The new target of hackers could be insulin bombs

Link

Today the Johnson & AMP company;Johnson is issuing a safety alert to all users of the Animas Onetouch Ping insulin pump, which has been discovered that he has a vulnerability that could cause the insulin dose to be modified remotely and without the user finding out.

The Onetouch Ping Animas Bomba went on the market in 2008, among its advantages is the use of a wireless control that allows the user to adjust the insulin doses without having to access the device, which is almost always under the clothes.Today it is estimated that more than 114,000 users use this bomb daily only in the United States and Canada.

Jay Radcliffe, researcher at the computer security firm Rapid7 and Diabetic, discovered in April this year that communications between the bomb and command did not have any type of encryption, which could make any hacker with sufficient knowledge can haveAccess to this information and modify the dose remotely, which could put the patient's life at risk.

Radcliffe immediately informed J & Amp; J of the vulnerability of his device, and since then they have been working to solve it.The company ensures that the risks of suffering an attack are minimal, since extensive technical knowledge, sophisticated equipment and being less than 8 meters from the pump are required to intercept communications, since the pump does not connect to the Internet.However, vulnerability is there.

J & AMP; J has sent letters to all users of this pump where he assures them that the device is safe and can continue using it, however some recommendations are mentioned to not be the target of potential attacks, such as stop using command and programmingThe pump manually, since to encrypt communications, modifications are required in software programming, something that would require withdrawing all market devices to install the update, which represents money and time, so have decidedLeave it like this and only issue security recommendations

sherpa41 said:
Link

Today the Johnson & AMP company;Johnson is issuing a safety alert to all users of the Animas Onetouch Ping insulin pump, which has been discovered that he has a vulnerability that could cause the insulin dose to be modified remotely and without the user finding out.

The Onetouch Ping Animas Bomba went on the market in 2008, among its advantages is the use of a wireless control that allows the user to adjust the insulin doses without having to access the device, which is almost always under the clothes.Today it is estimated that more than 114,000 users use this bomb daily only in the United States and Canada.

Jay Radcliffe, researcher at the computer security firm Rapid7 and Diabetic, discovered in April this year that communications between the bomb and command did not have any type of encryption, which could make any hacker with sufficient knowledge can haveAccess to this information and modify the dose remotely, which could put the patient's life at risk.

Radcliffe immediately informed J & Amp; J of the vulnerability of his device, and since then they have been working to solve it.The company ensures that the risks of suffering an attack are minimal, since extensive technical knowledge, sophisticated equipment and being less than 8 meters from the pump are required to intercept communications, since the bomb does notIt connects to the Internet.However, vulnerability is there.

J & amp; J has sent letters to all users of this pump where he assures them that the device is safe and can continue using it, however some recommendations are mentioned to not be target of potential attacks, such as stop using thecommand and program the pump manually , since to encrypt communications, modifications are required in software programming, something that would require withdrawing all market devices to install the update, which represents money and time, byWhat have decided to leave it so and only issue security recommendations

To the first paragraph in bold would add ... and be a h.of p.To walk with something that depends on the health and life of that person.

As for the solution that the house has given (second paragraph in bold), I hallucinate.They do not plan to do anything, they are going to keep their arms crossed because it represents a lot of money.Naaada, who manage and do not use the command, that these diabetics are loose and bunns.It is as if I buy a car with the remote closure with the keys, stop working and they tell me that it is the same, that I continue to put the key in the lock

Joer, how whispered.But what end?To attempt against powerful people who carry the bomb?To steal them?Because you have to be very bastard to make a "trolley" to an insulin bomb ...

You have to look at the positive side, if it has a vulnerability, it means that the pump can be manipulated from an intelligent application to modify the insulin dose, ultimately a closed loop control, which does not become an artificial pancreas but it leavesapproaching.Today I know, only the Dana pump seems to be controlled for example from a mobile.

I control something as critical as a distance insulin pump I have never seen it clear.
It is equally dangerous as having a command for pacemaker.
As much as security is improved there will always be a risk and any manipulation or malfunction means tomb.

Come on, if it were for me or my son, he would only operate the pump manually, no matter how cool he would do with his mobile or similar.

I think how @Artorias right now the decisions about the bomb I like to take them, I do not like to act at your own risk, or stop or anything, I want to be the one who does it.When the MCG alarm sounds, take the timely decision or confirm whether or not the value is real.We do not currently have a totally reliable MCG to make these types of decisions, there have already been several cases of ketosis to stop a pump automatically as MCG values ​​are not real.

It's not how they paint it.You do not have to be a bastard to hack a device, you just have to unrefable to understand and learn and thanks to them, we will see an artificial pancreas of truth ... not the half pancreas with which Medtronic's mouth is filled.