Insulet Omnipod
Monitor7.3ICS-CERT ICSMA-20-079-01Mar 19, 2020
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Omnipod Insulin Management System (UDI ZXP425, ZXR425; Product ID 19191, 40160) contains a vulnerability in its wireless RF communication that allows attackers within physical proximity to intercept, read, and modify communications between the pump and remote control devices. Successful exploitation could allow an attacker to change insulin delivery settings, interfere with bolus commands, or read sensitive patient data. The vulnerability is exploitable only through physical proximity and does not require authentication. Insulet has not released a firmware patch and recommends patients discuss switching to newer models with enhanced cybersecurity with their healthcare provider.
What this means
What could happen
An attacker with physical proximity could intercept and modify wireless communications with the insulin pump, potentially changing insulin delivery settings or blocking legitimate commands, which could result in dangerous over- or under-dosing of insulin.
Who's at risk
Patients using the Insulet Omnipod Insulin Management System (UDI/Model ZXP425 10-Pack, ZXR425 10-Pack Canada, Product ID/Reorder 19191 and 40160). Healthcare facilities and clinics that manage these pumps for patients should be aware of the wireless security weakness and counsel patients accordingly.
How it could be exploited
An attacker must be physically close to the pump to intercept and manipulate RF (radio frequency) wireless signals between the pump and its remote control or infusion set. The attacker could then send unauthorized commands to alter insulin delivery parameters or read sensitive patient data transmitted wirelessly.
Prerequisites
- Physical proximity to the affected Omnipod pump (within RF range)
- Ability to transmit/receive on the pump's RF frequency
- No authentication or credentials required to conduct the attack
No patch available (end of life)Affects medical/safety systems (insulin delivery)Low attack complexityPhysical proximity required (reduces risk but does not eliminate it)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
Omnipod Insulin Management System: UDI/Model/NDC number ZXP425 (10-Pack) and ZXR425 (10-Pack Canada)UDI/Model/NDC number ZXP425 (10-Pack) | ZXR425 (10-Pack Canada)No fix yet
Omnipod Insulin Management System: Product ID/Reorder number 19191 and 40160Product ID/Reorder number 19191 | 40160No fix yet
Remediation & Mitigation
0/7
Do now
0/6HARDENINGContact your healthcare provider to discuss the security risks and evaluate whether switching to the latest Omnipod model with improved cybersecurity protections is appropriate.
WORKAROUNDMaintain tight physical control of the pump and any devices connected to it; do not allow the pump to be left unattended in public or shared spaces.
WORKAROUNDDo not connect unauthorized third-party devices or software to the pump; use only Insulet-authorized remote controls and communication devices.
WORKAROUNDMonitor pump notifications, alarms, and alerts closely for any unexpected messages or activity changes.
WORKAROUNDImmediately cancel any unintended or suspicious insulin bolus commands and verify they match your scheduled therapy.
HARDENINGEstablish frequent blood glucose monitoring schedule to detect unexpected changes in insulin delivery; seek immediate medical attention if you suspect pump settings or delivery have been altered.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGRestrict access to the pump and related devices to the patient and authorized healthcare personnel; apply least privilege access principles.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e82a168c-0723-4f4f-88df-b0fe5869a46d