1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New insulin pump flaws highlights security risks from medical devices

Discussion in 'CSO' started by RSS, Oct 5, 2016.

  1. RSS

    RSS New Member Member

    Medical device manufacturer Animas, a subsidiary of Johnson & Johnson, is warning diabetic patients who use its OneTouch Ping insulin pumps about security issues that could allow hackers to deliver unauthorized doses of insulin.

    The vulnerabilities were discovered by Jay Radcliffe, a security researcher at Rapid7 who is a Type I diabetic and user of the pump. The flaws primarily stem from a lack of encryption in the communication between the device's two parts: the insulin pump itself and the meter-remote that monitors blood sugar levels and remotely tells the pump how much insulin to administer.

    The pump and the meter use a proprietary wireless management protocol through radio frequency communications that are not encrypted. This exposes the system to several attacks.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page