A team of IBM security researchers uncovered a potential vulnerability in software from Thales that could affect insulin pumps.
IBM’s “X-Force Red” team discovered the internet of things (IoT) vulnerability that can be remotely exploited in September 2019 with Thales’ Cinterion EHS8 M2M module, according to a report from SecurityIntelligence.
The software is used in several internet-connected devices, which include medical monitoring devices such as insulin pumps for people with diabetes.
Thales confirmed the vulnerability can affect other modules within the same product line of the EHS8 (BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, PLS62), all of which are mini circuit boards that enable mobile communication in IoT devices.
According to the report, the modules store and run code containing confidential information, creating the potential for attackers to gain control of devices or networks and conduct widespread attacks, like o…