Insulin pump hacker discloses company that makes hacked device

Back at the beginning of the month, I mentioned the hacker at Black Hat conference that was able to hack an insulin pump to make the device show incorrect readings. At the time the hack was announced, the hacker didn't tell what brand the pump he hacked was. The hacker, Jerome Radcliffe, went to the company and now says that the company belittled the security flaw and didn't take the research seriously. In light of the fact that the maker apparently does not intend to secure the device, Radcliffe has announced that Medtronic makes the pump he was able to hack.

The hacker gave up the name of the company at a press conference on August 25. Medtronic is one of the largest medical device makers in the world and makes all sorts of devices including critical life saving devices like pacemakers and defibrillators. The pump that the company makes is called the Paradigm and affected models include the 512, 522, 712, and 722. All of those models are susceptible to the hack that Radcliffe created. The hacker also states that anyone using the pump doesn't need to "freak out" and stop using it.

He claims that it will take some time for malicious sorts to figure out the hack. Still, the fact that the insulin pump has poor security and is susceptible to hacks leaves question in my mind of how secure are other devices that the company makes. Radcliffe also noted that all a hacker needed to gain access with his attack was the device serial number.

[via eWeek]