[Odenwaelder]

I'd be interested how they test a Class C medical device that can kill you if you send the wrong commands. It surely is an amazing story and a great write-up, but I'd be wary of hacking insulin pumps, let alone using them.

[zaroth]

You can read about the “We Are Not Waiting” movement and the ethical considerations of doing this research, writing the software, and documenting and even to an extent productizing the software for mass consumption.

It is not a zero sum game. Not having this control over the pump can also kill you, because the systems that were available before this movement got started were so poor.

When the hacker community started putting together remote monitoring systems for the CGMs that allowed, e.g. parents to watch their kids at school, or through the night from the next room, that improved quality of life and maybe even saved lives.

Hackers have already tapped into the Medtronic pump to build the world’s first closed loop system. The OnniPod is just another pump in line to be reverse engineered.

If you saw first hand the quality of software being put out by Dexcom and Insulet, this work is serving as an important check&balance as well as pushing them to invest in R&D versus sitting back and milking their patents.

It’s also worth noting that the pod has important hardware safeguards that mitigate the impact of a software error on the remote control side. You can’t just send a message asking for 100 units of insulin because the hardware won’t dose it. You can also hear (and somewhat feel) each 0.05 unit of insulin being delivered as a click about once every 1.5 seconds.

And again I’ll reiterate that it’s not a zero sum game. The software and UI is so bad on the Insulet/Omnipod side that it’s easy to screw up a basal program, or when applying a temp basal on top of an extended bolus, or when changing a pod while an extended bolus is active. All these events can result in low blood sugar events that are potentially dangerous.

Efforts like Nightscout have actually saved lives and while they are not without risk (what thing worth doing is?), the T1D world has been measurably improved because of their efforts.

Finally I’ll says that the reverse engineering effort already uncovered one significant bug in the protocol that we know of. They didn’t delve into the details of the “nonce” but I’m willing to bet that imaging the chip was not actually necessary and that the “encryption” is some homebrew POS which is highly insecure. We deserve to know the protocol which is protecting the communication between the pod and the controller, for example is there a secure DH key exchange happening when a new pod is paired and initialized? Can a third-party controller potentially spoof commands to my kids’ pods? OmniPod would never disclose how this works, so I’m supppsed to just trust them.

[arafa]

I know folks that work on Nightscout and I agree with everything in this post. I find them to be very thoughtful and circumspect about the work (the contributors often have T1D or family with T1D). Besides that, a closed loop system (which as yet is only partially implemented or is still somewhat inconsistent) is a holy grail for a lot of these folks.

Most of them are already well acquainted with manually managing insulin and the existing products and can handle any mishaps for the most part.

[gh02t]

I don't really understand in detail how insulin pumps work, so I want to ask why are there not commercial closed-loop systems available? It seems like an obvious development that pump makers should have implemented a long time ago. Is there a complication that makes it harder than it sounds, or is it something like regulatory concerns or just plain laziness?

[GiorgioG]

Few competitors, no reason to innovate. And they're charging $8-12,000 for a new pump setup. That was our experience 5 years ago with Medtronic. Not a single update in 4 years with our son's 530g pump. With his new pump (from Tandem) we're expecting a pretty big software patch/upgrade later this year. Beta Bionics is working on their artificial pancreas (dual hormone) that should be out next year. So newer/more-nimble players are forcing the bigger companies to start innovating. Having said that, it never comes soon enough ;)

[ZucchiniZe]

I got a chance to try out the beta bionics artificial pancreas in a research trial and it is a truly new innovation in this field, it lifted about 90% of the constant thinking about bolus and blood sugar from me and allowed me to live my life. It truly deserves all the hype that it is getting.

[GiorgioG]

Wow that's great to hear! Was it insulin-only or did it also have glucagon onboard? I know they're working towards releasing the insulin-only version first. I can't wait for the dual-hormone version to become available. It'll allow my wife and I to sleep through the night without worrying that our son won't wake up when he drops too low.

[thecosas]

Sidebar: Tandem's Q1 2019 results came out today and they're doing pretty dang well. http://investor.tandemdiabetes.com/news-releases/news-releas...

Operating margin is still negative, but it's improved tremendously year over year.

[bleair]

In short, real humans and these medical devices are inexact. The device must choose “How much insulin should be dosed?”. Lawsuits argue medical devices should be flawless, so no company will bring out a device that could be pointed out as causing an incorrect amount of drugs being delivered The open source insulin pump and continuous-glucose-monitors as a feedback systems are just incredible BUT they require the user to be very aware of what is easy and reliable and what can be flaky (see all the details about pod screamers - e.g. the pod can’t continue, or drift in cgm data)

[emiliobumachar]

Every time a self-driving car kills one person, it's national headlines for a week, with no shortage of people calling for the people responsible to be jailed. It will be like that the first few times that a commercial closed-loop system kills a person.

