Vulnerability: Brute-Force Attack on Deterministic Keys in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A

Vulnerability: Brute-Force Attack on Deterministic Keys in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A

CVE-2020-27264 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.

Learn more about our Mobile App Penetration Testing.