Johnson & Johnson Discloses That Its Insulin Pump Is Hackable

An anonymous reader quotes a report from The Stack: Johnson and Johnson has revealed that its JJ Animas OneTouch Ping insulin pump is vulnerable to hackers, who could potentially force the device to overdose diabetic patients -- however, it declares that the risk of this happening is very low. Unnamed executives from the American multinational medical manufacturer said that they were taking the unprecedented step of warning customers about the vulnerability, particularly in light of recent controversies regarding attack vectors in cardiac equipment. In a letter to doctors and 114,000 patients, sent on Monday, the company wrote: "The probability of unauthorized access to the OneTouch Ping system is extremely low... It would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network." Even though the company's own technicians were able to hack the pump within a distance of 25 feet, Johnson and Johnson's chief medical officer Brian Levy observed that the hack would be extremely difficult to pull off, and said "We believe the OneTouch Ping system is safe and reliable. We urge patients to stay on the product."

The gauntlet has been thrown

Now people will hack into these just to prove they can. How many have to die because of J&J being cheap and not fixing them?

Re:The gauntlet has been thrown

[Mr+D+from+63]

Pretty much anything is hackable if you can get your hands on it. Considering the proximty and time required for a successful hack, the hacker would stand a high risk of being caught and charged with murder or attempted murder. So if one is smart enough to do it they're probably smart enough to not even try.

Re:The gauntlet has been thrown

[PCM2]

Yikes! I wonder if that's a line-of-sight thing or if you could just drop every diabetic in a 2km range ... you know, for plausible deniability.

Re:The gauntlet has been thrown

[Guy+Harris]

Yikes! I wonder if that's a line-of-sight thing or if you could just drop every diabetic in a 2km range

Only if every diabetic within range of your hacking device is using an insulin pump that your device can hack. Not all diabetics are on insulin, not all diabetics on insulin use insulin pumps, and not all diabetics using insulin pumps are all using the same model with similarly-hackable firmware.

Re:The gauntlet has been thrown

[Aaden42]

I wouldn't be so sure. Consider what evidence is left on a device that's been hacked remotely. (I don't know at all, just speculating of course.)

What if a hacked command to send a lethal overdose looks exactly like the user pressing the buttons to deliver the same dose? Any legal risk minded investigation team is going to be falling over themselves to label that either an "accidental" overdose or perhaps even a suicide rather than let it go down as a security issue in their device that allowed someone to murder the user at a distance by twiddling some buttons. My (cynical) guess would be if the security of an embedded device is such that it can take unauthorized commands over the wire, odds are pretty good it's not going to successfully audit what happened in any meaningful way.

If it happened en mass, sure. People would put it together, and we'd get a Made for Lifetime movie about the intrepid hero who wouldn't accept the party line and pushed through to discover the horrible truth... Or somesuch drek... But one or two, here & there? We've all seen the bit about automotive recalls at the beginning of that movie we don't talk about, right?

Re:Do Trump AND Hillary use it?

[HiThere]

Not really. Have you even looked at the VP candidates.

Re:yes, no and kinda

[amiga3D]

Well, it gets the reading remotely from the blood glucose meter and calculates the dose. It then displays the amount of insulin for the bolus delivery. You look at it and generally, if you've been using a pump or doing injections you know about what range you usually end up taking. If it's off a lot it should be obvious as long as you're actually alert. When it comes to things like that being observant is important.