[ron0c]

> this work is serving as an important check&balance as well as pushing them to invest in R&D versus sitting back and milking their patents.

Thank you for your reply. This is what angers me the most. They drug companies have a solution. Keep buying insulin, keep buying needles, keep buying new pods, sensors, and apps. No, this can be fixed, it can be better.

[Odenwaelder]

Thank you for your reply, very interesting! I have no doubt that this project is great help to many people, and it's a shame that any medical device of this kind is closed source. Being involved in the development of medical software, I know how important testing is, and given the chaos that reigns in some open source projects, I'd be wary of hacking a medical device. I see both sides and surely it's a balancing act.

[couchand]

OTOH if the OEM can't code the CRC right, one might be better off packing their own parachute...

[Odenwaelder]

No, you're not better off. If you want to get a medical product like this licensed, you have to prove that you performed rigorous, multi-staged testing and document all your development including all emerging risks. I have participated in such licensing efforts and I doubt that an open source project has the means of providing such rigorous testing.

[stefan_]

The result of this diligent process, of course, is how a broken CRC16 routine got shipped in this medical product.

It's the most trivial thing. Copy a public domain CRC16 routine, add a unit test with a test vector.

[joezydeco]

Can you be sure it wasn’t a badly implemented form of obsfucatiom?

It certainly slowed down the reverse engineers. If they didn’t get to the object code what would the next step have been? Cryptographic analysis?

[stefan_]

5 of the bits were never set in their "obfuscated" variant? If you want to obfuscate CRC16 you would just choose a randomized starting value.

[joezydeco]

I didn't say it was implemented well. Perhaps they should changing shift operators would quietly change the values without any disturbance to checksum integrity.

[mikelward]

Tidepool is indeed working on FDA approval for Loop.

https://www.tidepool.org/blog/tidepool-delivering-loop

[mox1]

The other unfortunate side-effect of this research is that they just explained in detail how to hack into an un-suspecting users pump.

Imagine the other version of this story, where an advanced attacker does all of this, because "Prominent Political Figure X" wears this insulin pump...

[rtkwe]

This isn't enough to attack the pump in that way you'd still have to defeat the pairing step to make the pump accept commands from a transmitter.

[bleair]

Aside from all the technical arguments, why don’t more devices give me clear explicit control (pairing, even if I want to allow remote control) and even better transparent indication of how the device is running

[emiliobumachar]

To what extend would you be willing to write down a living will exonerating the manufacturer and be extra clear with your loved ones that you're choosing to take a risk?

[rstuart4133]

> but I'd be wary of hacking insulin pumps, let alone using them.

If you have type 1 diabetes hacked insulin pumps or otherwise, the disease will kill you prematurely. It's a question of "when" rather than "if". Mostly this is because the disease requires constant attention - attention of the sort humans aren't good at providing, even if their life depends on it. Listen to this talk about OpenAPS. See where she says so has to wake up on average 200 times a month - or any 6 times a night, every night, regardless of whether she's pulled at 24hr day or had a good night out to monitor her levels:

    https://www.youtube.com/watch?v=p76hGxv3-HE

I know the authorities will find it an anathema, but this is a very good argument for allowing the development of open source medical devices outside of the current regulations. The existing system is about controlling the private sector - making sure someone doesn't kill someone for the sake of a quick dollar. Open source turns that equation on it's head. No one is selling anything - so there is no quick buck to be made. It's just sane, sensible people trying to stay alive, and are very, very aware if they get it wrong it will kill them.

While there is a cost advantage as the talk makes plain this isn't what motivated them. Their hashtag spells out the motivation: #WeAreNotWaiting. Waiting means a chance of dying. A capitalist system that has to be tightly constrained by government regulation to prevent it from killing too many people turned out to be far slower than open source doing the same thing.

Again, listen to the talk. Listen to the lengths the people who use OpenAPS went to make sure their novel devices didn't kill them. Learn how they voluntary pooled millions of device hours of data, and made it open available so they could all learn from it. Unlike you, I'd trust OpenAPS firmware long before I trusted some closed source solution on the promise that "we are making money from it - trust us". Thanks all the same, but I'll prefer to trust the people who would be killed by it if they get it wrong.