Even if entropy is low are - how are you going to randomly select a person, and know their serial ID ? Unless you know what units are distributed to what hospitals/doctors - at exact times - at exact shipments and then from the sample delivered know the exact unit given to any person at any particular time.

Sure, if you know a "set of id's" you could try each one sequentially until you finally get a hit - but even then, you must somehow ensure the person being targeted has remote connection turned on. I'm pretty sure walking up to them and saying "oh, hai 'dere! ... plz turn on ur remotz connetz'n 4 me?" [ said in this voice - http://www.youtube.com/watch?v=xh_9QhRzJEs ] - is going to make them pretty suspicious.

There's a lot of "ifs" in there and frankly - if your aim was kill them - it would be a lot faster to do it some other way because to actually get all these things to line up perfectly .... your chances are pretty slim.

You are missing the point, if the entropy is sufficiently low then it is feasible to guess.

Besides, presumably if you want to kill a particular person, you might know a bit about them.

Anyway, with low entropy serial numbers is that potentially it could be feasible to just create a device that runs through all of them in a matter of a couple of minutes or so. For example, you could check google news to get a guestimate of approximately when perhaps a high profile politician had one of these installed. If this is a friend or family member then that step just gets even easier. If part of the serial number is a year/month combo (a common way to do it) and the rest is sequential, then it will be pretty easy to figure out. Are there easier ways? Sure, I imagine so. A hands off wireless approach certainly is appealing though isn't it? Probably worth at least trying before you move on to more hands on techniques.

"it would be a lot faster to do it some other way "

If you are taking the time to plan out a homicide, which is going to be more important: doing it fast. doing it so you don't get caught.

not really - if entropy is low in a lot of things - it's feasible to implement a disaster scenario. wireless systems across lots of things are not encrypted and so the same logic applies.

"you might know a bit about them"

we'll you really 'would' have to know 'a lot' about them if these devices had high entropy. which - if a person was indeed killed by this method - an autopsy would show either a spike or lapse in delivery of insulin. such a lapse would immediately lead to an investigation as to why the unit did not respond ?

evidentiary burden then progresses.

i'm not disagreeing with you in the seriousness of the discovery - i just think that these devices live in a nano-constrained world. implementing increased data encryption increases cost, power usage and the like - it's a difficult balance. now this has world attention - even 'basic' encryption is really useless since even it could be hammered.

so do you implement serious encryption - but in doing so - reduce the utility of the device so that it lacks the means to do what it is designed to do ? deliver insulin.

On the basis of a huge number of "if's" involved. i'm not convinced.

That is why I'm asking what kind of entropy the serial numbers have.....

"which - if a person was indeed killed by this method - an autopsy would show either a spike or lapse in delivery of insulin. such a lapse would immediately lead to an investigation as to why the unit did not respond ?"

I'm confused how that is related to the entropy of the serial numbers.