Ars Technica is reporting that 465,000 patients have been told to visit their doctor to patch a critical pacemaker vulnerability.
Cardiac pacemakers are small devices that are implanted in a patient's upper chest to correct abnormal or irregular heart rhythms. Pacemakers are generally outfitted with small radio-frequency equipment so the devices can be maintained remotely. That way, new surgeries aren't required after they're implanted. Like many wireless devices, pacemakers from Abbott Laboratories contain critical flaws that allow hijackers within radio range to seize control while the pacemakers are running.
"If there were a successful attack, an unauthorized individual (i.e., a nearby attacker) could gain access and issue commands to the implanted medical device through radio frequency (RF) transmission capability, and those unauthorized commands could modify device settings (e.g., stop pacing) or impact device functionality," Abbott representatives wrote in an open letter to doctors.
Also covered at Reuters.
The Abbot open letter also highlights that the upgrade process is not flawless:
Based on our previous firmware update experience, as with any software update, there is a very
low rate of malfunction resulting from the update. These risks (and their associated rates) include
but are not limited to:
* reloading of previous firmware version due to incomplete update (0.161%),
* loss of currently programmed device settings (0.023%),
* complete loss of device functionality (0.003%), and
* loss of diagnostic data (not reported).
Related Stories
Submitted via IRC for SoyCow3941
About 350,000 implantable defilibrators are up for a firmware update, to address potentially life-threatening vulnerabilities.
Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices. The update will strengthen the devices' protection against unauthorized access, as the provider said in a statement on its website: "It is intended to prevent anyone other than your doctor from changing your device settings."
The patch is part a planned series of updates that began with pacemakers, programmers and remote monitoring systems in 2017, following 2016 claims by researchers that the then-St. Jude's cardiac implant ecosystem was rife with cybersecurity flaws that could result in "catastrophic results."
Source: https://threatpost.com/abbott-addresses-life-threatening-flaw-in-a-half-million-pacemakers/131709/
Related: A Doctor Trying to Save Medical Devices from Hackers
Security Researcher Hacks Her Own Pacemaker
Updated: University of Michigan Says Flaws That MedSec Reported Aren't That Serious
Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks
After Lawsuits and Denial, Pacemaker Vendor Finally Admits its Product is Hackable
8,000 Vulnerabilities Found in Software to Manage Cardiac Devices
465,000 US Patients Told That Their Pacemaker Needs a Firmware Upgrade
Submitted via IRC for SoyCow1984
Life-saving pacemakers manufactured by Medtronic don't rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients' lives, security researchers said Thursday.
At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they're implanted in patients.
Because updates for the programmer aren't delivered over an encrypted HTTPS connection and firmware isn't digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients.
Related: A Doctor Trying to Save Medical Devices from Hackers
Security Researcher Hacks Her Own Pacemaker
Updated: University of Michigan Says Flaws That MedSec Reported Aren't That Serious
Fatal Flaws in Ten Pacemakers Make for Denial of Life Attacks
After Lawsuits and Denial, Pacemaker Vendor Finally Admits its Product is Hackable
8,000 Vulnerabilities Found in Software to Manage Cardiac Devices
465,000 US Patients Told That Their Pacemaker Needs a Firmware Upgrade
Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers
(Score: 2, Funny) by Anonymous Coward on Thursday August 31 2017, @04:56PM
"We're going to cut you open and tinker with your ticker."
"Could you dumb it down a shade?"
- Julius Hibbert and Homer Simpson in "Homer's Triple Bypass"
(Score: 4, Interesting) by Virindi on Thursday August 31 2017, @05:11PM (7 children)
Why do these devices even HAVE firmware? I understand having settings, but even safeguarding them with a (decently long) secret code would be sufficient.
Other implanted devices (such as cochlear implants) are based on ASIC logic without "code" that can be modified. Some such devices are even modular, so that replacing the logic module can be minimally invasive since it sits just under the skin, and that can be done without messing with the part that is actually implanted in the nerves.
Yes, of course, hardware logic and software logic are both logic. But generally we are talking about a large difference in complexity; software makes it too tempting to increase logic complexity and sequentially executed code is less resilient to error than logic implemented in gate truth tables and registers (sequential logic has a "lose your place" failure mode that is not present in purely parallel gate logic).
As for security, cryptography already means you are making things too complex. Pick a decently long* secret modification code and embed it in the hardware (such as with write once memory). Give a copy to the patient, the doctor, and store a copy at the company. Then any command which is not prefixed by the code should be rejected by the hardware. This is easy and relatively foolproof to implement and has the positive side effect of not really being possible to drm-ize commands from the doctor's control once they have the key. Obviously any cryptography that gives implanted device control solely to the manufacturer is an antifeature.
*Clearly the best thing to do would be to select a key so long that it cannot be guessed in any human lifetime given the communication rate, and freely allow attempts, to prevent denial of service lockouts.
(Score: 2) by Virindi on Thursday August 31 2017, @05:19PM (1 child)
Note to pedants: when I refer to basing things on parallel logic I understand that anything that has serial command input must store state. I just mean avoiding sequentially executed opcode programs.
(Score: 3, Funny) by frojack on Thursday August 31 2017, @07:28PM
Those aren't the source of the problem here.
The less you do in opcode the more you have to do in discrete electronic components or massively complex and expensive gate arrays.
