One of Johnson & Johnson’s insulin pumps could be hacked to overdose diabetic patients, the company has warned patients.

The company sent a letter to patients warning of a security vulnerability, though it described the risk as low, according to Reuters.

It’s another example of the potential of the Internet of Things to come under attack. Possibilities include the potential for digitized weapons to be controlled by hackers, and more recently there has been speculation about the possibility connected vibrators getting controlled.

A threat or a possibility?

The warning is less of a threat than it is a caveat emptor. According to Reuters, which broke the story, J&J are merely telling users of the Animas OneTouch Ping insulin pump – 114,000 in the U.S. – that a hack is possible, rather than they have a tip-off the devices are under attack.

The article states that this is the first time a medical company has released a statement warning users about cyber vulnerabilities. The government, however, has in the past issued such warnings. In 2013 the FDA said that more than 300 products were at risk from cyber-attack including, “Insulin pumps, implantable cardioverter defibrillators, anesthesia devices, drug infusion pumps, ventilators, and pacemakers.”

Understandably, hacking a device that keeps you alive is something a user should be worried about. Lately a report talked about the possibility of “catastrophic” attacks on pacemakers and defibrillators, but so far such deadly attacks have been nothing more than simulations. One such simulation involved the now deceased (some say murdered) hacker Barnaby Jack killing a mannequin by hacking its wireless insulin pump.

Concerning the J&J pump, Reuters reported that a cyber-security researcher had found a way to hack the pump in question, after which he published his findings on his blog. The researcher, Jay Radcliffe, told Reuters, “The system is vulnerable because those communications are not encrypted, or scrambled, to prevent hackers from gaining access to the device.”

Radcliffe is now working with J&J to diminish the threat of attacks.

Photo credit: photopin cc