Animas OneTouch Ping Insulin Pump Vulnerabilities

Monitor6.5ICS-CERT ICSMA-16-279-01Jul 9, 2016

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Animas OneTouch Ping insulin pump system uses unencrypted wireless communications between the pump and its remote control device. An attacker with a compatible wireless receiver can intercept, eavesdrop on, and potentially modify insulin delivery commands without any form of authentication or encryption. This affects all versions of the pump with no vendor fix planned.

What this means

What could happen

An attacker within wireless range of the pump could intercept unencrypted wireless communications and read patient insulin dosing data or modify insulin delivery commands, potentially causing incorrect medication doses.

Who's at risk

Healthcare facilities, hospitals, home health providers, and individual patients using the Animas OneTouch Ping insulin pump system. This affects both in-patient settings (hospitals, clinics) and out-patient/home care where patients self-manage diabetes with this wireless pump.

How it could be exploited

An attacker with a wireless receiver positioned within range of the pump's proprietary 2.4 GHz frequency can passively intercept the unencrypted communication between the pump and its remote control. By capturing and replaying wireless packets, the attacker could modify insulin delivery commands or extract sensitive patient data.

Prerequisites

Wireless receiver capable of operating on the pump's proprietary 2.4 GHz frequency
Physical proximity to the pump (within wireless communication range, typically 5-10 meters)
No authentication credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systemsunencrypted wireless communications

Exploitability

Moderate exploit probability (EPSS 3.2%)

Affected products (1)

ProductAffected VersionsFix Status

OneTouch Ping insulin pump system: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDLimit wireless transmission range by keeping the insulin pump and remote control in close physical proximity during operation

WORKAROUNDMinimize use of wireless remote control features; use manual pump controls when possible to avoid radio frequency transmission

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXKeep the pump firmware and companion devices up to date with any available security patches

Mitigations - no patch available

0/1

OneTouch Ping insulin pump system: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGEducate patients and caregivers on the risks of using the device near environments with radio frequency equipment or high wireless density

CVEs (3)

CVE-2016-5084 CVE-2016-5085 CVE-2016-5086

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ea262981-3060-41cd-997d-64cf6c2726be