You seem to be prefer an F35 in the chest rather than the paper airplane that does the job.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by HiThere on Thursday August 31 2017, @05:51PM (2 children)
It's actually quite important that they have firmware that's externally modifiable. You don't want to have to have heart surgery every time there's a slight change in response (which happens over time and should be expected). But there should be no reason that this isn't done with an extremely close range device. In fact, that was the only way to do it until fairly recently. (Not sure about the details, but it involved placing a thick ring directly over the pacemaker in contact with the skin. I think it was done with magnetism rather than em radiation for better penetration. This would seem to imply that sensitivity fell off with the 4th power of the distance rather than just the cube.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2, Informative) by Anonymous Coward on Thursday August 31 2017, @07:31PM
to do it [...] involved placing a thick ring directly over the pacemaker in contact with the skin
The ring does have a little bit of heft to it.
It's a loop antenna for wireless communication.
There's copper in it and and probably some epoxy potting/filler and it has a housing that's fairly rugged (it gets a lot of use over its lifetime).
Typically, the cord will be looped around the back of your neck and the end bit will be draped down over your device.
This can be done without opening your garment or contacting your skin.
Now, if they need to do an analysis of your body's own electrical activity, they will have you open your shirt so that they can stick adhesive electrode pads to your skin.
I'm on my second device (batteries get depleted).
The ring gizmo got a bit lighter with the 2nd brand/another generation.
The gizmo records and saves unusual events on a stack.
That's what they want to download and analyze periodically to check the device (e.g. battery level) and your cardiac condition, of course.
There's even an in-home online DIY option nowadays.
WRT the technology, I've never had any particular concern.
Mine isn't/wasn't involved in any recalls/bulletins/whatever.
The tech on my most recent checkout was aware of the events concerning the St. Jude's device but my cardiologist wasn't.
The only thing that has gotten my attention WRT my pacemakers was that the company/brand/business of the 1st device was acquired by another company.
(Reaganomics again.)
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Virindi on Thursday August 31 2017, @08:09PM
To each their own. If I had a device implanted in my chest keeping me alive, I would consider feature creep, bugs in overly complex logic, and vulnerabilities more dangerous than the benefit to be gained by adding new code.
(Score: 3, Interesting) by frojack on Thursday August 31 2017, @07:17PM (1 child)
Why wouldn't you want to have the firmware update-able?
Its not just settings that need changing periodically. There are totally new functions that can be added, new measurements and logging tht are developed over time.
Pacemakers and pacemaker usage are not a static thing. Your lifestyle will change, (most often for the better) with a pacemaker, and it needs to be adjusted. Most of these settings can be JUST settings. But new research comes along and recommends changes in pulse frequency, and waveform, allowing defibrillation, data extraction, etc. that go way beyond simple settings.
Then there is the whole remote access capability. That't what requires THIS particular security update.
Remote access is possible within a 50 foot radius. Why so large a radius. 5mm would have been overkill. 50 foot is absurd.
Why shouldn't functions and security be upgrade-able in microcode? Nobody invents anything and gets it perfect the first time. Inventing the ability to fix it without surgery seems a natural advantage.
Most device batteries will last at least 5 to 7 years, depending on use. After that time, the battery or pulse generator will need to be replaced.
Replacing a pacemaker battery/generator may be done on an outpatient basis, however many more may include an overnight stay in the hospital
More detailed programming capability is less surgery.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday August 31 2017, @08:01PM
...or more. Modern devices are getting more frugal.
Batteries are improving as well.
After that time, the battery [...] will need to be replaced
Unless you know something that I don't, the whole (sealed) unit always gets replaced.
Replacing a pacemaker battery/generator may be done on an outpatient basis
This is news to me.
My devices have been implanted under the skin and they had to slice me to get those in/out.
They then want to watch you for e.g. infection, blood pressure, correct operation of the device.
Definitely inpatient stuff.
My device is in my chest with the leads going downward.
I understand that there is a newer generation of devices which go on your side, under your arm, with the leads going upward.
(Can't seem to Google up a picture.)
Maybe there's a major breakthrough with those.
I kinda doubt that it's -that- big a breakthrough as to allow outpatient replacement of a device.
Now, it might be that you're thinking of this being done under a local anesthetic rather than a general anesthetic.
-That- is a thing.
-- OriginalOwner_ [soylentnews.org]
(Score: 5, Funny) by Bot on Thursday August 31 2017, @06:39PM
Now you know how it feels to have your firmware updated, eh, meatbags?
Account abandoned.
(Score: 3, Informative) by captain_nifty on Thursday August 31 2017, @08:09PM (1 child)
Complete loss of device functionality (0.003%) * 465,000 patients = 14 people
14 people will have their pacemakers fail completely from this update, hopefully the medical staff is competent enough to keep them alive post failure until a new pacemaker can be surgically installed, but I wouldn't bet on it.
(Score: 2, Interesting) by Anonymous Coward on Thursday August 31 2017, @09:13PM
hopefully the medical staff is competent enough to keep them alive post-failure
I'm 100 percent paced.
If my device quits, I'm dead.
(When Carrie Fisher's heart quit, they gave CPR for 10 - 15 minutes before the airplane got onto the ground; she never regained a self-sustaining state.)
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by snufu on Thursday August 31 2017, @11:26PM
"It looks like your heart is trying to beat. Would you like help wi--" BSOD
(Score: 2) by Murdoc on Thursday August 31 2017, @11:29PM (1 child)
Does anyone else see the similarity between this and a certain plot element from Deus Ex 3? Make sure your upgrades don't include wi-fi!
Seriously, between this and the IoT, the zombie apocalypse scenario doesn't seem so far fetched anymore.
(Score: 0) by Anonymous Coward on Friday September 01 2017, @02:01AM
Unless all those nutjobs where partially right about brain controlling microchips but wrong as to where/when you get them...
(Score: 0) by Anonymous Coward on Thursday August 31 2017, @11:49PM
...sent in an envelope with a very large window?