MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Report: New hack could put malware directly on Medtronic pacers, allow full control

Report: New hack could put malware directly on Medtronic pacers, allow full control

By

Medtronic logo

Vulnerabilities within with Medtronic‘s (NYSE:MDT) pacemakers, its Carelink 2090 pacemaker programmer and associated infrastructure could allow an outside agent to plant malware on the pacers that would allow them to control all shocks delivered by the device, according to a new Wired report.

The vulnerabilities were discovered by security firm Whitescope’s Billy Rios and QED Secure Solutions’ Jonathan Butts, according to the report. Both researchers claim to have been in discussions with Medtronic about the issues, which have also caught the attention of the FDA and the Dept. of Homeland Security.

Rios and Butts said that a chain of vulnerabilities in Medtronic’s infrastructure could allow full control of implanted pacers. The team found the vulnerabilities by assessing Medtronic’s software delivery platform which is designed to deliver updates to the company’s existing devices, according to Wired.

The pair built their own proof-of-concept network after examining the Fridley, Minn.-based medtech giant’s proprietary cloud infrastructure to test for issues without illegally accessing the actual network, according to the report.

Medtronic took 10 months to analyze the submission, after which the company reportedly opted to not act on it, Wired reports.

“Medtronic has assessed the vulnerabilities per our internal process. These findings revealed no new potential safety risks based on the existing product security risk assessment. The risks are controlled, and residual risk is acceptable,” the company wrote, according to the report.

The researchers continue to investigate, and plan to publically show how vulnerabilities in the pacemaker programmer’s connection to Medtronic’s software delivery network could allow such an attack to occur at the Black Hat security conference this week, according to the report.

“We were talking about bringing a live pig because we have an app where you could kill it from your iPhone remotely and that would really demonstrate these major implications. We obviously decided against it, but it’s just a mass scale concern. Almost anybody with the implantable device in them is subject to the potential implications of exploitation,” Butts said, according to the report.

“We’ll just demonstrate the exploits in action and let people decide for themselves,” Rios told Wired.

The researchers suggested that merely releasing advisories related to the vulnerabilities may not be enough, and insinuated that such an exploit could have real life-or-death consequences. They added that the addition of digital code signing could alleviate some of the issues and pointed out that competitors are already using such safety measures in their pacers, according to Wired.

Though Medtronic has not announced plans to release protective measures to eliminate the vulnerabilities, the company said it has acted on vulnerabilities brought to light by Rios and Butts in the past, according to Wired.

Earlier this month, the US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team flagged two Medtronic devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information, according to a HealthITSecurity report.

In case you missed it

RSS From Medical Design & Outsourcing

  • Download COMSOL News Special Edition Biomedical
    Get instant access to this special edition of COMSOL News where you will read user stories that showcases how simulation enables engineers, researchers, and scientists explore and analyze biomedical designs. Download Now.       The post Download COMSOL News Special Edition Biomedical appeared first on Medical Design and Outsourcing.
  • Qosina adds new tube-to-tube barb connectors
    Qosina has added 25 new tube-to-tube barb connectors to its portfolio, the OEM single-use component supplier for the medical and pharmaceutical industries said this week. Ronkonkoma, New York-based Qosina said its inventory of tube-to-tube barb connectors is available in more than 500 configurations. The connectors can fit inner tube diameters between 1/32 in and 1… […]
  • Abbott imaging catheter recall flagged as Class I by FDA
    The FDA has identified the Abbott (NYSE:ABT) recall of its Dragonfly OpStar Imaging Catheter as a Class I recall. That’s the most serious level of a medical device recall, carrying the risk of serious injury or death. Five incidents, one injury and zero deaths were reported when Abbott initiated the recall on April 11. The… […]
  • Zimmer Biomet adds ESG and CEO visibility to executive’s duties
    Zimmer Biomet (NYSE:ZBH) today announced additional responsibilities for Investor Relations SVP and Chief Communications Officer Keri Mattox. Mattox’s new title at the Warsaw, Indiana-based orthopedics company is chief communications and administration officer. She will be responsible for “building and executing a comprehensive strategy around Environmental, Social and Governance (ESG) initiatives and increasing CEO visibility, engagement… […]
  • ‘Catastrophic explosion’ and resin shortage led Medtronic’s supply chain problems
    Medtronic CEO Geoff Martha today said a “catastrophic explosion” in Medtronic’s supply chain for packaging and a shortage of resins were the biggest issues hurting the company’s fourth-quarter performance. Fridley, Minnesota-based Medtronic (NYSE:MDT) reported about $350 million less in sales than analysts were expecting for the quarter, which ended April 29. Martha said about 75%… […]
  • 3M Health Care Business president is leaving this year
    3M Health Care Business Group President Mojdeh Poul will retire from the company on July 1, 2022. Poul joined Maplewood, Minnesota-based 3M (NYSE:MMM) in 2011 as the global business VP of critical and chronic care solutions. She later became VP and general manager of the company’s food safety business and president of numerous 3M divisions,… […]
  • Iterative Scopes announces positive data in Skout AI colonoscopy algorithm clinical trial
    Iterative Scopes this week announced positive trial data in a study of its colorectal cancer screening algorithm, Skout. Cambridge, Massachusetts-based Iterative Scopes designed Skout as a computer-aided device (CADe) that uses artificial intelligence and computer vision technology to detect suspicious tissue and provide real-time feedback for gastroenterologists performing the procedure. Get the full story on… […]
  • Device developer SeaStar Medical hires chief medical officer
    SeaStar Medical has hired Dr. Kevin Chung as chief medical officer of the medtech developer starting July 1. Denver-based SeaStar is developing a platform therapy focused on hyperinflammation of vital organs. The company’s Selective Cytopheretic Device was designated as a breakthrough device by the FDA earlier this year. SeaStar is set to go public in… […]
  • Varta presents microbattery product portfolio at Computex 2022
    Varta will present its broad product portfolio of microbatteries, which make a wide range of future-proof applications possible, at Computex in Taipei starting today. Varta’s microbattery product portfolio ranges from rechargeable lithium-ion button cells to nickel metal hydride button cells, primary silver oxide cells, primary lithium button cells and cylindrical lithium batteries to hydrogen gas… […]
  • Entegris opens Life Sciences Technology Center in Massachusetts
    Entegris (Nasdaq:ENTG) announced today that it opened a new Life Sciences Technology Center in Billerica, Massachusetts. The new Life Sciences Technology Center was built to offer life sciences customers the opportunity to leverage Entegris’ cold-chain supply expertise to optimize processes, reduce costs and increase speed to market. Get the full story at our sister site,… […]
  • MedAcuity hires SVP of business development
    Medtech software development firm MedAcuity today said it has hired Simon Johnson as SVP of business development. Westford, Massachusetts-based MedAcuity said Johnson previously built the client partner team and managed strategic clients at digital consultancy Mobiquity. He also served as SVP of client services at GreenPages Technologies, responsible for driving services revenue growth leading to… […]