MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Report: New hack could put malware directly on Medtronic pacers, allow full control

Report: New hack could put malware directly on Medtronic pacers, allow full control

By Leave a Comment

Share

Medtronic logo

Vulnerabilities within with Medtronic‘s (NYSE:MDT) pacemakers, its Carelink 2090 pacemaker programmer and associated infrastructure could allow an outside agent to plant malware on the pacers that would allow them to control all shocks delivered by the device, according to a new Wired report.

The vulnerabilities were discovered by security firm Whitescope’s Billy Rios and QED Secure Solutions’ Jonathan Butts, according to the report. Both researchers claim to have been in discussions with Medtronic about the issues, which have also caught the attention of the FDA and the Dept. of Homeland Security.

Rios and Butts said that a chain of vulnerabilities in Medtronic’s infrastructure could allow full control of implanted pacers. The team found the vulnerabilities by assessing Medtronic’s software delivery platform which is designed to deliver updates to the company’s existing devices, according to Wired.

The pair built their own proof-of-concept network after examining the Fridley, Minn.-based medtech giant’s proprietary cloud infrastructure to test for issues without illegally accessing the actual network, according to the report.

Medtronic took 10 months to analyze the submission, after which the company reportedly opted to not act on it, Wired reports.

“Medtronic has assessed the vulnerabilities per our internal process. These findings revealed no new potential safety risks based on the existing product security risk assessment. The risks are controlled, and residual risk is acceptable,” the company wrote, according to the report.

The researchers continue to investigate, and plan to publically show how vulnerabilities in the pacemaker programmer’s connection to Medtronic’s software delivery network could allow such an attack to occur at the Black Hat security conference this week, according to the report.

“We were talking about bringing a live pig because we have an app where you could kill it from your iPhone remotely and that would really demonstrate these major implications. We obviously decided against it, but it’s just a mass scale concern. Almost anybody with the implantable device in them is subject to the potential implications of exploitation,” Butts said, according to the report.

“We’ll just demonstrate the exploits in action and let people decide for themselves,” Rios told Wired.

The researchers suggested that merely releasing advisories related to the vulnerabilities may not be enough, and insinuated that such an exploit could have real life-or-death consequences. They added that the addition of digital code signing could alleviate some of the issues and pointed out that competitors are already using such safety measures in their pacers, according to Wired.

Though Medtronic has not announced plans to release protective measures to eliminate the vulnerabilities, the company said it has acted on vulnerabilities brought to light by Rios and Butts in the past, according to Wired.

Earlier this month, the US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team flagged two Medtronic devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information, according to a HealthITSecurity report.

Only a Few More Days to Register for the most anticipated conference of the winter!

textadimage DeviceTalks West is just a few days away. Join more than 300 of your peers for a day of world-class education, networking, and a technology exhibition featuring the leading companies in the industry.

Don’t miss out on this premier opportunity to come together and share perspectives with the best of the best in the industry.

REGISTER NOW

Use code LASTCHANCE to save an additional 20%.

In case you missed it

RSS From Medical Design & Outsourcing

  • Okay Industries hires director of application development
    Okay Industries announced that it has appointed John Kollar as the new director of application development. He will be based at the company’s New Britain, Conn. headquarters. Kollar will be responsible for supporting product engineering and development, as well as leading the expansion of the company into plastic molding capabilities. “We are excited to welcome… […]
  • Qosina launches e-commerce website redesign
    Qosina has launched a newly redesigned e-commerce website that improves navigation and access. The company announced that the new website offers easier access to Qosina’s products and services. It features an updated product category structure, category-specific filtering to find components easily and downloadable documentation like safety data sheets, technical data sheets and compatibility information. “Our… […]
  • All Sensors adds pressure ranges to its compact sensor series
    All Sensors (Morgan Hill, Calif.) said it has introduced additional pressure ranges to its BLC series. Applications for the series include medical devices, medical instruments and portable/hand held devices. The series now includes high-pressure ranges from 5 psi to 150 psi, offering design engineers performance for pressure ranges of ±1 inH2O through ±30 inH2O, and now 5 psi… […]
  • Synopsys releases new version of Simpleware
    Synopsys (Mountain View, Calif.) has released a new version of its Simpleware 3D data visualization software, which is used in both life science and advanced materials and manufacturing applications. Improvements in the new Simpleware (Version O-2018.12) include: An intelligent number formatting system for better clarity of measurements and statistics. Refreshed icons for more efficient navigation of… […]
  • Solar Atmospheres hires new sales manager
    Solar Atmospheres recently announced that it has hired Mike Paponetti as a sales manager at the company’s South Carolina facility. Paponetti will be responsible for leading sales efforts to maintain and promote sales for Solar Atmosphere in the Southeastern U.S. Prior to joining Solar Atmospheres’s South Carolina facility, Paponetti was regional sales manager at the… […]
  • Excelitas Technologies to buy Axsun Technologies
    Excelitas Technologies (Waltham, Mass.) – a global provider of high-performance photonics – said today that it has signed a definitive agreement to acquire Axsun Technologies. Axsun (Billerica, Mass.) is a privately-held company that develops and produces MEMS-based light engines for high-performance medical imaging and industrial spectroscopy applications. Financial terms of the agreement were not disclosed. The deal… […]
  • November 2018 Special Edition: Women in Medtech
    Lessons learned from top women leaders in medtech According to the Center for American Progress, women account for 47% of the country’s labor force and 52% of all professional-level jobs. The Equal Employment Opportunity Commission reports that just 20% of U.S. high-tech executives, senior officers and management are women, including pharmaceutical and medicine manufacturing and… […]
  • 121nexus rebrands as Soom
    121nexus recently announced that it is rebranding to Soom. As part of the rebranding, the company is also going to exclusively focus on the healthcare industry in its services. “Soom, meaning ‘breath,’ encapsulates all that the company stands for. Like a breath of fresh air, we’re rethinking how the healthcare industry uses proven technologies like… […]
  • This machine-learning system could help treat sepsis sooner
    Massachusetts Institute of Technology researchers have developed a machine-learning system that could help clinicians decide when to treat patients for sepsis in the emergency room. Sepsis is one of the most common reasons for readmission to the hospital and one of the most common causes of death in the ICU. The researchers suggest that most… […]
  • Strata Skin Sciences adds license for excimer laser vitiligo treatment
    Strata Skin Sciences(NSDQ:SSKN) said it has reached an agreement with an “internationally acclaimed health institution” giving Strata an exclusive license to treat vitiligo using its Xtrac excimer laser. In a novel treatment for vitiligo, the excimer laser incrementally increases the light emitted in the UVB range to restore pigmentation to skin areas affected with vitiligo.… […]
  • 5 questions you need to ask when engaging a medical device outsourcer
    A methodical, structured process is key when lining up a medical device outsourcer. That was one of the top takeaways from a webinar that Medical Design & Outsourcing held with top officials at contract manufacturing giant Integer last week. “It’s time well spent to do your due diligence, to dig into these details, and to… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us
Privacy
Add us on FacebookMassDevice Network
Follow us on Twitter@MassDevice
Connect with us on LinkedInLinkedIn
Follow us on YouTube YouTube