Inadequate Encryption Key Protection in SOOIL Developments CoLtd DiabecareRS and AnyDana-i, AnyDana-A Vulnerability

Inadequate Encryption Key Protection in SOOIL Developments CoLtd DiabecareRS and AnyDana-i, AnyDana-A Vulnerability

CVE-2020-27270 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).

Learn more about our Mobile App Penetration Testing.