Medtronic MiniMed Insulin Pump Authentication Vulnerability
Medtronic has released details of a vulnerability in their MiniMed range of insulin pumps. An unauthenticated user in radio range could exploit this to alter device settings, or intercept, modify and inject sensitive information.
Summary
Medtronic has released details of a vulnerability in their MiniMed range of insulin pumps. An unauthenticated user in radio range could exploit this to alter device settings, or intercept, modify and inject sensitive information.
Threat details
The vulnerability lies in the proprietary radio frequency protocol MiniMed insulin pumps use to communicate with control systems and peripheral devices. This protocol does not adequately implement suitable authorisation and authentication methods, which can result in an attacker with knowledge of the protocol data format retrieving patient data or altering pump settings, including controlling insulin delivery.
For further information:
Remediation steps
Type | Step |
---|---|
At the time of publication, Medtronic have indicated that this vulnerability cannot be fully remediated in the affected products. They have stated they will be contacting affected organisations directly to provide additional guidance. Further information can be found on Medtronic's June 27, 2019 Security Bulletin or their security site. Medtronic have also suggested users and organisations follow the below partial mitigation steps:
|
Last edited: 17 January 2022 5:51 pm