Inadequate Encryption Key Protection in SOOIL Developments CoLtd DiabecareRS and AnyDana-i, AnyDana-A Vulnerability
CVE-2020-27270 · MEDIUM Severity
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).
Learn more about our Mobile App Penetration Testing.