Medtronic Locks Down Vulnerable Pacemaker Programming Kit Due To Cybersecurity Concerns (theregister.co.uk)

← Back to Stories (view on slashdot.org)

Medtronic Locks Down Vulnerable Pacemaker Programming Kit Due To Cybersecurity Concerns (theregister.co.uk)

Posted by BeauHD on Monday October 15, 2018 @10:00PM from the locked-down dept.

AmiMoJo shares a report from The Register: The U.S. Food and Drug Administration (FDA) is advising health professionals to keep an eye on some of the equipment they use to monitor pacemakers and other heart implants. The watchdog's alert this week comes after Irish medical device maker Medtronic said it will lock some of its equipment out of its software update service, meaning the hardware can't download and install new code from its servers. That may seem counterintuitive, however, it turns out security vulnerabilities in its technology that it had previously thought could only be exploited locally could actually be exploited via its software update network. Malicious updates could be pushed to Medtronic devices by hackers intercepting and tampering with the equipment's internet connections -- the machines would not verify they were actually downloading legit Medtronic firmware -- and so the biz has cut them off.

22 of 40 comments (clear)

Min score:

Reason:

Sort:

And IoT will be much more secure... right by Mathinker · 2018-10-15 22:12 · Score: 4, Interesting

We're talking a device which when it malfunctions, kills (or could kill) someone. And still the manufacturer didn't get the basics of security correct: using signed software updates.
How can we believe that IoT devices, which are manufactured with much less profit overhead, will be more secure? (Unless somehow regulated -- which also didn't for for those FDA-approved pacemakers).
1. Re:And IoT will be much more secure... right by Mathinker · 2018-10-15 22:18 · Score: 1
  
  Errata:
  "which also didn't for for those FDA-approved pacemakers" -> "which also didn't work for those FDA-approved pacemaker programmers"
2. Re:And IoT will be much more secure... right by JaredOfEuropa · 2018-10-15 22:27 · Score: 2
  
  Does the FDA approval process include an audit of IT security measures and practices?
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
3. Re:And IoT will be much more secure... right by AmiMoJo · 2018-10-15 22:33 · Score: 1
  
  The FDA alert notice says that the FDA made the determination that there was a problem, so it sounds like they didn't realize during the approval process but have figured it out now.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:And IoT will be much more secure... right by gnasher719 · 2018-10-15 22:44 · Score: 2, Interesting
  
  To put this into perspective: Anyone having _any_ pacemaker is vulnerable to non-electronic attacks involving loaded guns, and there are many more people capable of doing such an attack than the electronic attack.
5. Re: And IoT will be much more secure... right by BanHammer · 2018-10-15 22:56 · Score: 3, Insightful
  
  I don't think anyone wants you to believe that IoT devices will be much more secure. They just claim to add some small convenience to your life and the masses are buying them like hotcakes with little concern for security or privacy.
6. Re:And IoT will be much more secure... right by Anonymous Coward · 2018-10-15 22:56 · Score: 1
  
  but an electronics attack could happen from anywhere in the world and leave practically no trace, not so easy with a gun
7. Re:And IoT will be much more secure... right by JaredOfEuropa · 2018-10-16 00:18 · Score: 1
  
  Those are two different things: finding a problem in approved hardware and acting on that, or actively looking for problems and gaps during the approval process. Which would include for example the aforementioned lack of signed software updates.
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
8. Re:And IoT will be much more secure... right by jellomizer · 2018-10-16 00:35 · Score: 2
  
  The problem is no one wants to add 6 additional months to a product to make it much more secure.
  Then there is getting people who are willing to think about security problems when making such products.
  A good security design is much more then a normal checklist of items. It is designing your product in a way that you will assume that any level of your application could be broken into. So you need to make sure that each level once in will need to limit what damage it could do.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
How does it improve security? by enriquevagu · 2018-10-15 22:53 · Score: 2, Insightful

The original company stops making updates available.
Before that, a hacker could impersonate the update server (probably using a MITM attack) so the device received a hacked firmware, not the legit one. But if no hacking occurs, the device receives a legit update.
After the change, if a hacker impersonates the (unavailable) update server, the device can only find the hacked firmware, never the legit one.
How is this exactly improving security?
1. Re:How does it improve security? by gnasher719 · 2018-10-15 23:51 · Score: 2
  
  How is this exactly improving security?
  Depends on how they are doing it. If you try to update an iPhone, the iPhone will ask Apple if the update is legit. Maybe they did something similar, but hackers found ways to create updates that will be identified as "legitimate". All they need to change is the "legitimate" checker to always return "NO".
2. Re:How does it improve security? by dissy · 2018-10-16 00:35 · Score: 1
  
