Response to Scott Hanselman’s blog dialog on “Hacking Insulin Pumps”
Here is a reality check. No one who understands wireless in insulin pump operation would agree that you have “hacked” that pump. Here is my basis/definition: You are operating the device in ways specifically covered by the instructions for use.
By allowing this Black Hat presentation to get twisted out of control like a game of “telephone”, your work may not yield the benefit you had hoped. Unless you can assert some control over the conversation, you put Medtronic and other vendors on the defensive of crisis management — against a non-vulnerability — so you can’t as easily get the a dialog that starts between yourself and any of the vendors to learn more about how medical devices are designed.
This is the real loss. You would be pleasantly surprised (I say “surprised” based on your amateurish comments on designing around basic risks) that wireless penetration of these devices is considered in dozens of ways you have not pondered. The design procedures (and many of the people) come from aerospace backgrounds; but medical device design is a discipline of itself. The pump design teams that I have worked on are very aware that administering a deadly hormone for daily therapy is a very serious undertaking requiring painstaking risk analysis and mitigation.
I have not been directly involved with any of these companies in 3+ years but if this makes sense to you — if you see some benefit to a richer dialog — I would be happy to try to make/suggest some contacts.