SoylentNews is people
SoylentNews
Ars Technica is reporting that 465,000 patients have been told to visit their doctor to patch a critical pacemaker vulnerability.
Cardiac pacemakers are small devices that are implanted in a patient's upper chest to correct abnormal or irregular heart rhythms. Pacemakers are generally outfitted with small radio-frequency equipment so the devices can be maintained remotely. That way, new surgeries aren't required after they're implanted. Like many wireless devices, pacemakers from Abbott Laboratories contain critical flaws that allow hijackers within radio range to seize control while the pacemakers are running.
"If there were a successful attack, an unauthorized individual (i.e., a nearby attacker) could gain access and issue commands to the implanted medical device through radio frequency (RF) transmission capability, and those unauthorized commands could modify device settings (e.g., stop pacing) or impact device functionality," Abbott representatives wrote in an open letter to doctors.
Also covered at Reuters.
The Abbot open letter also highlights that the upgrade process is not flawless:
Based on our previous firmware update experience, as with any software update, there is a very
low rate of malfunction resulting from the update. These risks (and their associated rates) include
but are not limited to:
* reloading of previous firmware version due to incomplete update (0.161%),
* loss of currently programmed device settings (0.023%),
* complete loss of device functionality (0.003%), and
* loss of diagnostic data (not reported).
(Score: 3, Interesting) by HiThere on Thursday August 31 2017, @05:51PM (2 children)
It's actually quite important that they have firmware that's externally modifiable. You don't want to have to have heart surgery every time there's a slight change in response (which happens over time and should be expected). But there should be no reason that this isn't done with an extremely close range device. In fact, that was the only way to do it until fairly recently. (Not sure about the details, but it involved placing a thick ring directly over the pacemaker in contact with the skin. I think it was done with magnetism rather than em radiation for better penetration. This would seem to imply that sensitivity fell off with the 4th power of the distance rather than just the cube.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2, Informative) by Anonymous Coward on Thursday August 31 2017, @07:31PM
to do it [...] involved placing a thick ring directly over the pacemaker in contact with the skin
The ring does have a little bit of heft to it.
It's a loop antenna for wireless communication.
There's copper in it and and probably some epoxy potting/filler and it has a housing that's fairly rugged (it gets a lot of use over its lifetime).
Typically, the cord will be looped around the back of your neck and the end bit will be draped down over your device.
This can be done without opening your garment or contacting your skin.
Now, if they need to do an analysis of your body's own electrical activity, they will have you open your shirt so that they can stick adhesive electrode pads to your skin.
I'm on my second device (batteries get depleted).
The ring gizmo got a bit lighter with the 2nd brand/another generation.
The gizmo records and saves unusual events on a stack.
That's what they want to download and analyze periodically to check the device (e.g. battery level) and your cardiac condition, of course.
There's even an in-home online DIY option nowadays.
WRT the technology, I've never had any particular concern.
Mine isn't/wasn't involved in any recalls/bulletins/whatever.
The tech on my most recent checkout was aware of the events concerning the St. Jude's device but my cardiologist wasn't.
The only thing that has gotten my attention WRT my pacemakers was that the company/brand/business of the 1st device was acquired by another company.
(Reaganomics again.)
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Virindi on Thursday August 31 2017, @08:09PM
To each their own. If I had a device implanted in my chest keeping me alive, I would consider feature creep, bugs in overly complex logic, and vulnerabilities more dangerous than the benefit to be gained by adding new code.