Johnson & Johnson’s (J&J) subsidiary Animas has alerted its customers over the cybersecurity issue with the OneTouch Ping insulin infusion pump.
The company informed that it has investigated the cybersecurity issue and worked with the appropriate regulatory authorities and security experts to solve the issue.
Animas also said that the probability of unauthorized access to the One Touch Ping system is very low, as it will not be connected to the internet or to any external network.
The system also features various safeguards to protect its integrity and prevent unauthorized action.
OneTouch pump’s radio frequency feature can be turned off to avoid the unauthorized access, while meter remote feature can be used to limit the amount of bolus insulin that can be delivered.
In addition, the firm noted that the bolus delivery alert and the customizable limits on bolus insulin can only be enabled on the pump and cannot be altered by the meter remote.
OneTouch Ping is a two-part system, which communicates wirelessly to deliver insulin. The two devices communicate in the 900mhz band using a proprietary management protocol.
It uses cleartext communications rather than encrypted communications in its proprietary wireless management protocol.
Rapid7 researcher Jay Radcliffe observed that a remote attacker can spoof the meter remote and trigger unauthorized insulin injections due to the lack of encryption.