• 0 Posts
  • 63 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • Here’s my guess. I don’t know anything about this particular device, but I have worked with medical devices.

    A powered exo-skeleton sounds like it might be a class II medical device. Being a medical device, the OEM was required to produce a safety risk analysis per ISO 14971 in the EU and 21 CFR 820 in the US. I don’t know what all was listed, but probably one of the safety risks was thermal runaway from the (assumed) lithium ion batteries.

    Lithium ion battery packs have a well known problem with occasionally overheating and catching fire. This famously delayed the launch of the 787 Dreamliner. This is also why you can’t put your phone or laptop battery into your checked luggage.

    In the original risk analysis, there will be a number of mitigation steps identified for each hazard. For the lithium thermal runway, these probably include a mix of temperature monitoring, overheat shutdown, and passive design features in the battery pack itself to try to keep the impacts of over temperature and fire away from the patient.

    So how does the price get to 100k? It could be some kind of unique design features that are now out of production and the original tooling is not available. The 100k cost is probably something like to redesign the production tooling, particularly if you have to remake injection molds.

    You can’t just use any off the shelf battery pack, because that would invalidate the risk analysis. You’d need to redo the risk analysis, repeat at least some amount of validation testing, and possibly resubmit an application to the FDA.

    TLDR: you can get some MEs and EEs together to solve this problem, but once they’re on the case, you can blow through 100k real fast.





  • Medical devices are required to comply with 21 CFR 820 in the United States, which establishes quality management standards. This includes minimum standards for the software development lifecycle, including software verification and validation testing.

    In the EU, broadly equivalent standards include ISO 13485 and IEC 62304.

    If an OEM wants to do a software update, they at minimum need to perform and document a change impact analysis, verification testing, and regression testing. Bigger changes can involve a new FDA submission process.

    If you go around hacking new software features into your medical device, you are almost certainly not doing all of that stuff. That doesn’t mean that your software changes are low quality–maybe, maybe not. But it would be completely unfair to hold your device to the standard that the FDA holds them to–that medical devices in the United States are safe and effective treatments for diseases.

    This may be okay if you want to hack your own CPAP (usually a class II device) and never sell it to someone else. But I think we all need to acknowledge that there are some serious risks here.





  • I thought they catch fire and burn down slowly.

    Correct. Both the recent pager and radio attacks, and the 1996 cell phone attack, were performed by planting military explosives inside the devices in advance.

    There is no magical way to hack the electronics to make a lithium battery straight up explode.