For OmniPods, communications are protected by a nonce. A nonce is an arbitrary number that can only be used once in a cryptographic communication. (For pods it is only partly arbitrary, because it uses the pod’s lot and serial number to generate it.)
As a very simple example of a nonce, if you want to reset your password on a website, the site might send a nonce (such as a sequence of numbers/letter) to your email address or phone. Before being able to reset your password, you have to enter that same number/letter sequence you got in your email or phone into the website. You have established your identity because you have access to your email or phone and you got the correct nonce and entered it correctly. If someone later tries that same nonce, it no longer works. And that nonce will also expire in a few hours, so an attacker has less time to try to compromise it.
This is a simple example of how a nonce can be used.
Communication with the pod uses a nonce based on the pod’s lot number and serial number. This is established during pod activation.
I believe an attacker would need to setup a parabolic microphone during pod activation or find out your pod’s lot and serial number. And then intercept communications and try to impersonate your PDM by using the next nonce that would be generated in the next communication, in order to send an unauthorized bolus your way. And also be close enough that they could send the bolus command with their transmitter.
As my boss has told me many times, “There are much easier ways to kill you, E.”
I am not worried about this.