However, "as these devices get more advanced, and eventually connect to the internet (directly or indirectly), the level of risk goes up dramatically," the researcher warned. "This research highlights why it is so important to wait for vendors, regulators, and researchers to fully work on these highly complex devices."
Before going public, Radcliffe worked with Animas and parent company, Johnson & Johnson, to help them understand the flaws and develop mitigations. This is in stark contrast to researchers from a company called MedSec who recently chose to share information about vulnerabilities in heart devices from St. Jude Medical with an investment research firm so the firm could short the device maker's stock.
The security of medical devices has been a hot topic in the security research community for the past several years. Some vendors have taken notice and have launched vulnerability coordination programs, and the U.S. Food and Drug Administration actively encourages medical device manufacturers to work with security researchers.
Sign up for CIO Asia eNewsletters.