Statement from Animas about "pump hack"

Below you will find the statement I just received from the Director of\ Global Communications at Animas Corporation. It complements the post with a Q&A issued by Metronic Minimed yesterday.

The security and safety of our pumpers is of utmost concern to Animas. We have high levels of proprietary security measures in place for all our products, that meet and exceed industry requirements. To date, we are not aware of a single customer complaint or report claiming a security breach with our insulin pumps or wireless glucose management systems.

We are aware of Jerome Radcliffe’s study investigating security attacks on insulin pumps. We closely reviewed his study, which clearly states that the researcher was only able to “hack” into the insulin pump with knowledge of the pump and remote device’s serial numbers.

At Animas, the serial numbers of our products are considered “Personally Identifiable Information,” and as such are closely protected by our privacy policies and security. We protect or patients’ serial numbers with the same protocols we use to protect our patients’ names, social security numbers, and other personal information.

All Animas products and systems are built with encryption algorithms and proprietary radio frequency protocols designed to ensure pairing between a wireless device and pump, and to ensure the devices “speak” to one another in a secure manner. These proprietary algorithms are confirmed between the unique serial numbers of each device. (To ensure our products’ integrity and ability to prevent tampering, Animas cannot share the specific details of these protocols.)

Animas is confident that the security measures we have in place would make it extremely difficult to hack into our products utilizing third party technology.

Thank you again for allowing us to help educate our pumpers on this issue. We appreciate our customers’ trust in us and want to ensure our pumpers that we are committed to delivering the highest quality of products and services, that enhance quality of life.

Thanks Manny!

Wow! Never would I have guessed - or even thought - that such a predicament could happen. I am alarmed. However, my trusty Ping is in my pocket. Thank you for the notification! A. K. Buckroth.

so my question, when i read the original story by j. radcliffe, was this…who would want to kill diabetics, or make them seriously ill?
and my next question was…so the next time my BG is high or low, should i wonder if someone is out there f***ing with my pump?? i don’t think i have pissed anyone off enough lately that they would want to mess with my pump.
seriously, i have enough to worry about every day without adding something as ridiculous as this to the mix!!

I agree completely!!! Who would hack into an insulin pump??? and now all these diabetics who are naive ( no offense to them) who are one shots will never want a pump because it’s too dangerous haha. It’s kind of ridiculous to even do a study on

I'm very surprised that Animas would attempt to develop their own proprietory protocols. Security issues in wireless protocols are well understood and extremely well studied, but many people who are otherwise extremely capable have poor intuitions about security. The *well published* protocols such as bluetooth have, as a result of being well published, received expert scrutiny necessary for them to be truely secure.

Suppose Animas said, "We use a bluetooth, a well published protocol, and we use it with the highest security available. Once our devices have been paired, which always happens under the control of the user, we are confident our devices are secure." In that case I would not be writing this.

Animas's response, however, is seriously flawed; "to prevent tampering... Animas cannot share the specific details of these protocols." The only interpretation of that statement is that if someone knew the details the protocol would be compromised. That's not true of bluetooth (for example.)

Other details of their response create the distinct impression that they don't know what they are doing; the response implies that security relies on the serial number of the device being secret, that the term "extremely difficult" might impress people who do extremely difficult things as a matter of course (e.g. flatlining BG) and that their adherence to HIPAA somehow magically grants computer system security to their products.

While I agree with what you are saying jbowler I do not really care what Animas’ reply is. If someone wanted to spend the time and money figuring out how to hack my pump, even if Animas had a pump that cannot be hacked that same person will find a different way to do me harm.

That is my thought also - if someone wants you dead, they will find a way to do it.

At least part of the problem is that if they can’t do basic computer security, to the extent that they can’t even issue press releases that can be taken seriously (unlike Medtronic’s, which is an excellent example of corporate-speak meaninglessness) then, maybe, Animas can’t implement a protocol that is reliable.

cf the comments Omnipod users make from time to time about comms failures.

I guess if you don’t care, you don’t care, but I have a curious, annoying, tendency to care whenever anyone makes a mess of computer security. Too many years hacking computers.

When I read the original story I thought to myself that this guys got to much time on his hands. I don’t use a pump but if I did I wouldn’t let this thought worry me. I wonder about J. Radcliffe’s motives. The fear he has caused could most likely cause more damage than the extremely remote possibility this could actually happen.

And then remember the famous saying : "The only thing we have to fear is fear it’self - , FDR 1933 …well before my time :slight_smile: …Amen

Yes, that’s what I thought too. But then I read the Animas response and it betrays a fundamental lack of understanding about computer security. The Medtronic response is reasonable - it is meaningless drivel, and therefore doesn’t give away any information. I can only assume that either Medtronic know what they are doing or that they are currently doing the chicken-with-head-cut-off thing and trying to find out.

The issue isn’t that they’ve been caught with their pants around their ankles; we all do that, it’s that they (Animas) apparently think this is a normal state of dress.

And me the computer very unsavvy person is confused as well , after I read your profile , jbowler , your diagnosed date is : January 1, 0197 ???..just my observation …I hope , you are laughing with me :slight_smile:

Yes; has a *** doofus *** broken *** user interface.

I am not permitted to enter 197?, or 197x, or 197, I am obliged to enter a numerical value.

This is what gets me so angry about my fellow software engineers - they just don’t know how to write user interfaces. And, for the record, I am very annoyed by non-computer people who don’t scream blue murder whenever they can’t work out how to make a computer work - it’s not your fault, it’s mine (and all my fellow reprobate software engineers.)

If a computer doesn’t work a human being is to blame, and it is not you.

Oh, and the above reponse was auto-magically editted by some insane piece of moronic brain dead software written by some equally capable software engineer (I think we call ourselves "web designers" in this context) who doesn't realise that the two characters angle-bracket-left and angle-bracket-right are not meaningful to normal, well developed, highly intelligent [all human beings are highly intelligent] human beings.

I *did not write* "197,"; I wrote something like:

197<I don't know what year because at the time I was in my pre-teens and why on earth should I remember the exact date>

I don’t like that a vulnerability was found, but the serial number detail is comforting to me. That’s not information I’d give to anyone, and it sounds like Animas has reasonable safeguards in place to protect that data.

Despite those measures, no system is foolproof and someone committed enough could hack Animas for the serial numbers. But what are the odds of someone doing that and then going after specific pumpers? The effort and expense would be extraordinary. An individual being targeted by someone he or she knows strikes me as more likely, and even that possibility seems remote.

The possible impact on a victim’s health is terrifying, but this kind of attack just doesn’t seem realistic to me. I may change my tune if more solid data comes out or if a confirmed hack occurs outside of a test environment, but in the meantime, I’ll take precautions with my serial number, as I do with my passwords, credit cards, etc.

Don’t forget that pacemakers and defibrillators are in the same category as insulin pumps and CGMSs. How often do you hear about someone using those devices being done in by a crazy person?

I think they should send me a Ping. Unless of course they don’t really think it’s secure…

Thanks jbowler …I am learning .

Sorry to be so aggressive: I keep seeing people who think it’s their problem when a computer doesn’t do what they want and I get annoyed by that, but I’ve produced incomprehensible interfaces often enough in my life to know how difficult it is to get right.