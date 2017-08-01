from the have-a-heart dept.
Ars Technica is reporting that 465,000 patients have been told to visit their doctor to patch a critical pacemaker vulnerability.
Cardiac pacemakers are small devices that are implanted in a patient's upper chest to correct abnormal or irregular heart rhythms. Pacemakers are generally outfitted with small radio-frequency equipment so the devices can be maintained remotely. That way, new surgeries aren't required after they're implanted. Like many wireless devices, pacemakers from Abbott Laboratories contain critical flaws that allow hijackers within radio range to seize control while the pacemakers are running.
"If there were a successful attack, an unauthorized individual (i.e., a nearby attacker) could gain access and issue commands to the implanted medical device through radio frequency (RF) transmission capability, and those unauthorized commands could modify device settings (e.g., stop pacing) or impact device functionality," Abbott representatives wrote in an open letter to doctors.
Also covered at Reuters.
The Abbot open letter also highlights that the upgrade process is not flawless:
Based on our previous firmware update experience, as with any software update, there is a very
low rate of malfunction resulting from the update. These risks (and their associated rates) include
but are not limited to:
* reloading of previous firmware version due to incomplete update (0.161%),
* loss of currently programmed device settings (0.023%),
* complete loss of device functionality (0.003%), and
* loss of diagnostic data (not reported).