KRACK Wi-Fi Vulnerability Affects BD Medical Devices

Becton, Dickinson and Company (BD) released a security bulletin detailing how their medical devices can be affected by the Key Reinstallation Attack (KRACK) flaw, a vulnerability in the Wi-Fi Protected Access II (WPA2) protocol used to secure modern Wi-Fi networks. A threat actor within range of the affected Wi-Fi network could conduct Man-in-the-Middle (MitM) attacks, exfiltrate data, and change patient records. BD has released patches for some of its vulnerable devices and will release additional patches  for the remaining devices. The NJCCIC recommends all users and administrators of BD manufactured devices review the BD Product Security Bulletin for a list of affected products and the NJCCIC Vulnerability Advisory for details on the KRACK vulnerability, and apply the necessary updates as soon as they are made available.