Report: New hack could put malware directly on Medtronic pacers, allow full control

August 13, 2018 By Fink Densford Leave a Comment

Vulnerabilities within with Medtronic‘s (NYSE:MDT) pacemakers, its Carelink 2090 pacemaker programmer and associated infrastructure could allow an outside agent to plant malware on the pacers that would allow them to control all shocks delivered by the device, according to a new Wired report.

The vulnerabilities were discovered by security firm Whitescope’s Billy Rios and QED Secure Solutions’ Jonathan Butts, according to the report. Both researchers claim to have been in discussions with Medtronic about the issues, which have also caught the attention of the FDA and the Dept. of Homeland Security.

Rios and Butts said that a chain of vulnerabilities in Medtronic’s infrastructure could allow full control of implanted pacers. The team found the vulnerabilities by assessing Medtronic’s software delivery platform which is designed to deliver updates to the company’s existing devices, according to Wired.

The pair built their own proof-of-concept network after examining the Fridley, Minn.-based medtech giant’s proprietary cloud infrastructure to test for issues without illegally accessing the actual network, according to the report.

Medtronic took 10 months to analyze the submission, after which the company reportedly opted to not act on it, Wired reports.

“Medtronic has assessed the vulnerabilities per our internal process. These findings revealed no new potential safety risks based on the existing product security risk assessment. The risks are controlled, and residual risk is acceptable,” the company wrote, according to the report.

The researchers continue to investigate, and plan to publically show how vulnerabilities in the pacemaker programmer’s connection to Medtronic’s software delivery network could allow such an attack to occur at the Black Hat security conference this week, according to the report.

“We were talking about bringing a live pig because we have an app where you could kill it from your iPhone remotely and that would really demonstrate these major implications. We obviously decided against it, but it’s just a mass scale concern. Almost anybody with the implantable device in them is subject to the potential implications of exploitation,” Butts said, according to the report.

“We’ll just demonstrate the exploits in action and let people decide for themselves,” Rios told Wired.

The researchers suggested that merely releasing advisories related to the vulnerabilities may not be enough, and insinuated that such an exploit could have real life-or-death consequences. They added that the addition of digital code signing could alleviate some of the issues and pointed out that competitors are already using such safety measures in their pacers, according to Wired.

Though Medtronic has not announced plans to release protective measures to eliminate the vulnerabilities, the company said it has acted on vulnerabilities brought to light by Rios and Butts in the past, according to Wired.

Earlier this month, the US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team flagged two Medtronic devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information, according to a HealthITSecurity report.

MTD Micro Molding late president to be inducted into Plastics Hall of Fame
MTD Micro Molding this week announced that its late president Dennis Tully will be inducted into the Plastics Academy’s Plastics Hall of Fame. Tully is one of six posthumous inductees this year, who are elected by living members of the Hall of Fame after a screening process. “These new posthumous inductees proudly represent the length… […]
This neural implant can be both remotely charged and programmed
Engineers at Rice University’s Brown School of Engineering are touting the first neural implant capable of being programmed and charged remotely with a magnetic field. Kaiyuan Yang, Jacob Robinson, Zhanghao Yu and Joshua Chen collaborated to develop the integrated MagNI (magnetoelectric neural implant) microsystem, which could allow imbedded devices such as a spinal cord stimulator… […]
Integer shares up after Street-beating Q4
Integer Holdings (NYSE:ITGR) shares were up at close today on fourth-quarter results that topped the consensus forecast, despite a big dip in profits. The Plano, Texas-based company posted profits of $11 million, or 33¢ per share, on sales of $325.6 million for the three months ended Dec. 31, 2019, for a 57.2% bottom-line slide on sales… […]
These young medtech companies raised the most money in 2019
Medical device industry insiders may very well remember 2019 as the year that IPOs came back — but another sign that the U.S. economy has left the Great Recession far behind. Among the top investment deals in the space, half involved public offerings, according to the MoneyTree report from PricewaterhouseCoopers (PwC) and CB Insights. Total investments in… […]
Teleflex Medical OEM acquires medical tubing company
Teleflex Medical OEM (Wayne, Pa.), today announced the acquisition of IWG High Performance Conductors (HPC), a medical tubing and wire components manufacturer. The addition bolsters Teleflex Medical OEM’s position in the arena of custom-engineered medical devices and its ability to provide clients with technologies used in electrophysiology, drug- and stent-delivery and neurovascular interventions, according to… […]
Integer expands to Israel
Integer Holdings (NYSE:ITGR) today announced it has acquired medtech manufacturer Inomec, formally establishing its presence in Israel. The Plano, Texas-based company said the acquisition will enable it to create an R&D and sales center in the region and adds important catheter design, clinical and pilot manufacturing capabilities to its portfolio. “Acquiring Inomec strengthens our research… […]
Why non-magnetic capacitors matter in medical imaging
The quality of an MRI image depends on the homogeneity, or uniformity, of the magnetic field. Component material choice is paramount; even the smallest trace of magnetism inside an MRI scanner can disrupt the field and harm the quality of an MRI image. Peter Matthews, Knowles Precision Devices Magnetic resonance imaging (MRI) equipment uses a… […]
This heart valve can adapt as a child grows
Boston Children’s Hospital is touting a new design that could allow children to maintain the same prosthetic heart valve until adulthood, which could also benefit adults with heart valve defects. Current prosthetic heart valves implanted in children with congenital heart disease are fixed in size, which requires multiple open-heart surgeries during childhood to replace the… […]
Simulating Reality With 3D Printed Medical Models
The medical breakthroughs that cure disease, restore health and prolong life aren’t created in a vacuum. They rely on the convergence of visionary minds and cutting-edge technology. This case study explores how the Jacobs Institute is leveraging 3D printing technology from Stratasys® to elevate medical device innovation and training, using ultrarealistic anatomical models created by… […]
These ‘smart’ bandages could heal chronic woulds
UConn biomedical engineers are touting a wirelessly controlled “smart” bandage and corresponding platform for delivering medications to chronic, non-healing wounds. UConn’s School of Dental Medicine, School of Medicine and School of Engineering comprise the biomedical engineering department, which contributed to developing the smart bandage. Ali Tamayol, an associate professor at UConn, led the development of… […]
How to cook up a successful medtech company
New medical device companies need much more than money to get their businesses started. A medtech-specific accelerator can help with seed funding and positioning for a Series A round. Shai Policker, MEDX Xelerator As we dive into 2020, the medtech sector will continue to offer tremendous opportunity for innovators and investors alike, with growth projected… […]