Comment by Group_B

21 hours ago

Oh well. The whole thing has already been reverse engineered. Look up Loop or Trio or OpenAPS. Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices. This isn’t really that big a deal. What we need right now is help REing the Omnipod 5

6 comments

Group_B

Reply
duban  20 hours ago

I’m aware of a few people working on REing the Omnipod 5. The furthest issue that I have seen is that when a PDM/Omnipod 5 app signs into your insulet id, it gets a private key from the API which is stored in the keychain (and uses SSL pinning to prevent MiTM retrieval of the private key). When pairing with the pod they exchange public keys and then a derived key from the devices private key+pods public keys, but haven’t been able to get a copy of a private key yet to make further progress.

fyhn  20 hours ago

Not all though, I've been looking at Minimed pump reverse engineering (which would be just reading glucose data, not controlling the pump), and that's not solved yet, at least not for the 780G. But I hope it will be, and perhaps I'll be able to contribute.

  • mlsu  19 hours ago

    I don't work for Medtronic. But it's extremely unlikely that will happen. It's not merely a matter of reverse engineering -- after the original medtronic "hack" / reverse engineer efforts (the ones that lead to the original openAPS system being developed) the FDA put out new guidance on cybersecurity protections for insulin pumps.

    The communication between your phone/pump or glucose sensor/pump is encrypted now for all newer devices.

    > Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices

    Absolutely not true, not any more.

    • Group_B  11 hours ago

      No it's true. Companies like Insulet and Dexcom could send out lawsuits to all the open source projects out there that involved REing. Dexcom's glucose share API was REed years ago, and Dexcom hasn't even tried updating or stopping the use of unofficial APIs. All I'm saying is that the companies really don't care at all.

    • sarusso  15 hours ago

      > The communication between your phone/pump or glucose sensor/pump is encrypted now for all newer devices.

      May I ask where did you get this info? And what “newer” means here?

      1 reply →