New ‘Man-in-the-Disk’ Android Vulnerability Affects Via External Storage Devices
Last updated September 23, 2021
CISA warns about a set of vulnerabilities in the Ypsomed ‘MyLife’ app and cloud product which could enable a remote actor to obtain sensitive information or modify the integrity of the data that is being transmitted. When considering that ‘MyLife’ is a medical app created as an accompanying tool for YpsoPump, the implications of the problem become potentially severe. MyLife is meant to help people who have diabetes to manage their substance and food intake, monitor and control their glucose levels, and generally stay safe and healthy.
The four problems found on the app by a team of researchers in Germany are the following:
The Swiss medical device maker has released a fixing update for the app, which came with version 1.7.5. If you’re running anything older than that, go ahead and update your app immediately. As for the Cloud product, version 1.7.2 fixes the above issues, and users of it shouldn’t have to do anything to jump to it.
Unfortunately, using the MyLife YpsoPump insulin pump without the accompanying app is impossible, so if you rely on medical products and the software that comes with it, you should always keep an eye for security issues and also remain vigilant against unexpected data or setting changes. The manipulation of medical devices is a serious problem with potentially catastrophic implications, so users of smart and connected medical devices should be aware of the dangers.