Medtronic (previously) is a notoriously insecure medical implant manufacturer whose devices have been repeatedly shown to be grossly insecure -- their pacemakers can be hacked before leaving the factory!
To make things worse, the company is notably hostile to independent security research and repair.
The latest twist in the saga: Medtronic has been the subject of an FDA security alert, which has prompted the company to finally disable its insecure software updating system (which let hackers push malicious updates to the hardware "wands" used to update pacemakers) for some models (after denying that this was a problem!).
These wands will now have to be updated by USB.
Two models, the Carelink 2090 and the Carelink Encore 2091, could have been tampered with by an attacker modifying their firmware and, in turn, change how the programmers configured the implants. Medtronic said that now not only does it believe those vulnerabilities would be locally exploitable, but could also be targeted by an attacker who was able to remotely access the device.
"Although the programmer uses a virtual private network (VPN) to establish an internet connection with the Medtronic [software distribution network] SDN, the vulnerability identified with this connection is that the programmers do not verify that they are still connected to the VPN prior to downloading updates," the FDA explained.
"To address this cybersecurity vulnerability and improve patient safety, on October 5, 2018, the FDA approved Medtronic's update to the Medtronic network that will intentionally block the currently existing programmer from accessing the Medtronic SDN."
It's the real Heart Bleed: Medtronic locks out vulnerable pacemaker programmer kit [Shaun Nichols/The Register]
Evan from Fight for the Future writes, "A new investigation from Gizmodo just revealed that anyone, anywhere can get geographic coordinates of Ring devices from Amazon’s Neighbors App. Not only can someone find out where users live, they can use footage to track bystanders, locate children, and monitor people going into buildings, like clinics, for […]
Princen Alice created a “password generator” that glues random Welsh-sounding words into a craggy landscape of letters. It’s probably not very good, since it’s three or four dictionary words and a number plus the fallacious ethnocentric belief that unpronouceability to English speakers reflects randomness, but what a delightful mess!
A team of researchers from Microsoft and Harvard's Berkman Center have published a taxonomy of "Failure Modes in Machine Learning," broken down into "Intentionally-Motivated Failures" and "Unintended Failures."
When it comes to the qualities of a good project manager, you hear a lot of talk about “soft skills” like leadership ability and confidence. And where does confidence come from? It comes from people who are dead certain they know the right steps to take. In other words, you’ve got to master the hard […]
You might know someone who can make a pipe out of any conceivable household object. But if they’re doing it every time they smoke, it might be time to get them a little Christmas present. And we’ve got just the thing: The Twisty™️ Glass Original Combo Pack, priced way, way down for December. If you’ve […]
With all the revolutionary tech that’s out there, it’s pretty sad that finding a simple stud in your wall can feel like dowsing for water. This can be equally true whether you’re using a magnetic finder and it’s reliance on “feel,” or an electronic unit that can give fuzzy readings (especially when the batteries are […]