Domain: medtronic.com
Stories and comments across the archive that link to medtronic.com.
Stories · 5
-
Medtronic Locks Down Vulnerable Pacemaker Programming Kit Due To Cybersecurity Concerns (theregister.co.uk)
AmiMoJo shares a report from The Register: The U.S. Food and Drug Administration (FDA) is advising health professionals to keep an eye on some of the equipment they use to monitor pacemakers and other heart implants. The watchdog's alert this week comes after Irish medical device maker Medtronic said it will lock some of its equipment out of its software update service, meaning the hardware can't download and install new code from its servers. That may seem counterintuitive, however, it turns out security vulnerabilities in its technology that it had previously thought could only be exploited locally could actually be exploited via its software update network. Malicious updates could be pushed to Medtronic devices by hackers intercepting and tampering with the equipment's internet connections -- the machines would not verify they were actually downloading legit Medtronic firmware -- and so the biz has cut them off. -
Hack Causes Pacemakers To Deliver Life-Threatening Shocks (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: Life-saving pacemakers manufactured by Medtronic don't rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients' lives, security researchers said Thursday. At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they're implanted in patients. Because updates for the programmer aren't delivered over an encrypted HTTPS connection and firmware isn't digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients. Rios and Butts were also able to use a $200 HackRF software-defined radio to hack a Medtronic-made insulin pump and make it withhold a scheduled dose of insulin. Medtronic has released a page that lists all the security advisories they have issued on the pacemakers and insulin pumps. -
Hack Causes Pacemakers To Deliver Life-Threatening Shocks (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: Life-saving pacemakers manufactured by Medtronic don't rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients' lives, security researchers said Thursday. At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they're implanted in patients. Because updates for the programmer aren't delivered over an encrypted HTTPS connection and firmware isn't digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients. Rios and Butts were also able to use a $200 HackRF software-defined radio to hack a Medtronic-made insulin pump and make it withhold a scheduled dose of insulin. Medtronic has released a page that lists all the security advisories they have issued on the pacemakers and insulin pumps. -
Acid-Detecting Biomedical Transmitter Available
SEWilco writes: "This Medtronic press release announces a wireless stomach monitor. Actually, it's fastened internally ( and is less unpleasant than the older testing method) just above the stomach to detect acid getting to the wrong place. Results are sent to an external device, later uploaded for analysis. It's not as elaborate as the swallowable camera we've discussed, but this has been commercially introduced so there will be people walking around with these...for the few days that they last. It's available in the trendy translucent case design, but by prescription only. I suspect the over-the-counter market is rather small." -
Acid-Detecting Biomedical Transmitter Available
SEWilco writes: "This Medtronic press release announces a wireless stomach monitor. Actually, it's fastened internally ( and is less unpleasant than the older testing method) just above the stomach to detect acid getting to the wrong place. Results are sent to an external device, later uploaded for analysis. It's not as elaborate as the swallowable camera we've discussed, but this has been commercially introduced so there will be people walking around with these...for the few days that they last. It's available in the trendy translucent case design, but by prescription only. I suspect the over-the-counter market is rather small."