A Boston-based cyber security company has discovered a security vulnerability in Johnson & Johnson’s Animas OneTouch Ping insulin pump that could be exploited to overdose a diabetic patient with insulin.
The security flaw of the J&J’s insulin pump was discovered by Jay Radcliffe, a diabetic and researcher at the cyber security firm Rapid 7 Inc. According to theanalysis report of Radcliffe, the insulin pump system is using cleartext communication, instead of encrypted communication, in its propriety wireless management protocol. Due to this, a hacker with the right tools could remotely attack and spoof the Meter Remote and trigger unauthorized insulin injections.
Furthermore, the communication between the pump and the remote have no sequence numbers, time stamps or any other forms of defense against replay attack, making it possible for attackers to capture the transmission and replay them later to inject a dose of insulin without the knowledge of the user. For the full article click here
from hacker samurai http://ift.tt/2dsZCru
via IFTTT
No comments:
Post a Comment