OneTouch insulin pump by the company “Animas” contains vulnerabilities that a malicious attacker can exploit to trigger an insulin injection remotely.
Jay Radcliffe a security researcher, and a Type I diabetic patient discovered these flaws and wrote his findings.
Radcliffe discovered the security weaknesses in the wireless communication of the medical device. Specifically, because of lack of encryption, as the instructions send cleartext. The weak pairing of the pump and remote communication opens opportunities for attackers to force control and trigger insulin injections.
It arises the potential for an attacker to cause harm to the victims and potentially generates a hypoglycemic reaction if the user does not stop the insulin delivery on the pump.
However, the widespread exploitation of this flaw is relatively low, and people shouldn’t panic. Johnson & Johnson, the parent company of Animas, issued a precautionary advice to the users of the pump.
