|
|
|
|
|
|
by jmptable
1357 days ago
|
|
|
It's very interesting to see an in-the-wild example of a security flaw in the wireless pairing of a class C medical device (i.e. a device that can severely injure or kill). Would love to see technical details about the specific flaw here. Just spending a few minutes searching around I found this interesting reverse engineering work on the Contour Next Link 2.4 USB dongle: https://github.com/szpaku80/reverse-engineering-contour-next... It looks like it's implementing 802.15.4 (the basis for ZigBee among other protocols). The user manual for the Contour Next Link 2.4 device (https://www.medtronicdiabetes.com/sites/default/files/librar...) shows that pairing can be initiated by the USB dongle and succeeds if the user confirms the request on the device. A serial number is displayed but that appears to be under the control of the hypothetical attacker. So the user must know to reject an unexpected request even if it has the right serial number, or the attacker will gain control of their pump and can issue a remote bolus command. This example doesn't have to do with Bluetooth but there's an interesting connection there because most BLE pairing methods have been shown to be insecure to sniffing attacks. That imposes constraints on how medical devices that need Bluetooth connectivity are designed, because it may force a device to have a screen for showing a pairing code when it otherwise would not need one. |
|
|