Tandem recently released updated firmware and mobile app for their t:slim X2 pumps which includes a function to deliver insulin from the mobile app. To me, this seems like a dangerous idea, given that people can die from an insulin overdose. I'm perfectly happy keeping the function solely on the physical device. My wariness has not been shared by the majority (or even a small fraction) I've discussed this with online - pump users generally desire this convenience and are not at all concerned about potential security implications.
While I’m not a certified security professional, I have looked pretty closely at Tandem’s mobile pairing and remote bolus implementation and it seems to have been designed in the right way. After initializing a Bluetooth connection, the phone and pump complete a handshake wherein a 16 character alphanumeric key appears on the pump screen and you need to enter it on your phone, which then uses it as a shared HMAC symmetric key. Status information and responses then occur in cleartext once authenticated, while bolus operations require messages to be signed with the initial key.
That being said, on the chance that there is a security flaw here I’m willing to eat my words…
My partner uses a Tandem pump, and is annoyed that she can't actually use most of the features of the Tandem app because she uses an unapproved (Pixel 6 Pro) device.
Take a look at https://github.com/jwoglom/pumpx2, I’m working with the AndroidAPS folks currently to make it more broadly available. xDrip integration would happen via AAPS.
The whole setup is only secure if the phone is secure. One malicious keyboard app and the key is leaked, and now there is no security left at all.
I think such a design is only safe to human-life standards if all possible signed messages (ie. All possible messages the app could send) would be safe for the user.
My concern is that the phone could be compromised. Having a phone hacked would be bad enough without giving the attacker the option to easily hospitalize/kill you.
https://diatribe.org/medtronic-provides-update-recall-thousa...
Tandem recently released updated firmware and mobile app for their t:slim X2 pumps which includes a function to deliver insulin from the mobile app. To me, this seems like a dangerous idea, given that people can die from an insulin overdose. I'm perfectly happy keeping the function solely on the physical device. My wariness has not been shared by the majority (or even a small fraction) I've discussed this with online - pump users generally desire this convenience and are not at all concerned about potential security implications.