CVE-2020-27264

Name of the Vulnerable Software and Affected Versions: SOOIL Developments Co., Ltd Diabecare RS (affected versions not specified) AnyDana-i (affected versions not specified) AnyDana-A (affected versions not specified)

Description: The communication protocol of the insulin pump and its mobile applications uses deterministic keys, allowing unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.

Recommendations: For SOOIL Developments Co., Ltd Diabecare RS, consider restricting Bluetooth Low Energy access to minimize the risk of exploitation. For AnyDana-i, restrict access to the mobile application's communication protocol until a patch is available. For AnyDana-A, avoid using the deterministic keys in the communication protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.