  After the change, if a hacker impersonates the (unavailable) update server, the device can only find the hacked firmware, never the legit one.
  How is this exactly improving security?
  "The change" was to push an update that modifies the software to never attempt to retrieve updates.
  It improves the security in a way, because a hacker impersonating the update server would never get any hits to download those updates.
  Obviously it isn't the type of improvement that's desired, to sign updates to ensure they are from the right source, but ultimately if the computers aren't connecting anywhere to attempt to download updates, both methods still result in no malicious updates being retrieved.
3. Re:How does it improve security? by AmiMoJo · 2018-10-16 00:36 · Score: 2
  
  From what I can get from their web site the diagnostic system is basically a PC that downloads a firmware image, and then uploads it to the pacemaker. The pacemaker itself never connects directly to the internet.
  The update disables the online update mechanism on the diagnostic equipment entirely. Presumably they could still send out a USB flash drive with new firmware if required. But the diagnostic PC won't even look for new firmware any more.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:How does it improve security? by jellomizer · 2018-10-16 00:49 · Score: 2
  
  Perhaps. But these things are being implanted on Baby Boomers, That generation made suing people for any sort of damages (Real or imaginary) cool and the trendy thing to do.
  Granted it is probably a bit better then the old way, where they would just shoot each other.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Re:And IoT will be much more secure... by Alwin+Henseler · 2018-10-16 00:26 · Score: 1

From the article:

The security bugs are not present in the implants themselves, but rather in Medtronic "programmers," which doctors and medics connect to patients' implants during and after surgery, allowing them to check battery levels, monitor heart rhythms, and adjust any settings.

So -in this case- it's not patients' pacemakers etc at risk, but the equipment that monitors those pacemakers & perhaps adjust their settings. I'd imagine that as a hacker, you could (perhaps) still do some damage like adjust settings to the point where a pacemaker becomes ineffective. But this is rather different from upload-compromised-firmware-to-implant, which the summary might suggest to some.
Security not even an agenda item by ArhcAngel · 2018-10-16 00:49 · Score: 4, Insightful

I worked for a competitor to Medtronics that manufactured pacemakers in the 90s. The "state of the art" communication with the IC was an antenna that used PWM to talk. As long as you knew the handshake you could program it however you wanted. But if you wanted to be malicious you didn't even need to go to that much trouble. Many remember the signs posted in convenient stores that had microwave ovens because the stray noise from them could literally wipe out the programming on a pacemaker.

--
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
How is this not a solved problem by cciechad · 2018-10-16 00:59 · Score: 2

Sign the code with a private key and compare a hash. Secure devices have been doing this for some time.

--
https://www.fsf.org/associate/support_freedom
Updating... Please Wait. by kackle · 2018-10-16 04:14 · Score: 1

I write embedded firmware for a living. Someone mentioned using keys/certificates. I don't see how such a small device with limited power can deal with the heft of full digital security.

Further, it's a pacemaker! It does the same thing as they did decades ago, no? Why are there even post-factory updates?!
Incomplete solution... by dkman · 2018-10-16 06:36 · Score: 1

...medical device maker Medtronic said it will lock some of its equipment out of its software update service, meaning the hardware can't download and install new code from its servers. That may seem counterintuitive... Malicious updates could be pushed to Medtronic devices by hackers intercepting and tampering with the equipment's internet connections -- the machines would not verify they were actually downloading legit Medtronic firmware -- and so the biz has cut them off.
If this is right, locking them out of the service on the server side doesn't do a damn thing. You need to tell the devices to stop "looking for updates". All this does is let's me know that if I got an update after the shutdown then it's fake.
Cutting off the server side still allows a device to look for updates and if a man-in-the-middle answers it will allow the update, because the whole problem is that it's not verifying the update's source.

--
I refuse to sign
1. Re:Incomplete solution... by dkman · 2018-10-16 06:50 · Score: 1
  
  After reading some of the other comments it appears they made one "final" update that tells the devices to stop looking for updates. So that works.
  
  --
  I refuse to sign
Re:Anyone surprised? by Woeful+Countenance · 2018-10-16 06:38 · Score: 1

There's only one solution to this ... companies bear full legal liability for the security of their products.
The problem with that is that instead of having insecure pacemakers, we'd have no pacemakers at all, which would be worse. Or they'd cost a lot more, to support the cost of fighting lawsuits and paying fines. There has to be a middle ground somewhere.
I owe Hacknet an apology.. by modi123 · 2018-10-16 08:21 · Score: 1

I thought Hacknet was full it, but here I see I was wrong. That event just seemed a little.. too far.. on the far side of the reality bright-line. Whoops.
https://store.steampowered.com...