top | item 33040175

(no title)

jwoglom | 3 years ago

While I’m not a certified security professional, I have looked pretty closely at Tandem’s mobile pairing and remote bolus implementation and it seems to have been designed in the right way. After initializing a Bluetooth connection, the phone and pump complete a handshake wherein a 16 character alphanumeric key appears on the pump screen and you need to enter it on your phone, which then uses it as a shared HMAC symmetric key. Status information and responses then occur in cleartext once authenticated, while bolus operations require messages to be signed with the initial key.

That being said, on the chance that there is a security flaw here I’m willing to eat my words…

discuss

qmarchi|3 years ago

Would be cool if you contributed to xDrip!

My partner uses a Tandem pump, and is annoyed that she can't actually use most of the features of the Tandem app because she uses an unapproved (Pixel 6 Pro) device.

jwoglom|3 years ago

Take a look at https://github.com/jwoglom/pumpx2, I’m working with the AndroidAPS folks currently to make it more broadly available. xDrip integration would happen via AAPS.

londons_explore|3 years ago

The whole setup is only secure if the phone is secure. One malicious keyboard app and the key is leaked, and now there is no security left at all.

I think such a design is only safe to human-life standards if all possible signed messages (ie. All possible messages the app could send) would be safe for the user.

code_duck|3 years ago

My concern is that the phone could be compromised. Having a phone hacked would be bad enough without giving the attacker the option to easily hospitalize/kill you.