Security Alerts & News
by Tymoteusz A. Góral

History
#1546 Our insulin pumps could be hacked, warns Johnson & Johnson
The Animas OneTouch Ping insulin pump contains vulnerabilities that could be exploited by a malicious attacker to remotely trigger an insulin injection.

Security researcher Jay Radcliffe – who is himself a Type I diabetic – discovered the flaws and wrote about his findings.

What Radcliffe discovered was that there were security weaknesses in how the medical device communicated wirelessly. Specifically, a lack of encryption meant that instructions were being sent in cleartext. Combined with weak pairing between the remote and pump, this could open opportunities for remote attackers to spoof the controller and trigger unauthorized insulin injections.

If the user does not cancel the insulin delivery on the pump, there is the potential for an attacker to cause harm and potentially create a hypoglycemic reaction.

Although the risk of widespread exploitation of the flaws is considered relatively low, and no-one should panic, Animas’s parent company Johnson & Johnson has issued an advisory to users of the insulin infusion pump:
Read more
#1551 Boy, 12, gets €100k bill from Google after confusing Adwords with Adsense
#1550 Enabling on-body transmissions with commodity device (PDF)
#1549 FastPOS updates in time for the retail sale season
#1548 Unmasking Tor users with DNS
#1547 Facebook rolls out opt-in encryption for 'secret' Messenger chats
#1546 Our insulin pumps could be hacked, warns Johnson & Johnson
#1545 Feds accuse two 19-yo of hacking for Lizard squad and PoodleCorp
#1544 This new Mac attack can secretly monitor your webcam, microphone
#1543 Why the latest Windows 10 cumulative update is failing and how you can recover
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12