MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Report: New hack could put malware directly on Medtronic pacers, allow full control

Report: New hack could put malware directly on Medtronic pacers, allow full control

By Leave a Comment

Share

Medtronic logo

Vulnerabilities within with Medtronic‘s (NYSE:MDT) pacemakers, its Carelink 2090 pacemaker programmer and associated infrastructure could allow an outside agent to plant malware on the pacers that would allow them to control all shocks delivered by the device, according to a new Wired report.

The vulnerabilities were discovered by security firm Whitescope’s Billy Rios and QED Secure Solutions’ Jonathan Butts, according to the report. Both researchers claim to have been in discussions with Medtronic about the issues, which have also caught the attention of the FDA and the Dept. of Homeland Security.

Rios and Butts said that a chain of vulnerabilities in Medtronic’s infrastructure could allow full control of implanted pacers. The team found the vulnerabilities by assessing Medtronic’s software delivery platform which is designed to deliver updates to the company’s existing devices, according to Wired.

The pair built their own proof-of-concept network after examining the Fridley, Minn.-based medtech giant’s proprietary cloud infrastructure to test for issues without illegally accessing the actual network, according to the report.

Medtronic took 10 months to analyze the submission, after which the company reportedly opted to not act on it, Wired reports.

“Medtronic has assessed the vulnerabilities per our internal process. These findings revealed no new potential safety risks based on the existing product security risk assessment. The risks are controlled, and residual risk is acceptable,” the company wrote, according to the report.

The researchers continue to investigate, and plan to publically show how vulnerabilities in the pacemaker programmer’s connection to Medtronic’s software delivery network could allow such an attack to occur at the Black Hat security conference this week, according to the report.

“We were talking about bringing a live pig because we have an app where you could kill it from your iPhone remotely and that would really demonstrate these major implications. We obviously decided against it, but it’s just a mass scale concern. Almost anybody with the implantable device in them is subject to the potential implications of exploitation,” Butts said, according to the report.

“We’ll just demonstrate the exploits in action and let people decide for themselves,” Rios told Wired.

The researchers suggested that merely releasing advisories related to the vulnerabilities may not be enough, and insinuated that such an exploit could have real life-or-death consequences. They added that the addition of digital code signing could alleviate some of the issues and pointed out that competitors are already using such safety measures in their pacers, according to Wired.

Though Medtronic has not announced plans to release protective measures to eliminate the vulnerabilities, the company said it has acted on vulnerabilities brought to light by Rios and Butts in the past, according to Wired.

Earlier this month, the US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team flagged two Medtronic devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information, according to a HealthITSecurity report.

In case you missed it

RSS From Medical Design & Outsourcing

  • Summit Medical expands manufacturing facility
    Summit Medical recently announced that it has expanded its St. Paul, Minn. manufacturing facility with an additional 15,000 sq. ft. The addition opened on Feb. 11. The expansion will become a secondary facility for the company’s headquarters that is located less than a mile away. It will also serve as a master distribution center. “The… […]
  • AdvaMed president & CEO Scott Whitaker to participate in keynote interview at DeviceTalks Boston 2019
    WTWH Media and MassDevice.com announced today that Scott Whitaker, president and CEO of AdvaMed, will be a featured keynote speaker at DeviceTalks Boston 2019. DeviceTalks Boston, which takes place on June 5-6, 2019 at the Seaport World Trade Center, brings together engineering, product development and commercialization professionals to share the challenges and best practices of getting medical devices… […]
  • Apollo Endosurgery touts results of stomach-stapling study
      Apollo Endosurgery (NSDQ:APEN) has reported key data from 1,000 patients who underwent endoscopic gastroplasty using the company’s OverStitch device. Published in the journal Gastrointestinal Endoscopy, the data include a mean total weight loss of 14.8%±8.5% at 18 months. Three months following surgery, the impact on obesity-related comorbidities included the complete remission of: 13 of 17 cases… […]
  • Royal Philips introduces new C-arm imaging tech
    Royal Philips (NYSE:PHG) said it has launched a new mobile C-arm imaging platform, Zenition. Mobile C-arms are X-ray systems that are brought into the operating room (OR) to provide live image guidance during a wide range of surgeries including orthopedic, trauma and vascular procedures. The Zenition mobile C-arm platform brings together innovations in image capture, image… […]
  • When human factor specialists become the patient
    By Allison Strochlic, Emergo Group I just had a baby – my second daughter. This means that, like over 98% of my fellow American moms-to-be, I checked into a local hospital to have nurses and doctors oversee what I hoped would be the smooth delivery of my baby. This entitled me to the firsthand experience… […]
  • Medtronic risk prediction tool could help prevent opioid deaths: Here’s how
    Medtronic officials continue to hone their arguments for how the company’s capnography and oximetry systems could reduce potentially deadly opioid-induced respiratory compromise. The medical device giant on Feb. 17 announced preliminary results of its Prodigy study, in which the company’s Microstream and Nellcor monitoring technology provided continuous capnography and oximetry for 1,496 patients across 16 sites in the U.S.,… […]
  • Phillips-Medisize is expanding in Wisconsin
    Phillips-Medisize, a Molex company, has broken ground on a new manufacturing facility in Hudson, Wis., on the eastern end of the Minneapolis-St. Paul metro area. The 34-acre location at the St. Croix Meadows development will support at least 230,000 square feet of manufacturing space for FDA-regulated medical device products, Phillips-Medisize announced yesterday. After construction is complete… […]
  • ReWalk Robotics files for exoskeleton suit clearance
      ReWalk Robotics (NSDQ:RWLK) said it has applied to FDA for 510(k) clearance of its ReStore exoskeleton suit for gait training during stroke rehabilitation. The Yokneam, Israel-based company designed its exo-suit to provide coordinated plantarflexion and dorsiflexion assistance to a patient’s foot and ankle. It recently won insurer reimbursement from Cigna and completed a clinical… […]
  • FDA proposes faster post-inspection feedback
    FDA has issued draft guidance providing for more timely nonbinding feedback following medtech facility inspections to advise whether the companies’ proposed corrective actions appear adequate to the agency. The draft guidance proposes a process by which companies can request nonbinding feedback on certain kinds of observations issued on a Form 483. It outlines a standardized method… […]
  • India CDSCO adds new medical devices to regulated list
    By Stewart Eisenhart, Emergo Group India’s Central Drugs Standard Control Organization (CDSCO) continues expanding oversight to more types of medical devices, now planning to require registration for eight additional device types starting April 1, 2020. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog post are the author’s… […]
  • Empowering Medical Innovation
    From faster medical device development to life-saving surgical planning models, see how full-color, multi-material 3D printing opens up broad possibilities for medical innovation. In this new E-book you’ll learn how the Stratasys J750 can: Produce superior medical models for surgical planning and training Foster better medical devices through faster ideation and prototyping Enable advanced training… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us
Privacy
Add us on FacebookMassDevice Network
Follow us on Twitter@MassDevice
Connect with us on LinkedInLinkedIn
Follow us on YouTube YouTube