Warning About Insulin Pump | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday October 05 2016, @04:14PM

    by Anonymous Coward on Wednesday October 05 2016, @04:14PM (#410677)

    Now go read up on the next article about those new French bank cards, Mr. Smarty-pants.

  • (Score: 0) by Anonymous Coward on Wednesday October 05 2016, @05:06PM

    by Anonymous Coward on Wednesday October 05 2016, @05:06PM (#410709)

    So, an authenticated device will have some algorithm that matches the insulin pump for authentication? I'm not sure where you're going with this, that system could still be sniffed and spoofed. Also, if I was using one of these I would still prefer that the commands be encrypted so that some bored hacker can't start playing around. 3 digit security shouldn't take too long to brute force, and I don't think disabling the device over bad connection attempts is acceptable in this case...

    I don't know how the French cards will handle that, but locking a bank account at least does not have immediate life and death consequences.

    • (Score: 1) by Scruffy Beard 2 on Wednesday October 05 2016, @08:17PM

      by Scruffy Beard 2 (6030) on Wednesday October 05 2016, @08:17PM (#410801)

      Tree words:
      Public key Encryption.

      It can be used to authenticate, without encrypting the actual data by encrypting a secure hash of the data.

      Useful if you are prohibited by law from encrypting the pay-load.