top | item 46395740

(no title)

Group_B | 2 months ago

Oh well. The whole thing has already been reverse engineered. Look up Loop or Trio or OpenAPS. Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices. This isn’t really that big a deal. What we need right now is help REing the Omnipod 5

discuss

duban|2 months ago

I’m aware of a few people working on REing the Omnipod 5. The furthest issue that I have seen is that when a PDM/Omnipod 5 app signs into your insulet id, it gets a private key from the API which is stored in the keychain (and uses SSL pinning to prevent MiTM retrieval of the private key). When pairing with the pod they exchange public keys and then a derived key from the devices private key+pods public keys, but haven’t been able to get a copy of a private key yet to make further progress.

Group_B|2 months ago

Anyway to follow the progress? I attended the Nightscout conference and asked around regarding this but no one really knew of any group to follow. Or really knew of the latest developments on this effort.

fyhn|2 months ago

Not all though, I've been looking at Minimed pump reverse engineering (which would be just reading glucose data, not controlling the pump), and that's not solved yet, at least not for the 780G. But I hope it will be, and perhaps I'll be able to contribute.

mlsu|2 months ago

I don't work for Medtronic. But it's extremely unlikely that will happen. It's not merely a matter of reverse engineering -- after the original medtronic "hack" / reverse engineer efforts (the ones that lead to the original openAPS system being developed) the FDA put out new guidance on cybersecurity protections for insulin pumps.

The communication between your phone/pump or glucose sensor/pump is encrypted now for all newer devices.

> Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices

Absolutely not true, not any more.