Medical device software expert FrediG announced today at BlackCap Europe that he had found a calculation error in the GerateSoft application that he uses with the Robotron IPumpe insulin pump that he used to control his blood sugar levels. The pump routinely administered 0.5% more insulin than was necessary to keep his blood sugar levels at target levels. As a result, his blood sugar levels over the last six months have routinely been on the low end of the target range for the treatment of his Type 1 diabetes.
Robotron spokesperson, Erich Mielke, told reporters at a news conference at the conference that FrediG had disclosed the problem to Robotron last week, and that Robotron was recommending that the users of its IPumpe stop using the GerateSoft application. “We are very concerned that the application is incorrectly dosing patients using our device,” Mileke said; “But we are even more concerned that it appears that this dosing error may be deliberate.”
That unusual comment by Mielke was based on a claim by FrediG that the application used two different calculation formulas, depending on which account was used. FrediG reported in his talk today that the equations used when the default account on the application was being used was the industry standard calculation. The default account would be expected to be used by regulatory agencies and companies like Robotron when testing the application.
Users are specifically warned by GerateSoft not to use the default account to protect their privacy. But when users set up their own unique account on the App, a different equation is used to calculate the insulin dosage. That calculation produces a dose that is 0.5% higher than the industry standard equation.
GerateSoft tried to get a German Court to stop FrediG’s presentation claiming that he had accessed GerateSoft’s system without permission, but lawyers for Robotron told the Court that FrediG had been a registered member of Robotron’s vulnerability discovery program and access to GerateSoft’s application was covered by that program.
Mielke noted that FrediG had reported vulnerabilities in a number of Robotron’s devices over the last two years, including a vulnerable version of OpenSSL used in the IPumpe that Robotron reported and corrected last summer.
No comments:
Post a Comment