Monthly Archives: August 2011

My Comment at Scott Hanselman’s Blog

Response to Scott Hanselman’s blog dialog on “Hacking Insulin Pumps”


Here is a reality check. No one who understands wireless in insulin pump operation would agree that you have “hacked” that pump. Here is my basis/definition: You are operating the device in ways specifically covered by the instructions for use.

By allowing this Black Hat presentation to get twisted out of control like a game of “telephone”, your work may not yield the benefit you had hoped. Unless you can assert some control over the conversation, you put Medtronic and other vendors on the defensive of crisis management — against a non-vulnerability — so you can’t as easily get the a dialog that starts between yourself and any of the vendors to learn more about how medical devices are designed.

This is the real loss. You would be pleasantly surprised (I say “surprised” based on your amateurish comments on designing around basic risks) that wireless penetration of these devices is considered in dozens of ways you have not pondered. The design procedures (and many of the people) come from aerospace backgrounds; but medical device design is a discipline of itself. The pump design teams that I have worked on are very aware that administering a deadly hormone for daily therapy is a very serious undertaking requiring painstaking risk analysis and mitigation.

I have not been directly involved with any of these companies in 3+ years but if this makes sense to you — if you see some benefit to a richer dialog — I would be happy to try to make/suggest some contacts.

LinkedIn Conversation on “Hacked” Insulin Pump

Blackhat Conference – original summary

Here is the link to the original conference summary. In it, Radcliffe provides a honest summary:
“After investing months of spare time and an immense amount of caffeine, I have not accomplished my mission.”

Hacking Insulin Pumps

A slow building hyped up set of headlines during the past three weeks — all stemming from a paper presented at the Black Hat Security Conference.