Medtronic (previously) is a notoriously insecure medical implant manufacturer whose devices have been repeatedly shown to be grossly insecure -- their pacemakers can be hacked before leaving the factory!
To make things worse, the company is notably hostile to independent security research and repair.
The latest twist in the saga: Medtronic has been the subject of an FDA security alert, which has prompted the company to finally disable its insecure software updating system (which let hackers push malicious updates to the hardware "wands" used to update pacemakers) for some models (after denying that this was a problem!).
These wands will now have to be updated by USB.
Two models, the Carelink 2090 and the Carelink Encore 2091, could have been tampered with by an attacker modifying their firmware and, in turn, change how the programmers configured the implants. Medtronic said that now not only does it believe those vulnerabilities would be locally exploitable, but could also be targeted by an attacker who was able to remotely access the device.
"Although the programmer uses a virtual private network (VPN) to establish an internet connection with the Medtronic [software distribution network] SDN, the vulnerability identified with this connection is that the programmers do not verify that they are still connected to the VPN prior to downloading updates," the FDA explained.
"To address this cybersecurity vulnerability and improve patient safety, on October 5, 2018, the FDA approved Medtronic's update to the Medtronic network that will intentionally block the currently existing programmer from accessing the Medtronic SDN."
It's the real Heart Bleed: Medtronic locks out vulnerable pacemaker programmer kit [Shaun Nichols/The Register]
Runa Sandvik (previously) is a legendary security researcher who spent many years as a lead on the Tor Project; in 2016, the New York Times hired her as "senior director of information security" where she was charged with protecting the information security of the Times's newsroom, sources and reporters. Yesterday, the Times fired her, eliminating […]
Japan's Henn na Hotel chain, owned by the HIS Group, uses "bed-facing Tapia robots" in its rooms; these robots turn out to be incredibly insecure: you can update them by pairing with them using a NFC sensor at the backs of their heads. The robots do not check the new code for cryptographic signatures, meaning […]
In 2017, Equifax admitted that it had doxed America by leaking the nonconsensual dossiers it builds on the nation, covering up the info while its key employees sold off their stock, and then repeatedly lying about the scope of the breach.
Most people don’t spare a lot of thought on the potting for their plants. Perhaps something with a color that matches the walls, but that’s as far as it goes. After all, the plants don’t care what they’re wearing. Do they? Actually, they might. As eye-catching as the AIRSAI Floating Bonsai Plant Pot is, its […]
With the gains real estate has made over stocks in the past 25 years, it’s easy to see why the rich constantly use it to expand their wealth. What’s slightly less obvious is why only the rich seem to ever break into real estate investment. There are a lot of reasons, but a couple of […]
If you’re a coder, there’s a multitude of avenues for you to take your skills. Whether you’re just jumping into the world of programming or looking to rise up the ranks as an established professional, a wide base of knowledge is key. And this Premium 2020 Learn to Code Certification Bundle is a resource that’s […]