Good to see you Thomas!
same here!
Maybe I am missing something, but as far as I can tell this news article is not about controlling a pump remotely via the Internet or sms. It is about controlling the pump remotely from a nearby smart phone via a bluetooth interface. There is nothing particularly risky about that. Even better news is that the Korean pump manufacturer is making their interface accessible by DIY closed-loop systems, AndroidAPS in particular. That’s great! They are showing other pump manufacturers how things could and should be done - lets hope they follow.
As a side note, I’ve been controlling my pump using Loop app on my iPhone with bluetooth interface for more than a year now. In parallel, I’ve used the same iPhone for internet browsing, reading FUD posts , navigation, playing music and videos, and countless other apps without any technical or security problems. Surprise, it’s 2017. In a Hollywood-move scenario, I could imagine how a technically proficient villain could harm me by remotely programming a gigantic bolus on me, but this has not happened (yet)
That is definitely lower risk, not any riskier than the current omnipod RF communication. Actually safer because bluetook is harder to break.
When the subject about such a hack comes up, my boss has reminded me that there are much easier ways to kill me.
This is where I have concerns.
The INTENTION is to control the pump from close by.
The CONCERN is someone anywhere in the world taking control of the phone during the night and using that phone to then remotely operate the pump which is close by the phone.
It is a basic risk matrix that I operate on.
- What is the probability of the event? Low but possible.
- What are the consequences assuming the event does happen? Catastrophic.
Based on that, it is an excessive level of risk for me.
Edit: Running this from an iPod Touch via Bluetooth where the iPod has no cellular data capabilities and with the Wifi turned off would be acceptable to me.
I was referring to the intentional actions by the pump company to allow DIY closed-loop system to be utilized. AndroidAPS has the ability to remote bolus via SMS as well as Bluetooth. Nightscout can be used via the internet. The dedicated app from the company allows the user to bolus via Bluetooth.
Thanks for the clarification.
Very interesting poll results so far. Mainly split, but more No’s than Yes’s.
I am surprised by that!
I’m more concerned by the remote bolus by SMS … that seems like a potential safety issue not so much from a hacking perspective (although that’s there) as from a user error perspective.
There are certain safeguards there as well such as white-listed phone numbers and only accepting a bolus command with x minutes apart.
Just saw this, may be relevant:
This attack is frightening because it can happen very quickly, does not need any interaction with you, and does not leave any traces (except that it may wake your device).
Any old device that does not get updated anymore is vulnerable (and those that don’t get patched quickly). This is where I absolutely HATE Android, which is my favorite system. Updates. Some day this may push me to iOS, despite my deep dislike of Apple’s proprietary practices.
Like @Thomas I would be very leery about medical devices and remote operation. Why? Well medical device companies are good at making lifesaving medical devices. They are terrible at ancillary things like device security. When looking back on my experience helping to create training for a wireless connection to a pacemaker, I was in a bunch of meetings and went around the world as part of a team to do testing. We were very concerned about usability, and not concerned at all about security.
BlueBorne is a severe issue because of its extreme reach. Almost any device that hasn’t been patched and has Bluetooth turned on can be compromised by the attacking device from a distance of up tp 32 feet.
The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. It doesn’t require the vulnerable device to do anything other than just having bluetooth on.
2 posts were split to a new topic: Bluborne malware: impact on Omnipod Dash?
A post was merged into an existing topic: Blueborne malware: impact on Omnipod Dash?
Interesting consensus…
Pretty much perfectly divided!
I am surprised by who ended up on which side
It doesn’t surprise me that most parents voted yes. They could benefit a lot from remotely controlled pumps.