Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Authentication Bypass by Capture-replay
Medtronic MiniMed MMT
devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
Description: CWE-294 Authentication Bypass by Capture-replay
Metrics
Version
Base score
Base severity
Vector
3.1
5.3
MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version:3.1
Base score:5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
The remote option is turned off in the pump by default.
Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic.
Medtronic has released additional patient focused information https://www.medtronic.com/security .
Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic.
Exploits
Credits
finder
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities to CISA.