Johnson & Johnson Warns Insulin Pump Can be Hacked
For the first time ever, Johnson & Johnson, maker of medical devices, has issued a warning about a potential computer security flaw in a consumer product.
On Tuesday, Oct. 4, Johnson & Johnson issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump, which allows users to order the pump to give them a dose of insulin via a wireless remote control.
Computer security firm Rapid 7 found that it might be possible to take control of the pump remotely through its unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. If a person was to remotely hack an insulin pump, they could give a dose of insulin too high, or too low that could sicken the patient or even kill them.
To hack into the OneTouch Ping system, someone would need to use a radio frequency monitor to detect the pump and then decide which of 16 possible channels it is transmitting on. They could then record a command to deliver more insulin to the patient through the pump. The person could potentially send the command over and over, resulting in a very high dosage of insulin.
The hacker would need to be within 25 feet of the device in order for this process to work.
Johnson & Johnson made it clear that there have been no instances of pumps being hacked, and the danger to the patients is extremely low.