@mohe0001 this Wired article is about exactly the same vulnerability that was identified in 2011 (let me repeat this for emphasis: in 2011) and discussed roughly million times in various on-line venues to absolute exhaustion, most recently on TuD here in response to FDA warning and Medtronic recall. The Wired article title is admittedly catchy and sounds alarming, but there is nothing new here and really nothing to be particularly alarmed about. Old news, recycled yet again (which is pretty amazing in it’s own right).
We do care about vulnerabilities of D-techology. A bent cannula is roughly about 1,000,000,000 times higher concern for me, but this for some reason does not seem to be an issue the esteemed security experts are interested in? Alright, maybe the cannula challenge is unfair, outside of their domain of expertise. I do have a challenge for them, which is actually interesting, and should be right in their domain:
- Dear Billy Rios and Jonathan Butts of QED Security Solutions, I am using an automated insulin delivery system called Loop, which is exploiting (to my great benefit and pleasure) the exact Medtronic pump vulnerability you are clearly very familiar with. Loop happens to be an app that runs on my iPhone, which has Internet access essentially all the time. My concern is that someone could exploit iOS and/or Loop vulnerabilities to take control over my pump remotely over the Internet. (not over relatively nearby RF - we’ve known about that since 2001). Is that possible? If you were able to answer this real cyber-security question (a documented yes or no answer would be fantastic), I’d be very grateful, and I am sure the entire DIY/T1D community would be thankful and would celebrate your expertise. Of course, we’d do whatever we can to fix any cybersecurity vulnerabilities you may identify. Needless to say, name-promotion opportunities on TuD, Wired, etc. would be endless.
Sincerely, @Dragan1.
p.s. Loop is an open-source project, which should make the challenge much easier for you.