Death By Radio: Insulin Infusion Pump Control Can Be Hacked

Just a few days ago I blogged about the danger of unsecured IoT devices for internet communication and services. Today there are news of direct danger for users life. The US medical supplier Animas, a daughter company of Johnson & Johnson, issued a warning about a potential safety/security issue. Their insulin infusion pump “OneTouch Ping” has a radio remote control that allows the user to adapt the insulin issuing to the actual food amount. Just, this radio control uses unencrypted communication, allowing an attacker to send false insulin release commands to the pump. Too low blood sugar levels due to too much insulin can result in coma and then death of the patient. All that the attacker requires is an off-the shelf radio transceiver, the six-digit serial number of target insulin infusion pump and being in radio distance to the target. Well, you better don’t have a committed enemy if you use a OneTouch Ping.

And if you design or produce any connected devices, you better care about safety and security because there is no safety without security. SYSGO’s products and services can help you with both.

Further background links:
Heise (German language)
Healthline
Animas