Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday August 15 2018, @08:16AM   Printer-friendly
from the tick-tock-tick-zap dept.

Submitted via IRC for SoyCow1984

Life-saving pacemakers manufactured by Medtronic don't rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients' lives, security researchers said Thursday.

At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they're implanted in patients.

Because updates for the programmer aren't delivered over an encrypted HTTPS connection and firmware isn't digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients.

Source: https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/

Related: A Doctor Trying to Save Medical Devices from Hackers
Security Researcher Hacks Her Own Pacemaker
Updated: University of Michigan Says Flaws That MedSec Reported Aren't That Serious
Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks
After Lawsuits and Denial, Pacemaker Vendor Finally Admits its Product is Hackable
8,000 Vulnerabilities Found in Software to Manage Cardiac Devices
465,000 US Patients Told That Their Pacemaker Needs a Firmware Upgrade
Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by legont on Thursday August 16 2018, @12:54AM

    by legont (4179) on Thursday August 16 2018, @12:54AM (#721980)

    Typically humans are hesitant to kill a nearby victim. Remote murder is no issue with the majority especially if employed for doing such.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2