Software glitch causes Tandem insulin pump to shutdown, FDA warns

Software glitch causes Tandem insulin pump to shutdown, FDA warns(statnews.com)

7 points by gaauch 2 years ago | 4 comments

eesmith 2 years ago |

People have long been calling for medical devices have published source, for exactly this worry.

nocsi 2 years ago | |

I’ve been primarily pentesting medical devices for the past few years and these companies will never willingly hand over code. If you want the code to audit then you’re going to have to yank it out of memory, a jtag or come up with some other disclosure. Not to excuse these companies, but they’re under an enormous amount of regulations between so many different regulatory bodies. But there’s a lot of reasons why infosec people avoid medical stuff in the first place, it’s not for the faint of heart. But then there’s probably worst stuff out there.. like auditing diebold voting machines.

olliej 2 years ago | |

How would publishing the source help?

There are plenty of reasons that are reasonable for saying “source code should be available”, but “the software might have bugs” is not one of them.

eesmith 2 years ago | | |

https://www.bbc.com/news/technology-17631838 gives an example of an insulin pump with a security flaw that made it possible for anyone to send a signal to dump "the entire cartridge of insulin into its host's bloodstream."

That was found by a security researcher not affiliated with the manufacturer.