A recent study by Lyrebirds, a cybersecurity consultancy organization from Denmark, reveals that a design protocol vulnerability in the Insulet Omnipod Insulin Management System, aka Omnipod Eros, allows a hacker to take command of the device and send programming commands, which includes instant insulin injection. The flaw was found in the communication protocol, that makes it possible for a threat attacker to cut the signal through jamming or via sending messages after the nonce transmission, without the nonce being invalidated by the device.
The nonce, alone, isn't linked to the device, meaning it can be used for any command the threat actor would like to execute and lets both devices to return to the anticipated, instant program flow, meanwhile continuing to send or set the harmful tactics. The controller and its pump communicate above 433 MHz radio with three packaging layers that exist on top of radio communication, which includes command and respond message and packet. The controller sends an order to the pump and it replies. The programming commands need a 4-byte nonce as the first parameter.
Upon setting off a pump, the pump and the controller exchange the LOT and serial identification of the pump used for seeding a pseudo-random generator within both the pump and the controller. Once paired, the generators stay in synchronization for the lifetime of a pump. If it gets out of sync, a re-sync process is done but the new seed depends on the identification number sent during pump setup. The device needs a message with a serial number to deliver any packet, but it doesn't involve encryption within the system comes.
Experts say that the information sent between controller and device isn't encrypted. As a result, the information in the message and packet headers can be exposed. "For example, the report shows a passive observer could parse the needed information from the pump status before a scheduled time. An attacker could also extract the data directly from the headers they’re trying to exploit from the programming command," SC Media.
