Yes, same topic, different strategy

I know we dont have a ton of Loop users on here, but here goes…attempt number 2.

So, I don’t feel super comfortable with my computer security (in general) and pump setup. I am optimistic, but apprehensive, about closed loop systems in general. But, that’s nothing unusual. You probably know by now that the words “remote attack,” make me wet myself.

Diabetics are a mature patient organization with lots of technical prowess. I feel like my ability to provide informed consent for new medical practices has taken a lot of energy, time, and money. I am getting burned out. I have spent free time securing other people’s networks, but have not done my own. That is increasing anxiety in the moment when I start my first closed loop system. I am not ready, but I also cannot wait.

I do not have time to even begin researching how to secure my cell phone, the most vulnerable piece, with all the tech I am being introduced to.

We have been low on good, technical problems at this forum for a period. We seem to have solved so many things. It is very different than it was some years ago. Can’t stop the wheels of progress. But, now there are so many new technical problems that I am overwhelmed. I feel like I have been transported back in time to 2005 when I had nothing but questions and very few answers. It is invigorating because there is lots of interesting, new work to do and an endless list of problems to solve.

Any resources would be greatly appreciated.

Besides security of the phone and the network to mitigate external risk, does anyone have a line in the sand where they will take the system down? What is your line?

I, personally, for instance, drew a line that I would not use a pump at a security conference because I don’t know what I don’t know and I just felt safer, far from home, alone, without wearing the pump in a room full of people performing software defined radio attacks. I asked a bunch of security professionals before attending. I heard everything from: 1.) Ask your Doc (who certainly has no idea); 2.) Do not attend; to 3.) Someone would have to be a moron to attack a medical device (but, people are undoubtedly morons). So, I just took it off.

Do you ever take your pump or closed loop system off for reasons that I haven’t thought of yet? There are a number of openly identified reasons that have been identified/discussed and I will likely remove it for those recommended situations.

These things seem reasonable. I would like to be the best informed user that I can be. New tech is always a bit jarring.

@mohe0001 personally I think while incredibly inconvenient, a sound strategy. The ones I have been to are open season as I suspect most attendees assume you have hardened your equipment. Ethically only lowlifes hack medical equipment. Just because you can, doesn’t mean you should.

As a devout Android user many of my friends use checklists such as the one.published by UT for securing their i-products. I would probably start with a similar list and re-assess, as i’m not sure how to protect a Riley link mitm attack (I’m weak on bt protocol).

1 Like

Ugh, I read the whole BT Low energy specs. I cannot recommend them for summer reading. I appreciate your links. Thank you. I will read them tomorrow right away. Someone posted this useful link elsewhere.

Ooooh, thats good, good stuff. Thanks again!

1 Like

The article you linked describes the issues quite well, but offers no real solutions other than to state that security protocols are overdue for insulin pumps and also acknowledge s that any new security protocols would be at the expense of diy loopers

we are treading on thin ice, here, El_Ver, lets not anger the others. You saw what unfolded earlier. I haven’t the strength, lol. I just got loop running one minute ago. Bg = 41. Everything alarming…literally and figuratively

1 Like

Best of luck looping, I am envious as all get out. I hear the first 2 to 3 weeks are tough, then everything suddenly settles out and works great. Personally I have no experience looping

This is El_Ver…appears and dissapears out of nowhere, just in the nick of time.

2 Likes

Why cant this be hard wired ? I know this PC I type on I have the option of WIFI or a data cable.

I know too little about this to add much but IMO I see little advantage of using wireless when you need to carry all this stuff anyway.

Well, it could be hard wired. Radio attacks occur when devices are using Radio Frequency communications. Its an older form of communication than Bluetooth. RF attacks aren’t that big of a deal because an attacker would need to be in very close proximity to attack you, like your upstairs neighbor in an apartment building. It could happen, but its very unlikely.

Things are different when devices open up to the internet. Then, it doesn’t really matter if its wired or not - the internet is a “bad neighborhood” and things will attack you.

Why would I possible need to connect to the internet ?

We don’t need to over tech it.

There are a number of reasons people put medical devices onto the internet, but with ours, it is mostly for convenience so that Docs or family members can see the data, or, because we are using cell phones to operate our pumps, etc. Diabetes tech might not even use internet, but diabetes tech might be built on top of devices that use internet.

1 Like

I have no problem connecting my diabetic products to the internet. My Dex G6 constantly uploads info to the Dexcom servers. I’m not concerned about my pump and transmitter broadcasting over Bluetooth. There’s way too many things to worry about and someone hacking my pump is not even a blip on my worry radar.

No one is talking about “worry.” That is for individuals to asses their own risk tolerance.

We have to be able to have discussions about how devices work, just as we have for years. Its a failing in our community culture if people can’t ask reasonable questions and receive answers. We have a long history of not being able to talk about many things. I believe that we are beyond that.

Mxracer asks perfectly legitimate questions. I want to be careful that we do not imply they are anything other than perfectly reasonable questions. People should never be afraid to ask questions in medicine.

Man, thats a good music video. I’m gonna re-watch it.

You asked a question, I answered it. You’re literally worried about your tech being compromised, but my non worry is pushed aside? You’re the one shutting down the conversation because you feel your opinion matters most.

There are no stupid questions, just a need for more music…

Whatever

I’m exhausted by that previous conversation. If you want to hash it up again, I’m sure you can find it on the forum. I’m sorry, its not personal, I just don’t have the energy, today, to go into it all again. Maybe in a month…

There’s a whole bunch of context to this post. It refers to a previous one. Please see that one to start up that whole conversation again. I’m sure that’s not apparent at first glance.

It’s cool mate. Some of these topics can get the better of us. We’ll still come back and support each other even after a heated interaction. You’re right I don’t have any context to what happened previously, I respect your feelings and have no animosity towards you at all.

Are you doing Omnipod looping?

Most concerns related to security involve older Medtronic pumps.

Is there a way you can use Loop just in your home to begin with, and switch off when out while you figure things out?