where have I made any such "apparent suggestion" in any of my comments. i haven't - i've stated that, and at least I believed I made quite clear, that the risk and practicality of using this hack is negligible. i haven't stated that it does not exist or that it should not be fixed. to the contrary - it should be fixed.
you're focusing on a singular aspect in a vacuum. "improper security implementation." - yes in this singular vacuum - you're correct and that's great - it's a concern. But what point is there focusing on security implementations in a vacuum when your dealing with real devices on real people and the practicality of using such improper implementations. The entire BlackHat conference is about exposing hacks in vendor-neutral software and devices that affect the real world. As I stated:
"Get realistic - security loopholes are only as important as what you are trying to practically protect and at what cost with what risk. This is what I am trying to make evident."
i'm focusing on the practicality in the real world as is the entire point of the BlackHat Security Conference. Arguably any device which opens itself to wireless communication could be hacked - and a device like this should have some cryptographic system requiring two separate keys - but at what practical cost is my point.
as hanslemen says in his article - the easiest way to resolve this is just to build in upper and lower limits of insulin delivery. at least you can't kill someone - but I acknowledge that even controlling it is a concern.
[peace, not trying to get all up and hot in here :)]
where have I made any such "apparent suggestion" in any of my comments. i haven't - i've stated that, and at least I believed I made quite clear, that the risk and practicality of using this hack is negligible. i haven't stated that it does not exist or that it should not be fixed. to the contrary - it should be fixed.
you're focusing on a singular aspect in a vacuum. "improper security implementation." - yes in this singular vacuum - you're correct and that's great - it's a concern. But what point is there focusing on security implementations in a vacuum when your dealing with real devices on real people and the practicality of using such improper implementations. The entire BlackHat conference is about exposing hacks in vendor-neutral software and devices that affect the real world. As I stated:
"Get realistic - security loopholes are only as important as what you are trying to practically protect and at what cost with what risk. This is what I am trying to make evident."
i'm focusing on the practicality in the real world as is the entire point of the BlackHat Security Conference. Arguably any device which opens itself to wireless communication could be hacked - and a device like this should have some cryptographic system requiring two separate keys - but at what practical cost is my point.
as hanslemen says in his article - the easiest way to resolve this is just to build in upper and lower limits of insulin delivery. at least you can't kill someone - but I acknowledge that even controlling it is a concern.
[peace, not trying to get all up and hot in here :)]