Security experts hired by the short-selling firm Muddy Waters said in a legal brief filed today that cardiac implants made by St. Jude Medical can be hacked. If hackers can pwn your heart device, the researchers say, they can kill you--from as far away as 100 feet.
At issue is the Merlin@Home transmitter, which according to St. Jude “allows efficient remote care management of patients with implanted cardiac devices through scheduled transmissions and daily alert monitoring.”
Merlin@Home by St. Jude Medical, a remote cardiac device transmitter for health care use.
The security firm Bishop Fox published a 53-page report attached to the legal brief filed Monday in a Minnesota U.S. district court on behalf of the Muddy Waters, which hired Bishop Fox to perform the security analysis, in defense against a lawsuit filed by St. Jude.
"I found that Muddy Waters' and MedSec's statements regarding security issues in the St. Jude Medical implant ecosystem were, by and large, accurate," said Bishop Fox partner Carl Livit in an introduction to the report.
No comment from St. Jude so far.
The report said that the wireless communications protocol used in St. Jude cardiac devices is vulnerable to hacking, making it possible for hackers to convert the company's Merlin@home patient monitoring devices into "weapons" that can cause cardiac implants to stop providing care and deliver shocks to patients.
Bishop Fox tested the attacks from 10 feet (3 meters) away, but said that might be extended to 45 feet (13.7 meters) with an antenna, or 100 feet (30.5 meters) with a transmitting device known as a software defined radio.
Related reading: "Statement from Bishop Fox on Muddy Waters and MedSec Response to St. Jude Medical Lawsuit"
Singhealth, a Singaporean public health service, suffered the worst breach in Singaporean history, losing control of 1.5 million peoples' data; included in the breach was prescription data on 160,000 people, including Singapore's prime minister, Lee Hsien Loong.
Online services increasingly rely on SMS messages for two-factor authentication, which means on the one hand that it's really hard to rip you off without first somehow stealing your phone number, but on the other hand, once someone diverts your SMS messages, they can plunder everything
The porn extortion scam works like this: you get an email from a stranger claiming that he hacked your computer and recorded video of you masturbating to pornography, which he'll release unless you send him some cryptocurrency.
Summer’s here, which brings not only warmer weather but also the unsettling realization that the year is more than halfway over. So, for those who weren’t as productive as they would have liked during the first half of 2018, we’ve rounded up 5 skill course bundles you can start learning today to help you finish […]
It’s good to be proactive, but when it comes to preparing for an emergency situation, one of the most important items you can pack is a flashlight. After all, whatever else you include in your kit won’t be of much use if you can’t see what you’re doing. The Viper 1000-Lumen Tactical Flashlights not only […]
Chances are you took a handful of language classes in high school, and aside from a smattering of conjugations and vocabulary words, the only things you likely remember are the dry, rehearsed sentences that did little to make you speak like a true native. If you’re still hoping to learn a new language but want […]