CVE-2018-18975
Description
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A weak certificate-pinning implementation in the Ascensia Contour NEXT ONE iOS app before 2019-01-15 lets an attacker proxy communications, leading to disclosure of medical information.
Vulnerability
The Ascensia Contour NEXT ONE iOS app prior to 2019-01-15 implements certificate pinning in a weak manner, allowing an attacker to proxy communications between the app and Ascensia backend servers. The weakness stems from the client not properly validating the server certificate chain, enabling a man-in-the-middle (MITM) attack [1]. All versions before the 2019-01-15 update are affected.
Exploitation
An attacker with a network position between the mobile app and the backend (e.g., on a compromised Wi-Fi network or via a rogue cellular tower) can bypass the weak certificate pinning and intercept the encrypted TLS connection. The attacker can then proxy all communications, which includes authentication tokens and medical data transmissions [1]. No user interaction beyond using the app is required.
Impact
Successful exploitation allows the attacker to disclose medical information, including glucometer readings and related personal health data [1]. Additionally, an attacker could modify stored glucometer readings by tampering with the proxied requests, potentially affecting medical staff's treatment decisions [1]. The compromise is at the application layer, giving the attacker access to the victim's account profile and synchronized health data.
Mitigation
Ascensia patched the weak certificate-pinning implementation in an update released on 2019-01-15 [1]. Users should ensure the Contour NEXT ONE iOS app is updated to the latest version. No workaround is available for unpatched versions. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Ascensia/Contour NEXT ONE appdescription
- Range: <2019-01-15
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Weak certificate-pinning implementation in the mobile application allows an attacker to bypass pinning checks using a proxy on a jailbroken device."
Attack vector
An attacker with a jailbroken iPhone (or rooted Android device) and Burp Suite's Mobile Assistant can proxy communications between the mobile app and Ascensia backend servers because the certificate-pinning implementation is weak [ref_id=1]. This allows the attacker to intercept and view all HTTPS traffic, including encrypted medical data being synchronized between the glucometer app and the cloud [ref_id=1]. No authentication bypass is required; the weakness is in the client-side pinning logic itself [ref_id=1].
Affected code
The advisory does not specify exact functions or file paths. The weak certificate-pinning implementation exists in the Ascensia Contour NEXT ONE iOS mobile application binary (the "Onyx" executable) [ref_id=1].
What the fix does
The advisory does not include a patch diff. The vendor is noted to have patched the vulnerabilities by the time of the report (before 2019-01-15) [ref_id=1]. The remediation would involve strengthening the certificate-pinning implementation so that a jailbroken device with a proxy tool cannot bypass the pinning check, ensuring that only legitimate Ascensia backend certificates are accepted [ref_id=1].
Preconditions
- configAttacker must have physical access to a jailbroken iPhone or rooted Android device running the Contour NEXT ONE app
- configAttacker must install a proxy tool (e.g., Burp Suite Mobile Assistant) on the device
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- depthsecurity.com/blog/medical-exploitation-you-are-now-diabeticmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.