Medtronic (previously) is a notoriously insecure medical implant manufacturer whose devices have been repeatedly shown to be grossly insecure -- their pacemakers can be hacked before leaving the factory!
To make things worse, the company is notably hostile to independent security research and repair.
The latest twist in the saga: Medtronic has been the subject of an FDA security alert, which has prompted the company to finally disable its insecure software updating system (which let hackers push malicious updates to the hardware "wands" used to update pacemakers) for some models (after denying that this was a problem!).
These wands will now have to be updated by USB.
Two models, the Carelink 2090 and the Carelink Encore 2091, could have been tampered with by an attacker modifying their firmware and, in turn, change how the programmers configured the implants. Medtronic said that now not only does it believe those vulnerabilities would be locally exploitable, but could also be targeted by an attacker who was able to remotely access the device.
"Although the programmer uses a virtual private network (VPN) to establish an internet connection with the Medtronic [software distribution network] SDN, the vulnerability identified with this connection is that the programmers do not verify that they are still connected to the VPN prior to downloading updates," the FDA explained.
"To address this cybersecurity vulnerability and improve patient safety, on October 5, 2018, the FDA approved Medtronic's update to the Medtronic network that will intentionally block the currently existing programmer from accessing the Medtronic SDN."
It's the real Heart Bleed: Medtronic locks out vulnerable pacemaker programmer kit [Shaun Nichols/The Register]
Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.
Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
A year ago, the Norwegian Consumer Council commissioned a study into kids' smart watches, finding that they were incredibly negligent when it came to security and incredible greedy when it came to surveillance: a deadly combination that meant that these devices were sucking up tons of sensitive data on kids' lives and then leaving it […]
There are two times you never want to just “eyeball” it: Conducting brain surgery and matching shades of paint for your walls. Whether you’re painting or repainting, make sure you’re never just “close enough” to the color you want. Not when the Nix Mini Color Sensor can scan and match any color perfectly. Small enough […]
In photography as in film, all the real artistry is in post-production – increasingly so, with the new possibilities cropping up in digital imaging. If you’re ready to get serious about your photography, may we suggest HDR Projects 2018 Pro. As working photographers can tell you, this imaging software can help you re-imagine even the […]
A picture can be worth a heck of a lot more than just a thousand words. If you’ve squinted for ages trying to get just the right photo, you might have the right passion for a career behind the camera. You might even have the right equipment, but do you have the know-how? The Beginner-To-Expert […]