Medtronic is the most notorious maker of insecure medical implants in America, with a long history of inserting computers into people's bodies with insecure wireless interfaces, toolchains and update paths, and nothing has changed.
Medtronic (previously) is a notoriously insecure medical implant manufacturer whose devices have been repeatedly shown to be grossly insecure — their pacemakers can be hacked before leaving the factory!
Since 2014, open source hackers have been perfecting the OpenAPS, an "open artificial pancreas" made by modifying the firmware of discontinued Medtronic insulin pumps, which were discontinued due to the very security flaw that makes them user modifiable (that flaw also leaves them vulnerable to malicious modifications).
It's been ten years since the first warnings about the security defects in pacemakers, which made them vulnerable to lethal attacks over their wireless links, and since then the news has only gotten worse: one researcher found a way to make wireless pacemaker viruses that spread from patient to patient in cardiac care centers, and the medical device makers responded to all this risk by doubling down on secrecy and the use of proprietary code.
BeauHD, a Slashdot moderator, has Crohn's Disease, and he lives in an age of modern miracles, which means that he can have his small intestine surveyed by swallowing a tiny pill-sized camera, rather than having a scope threaded up his rectum or down his throat, or having his gut sliced open.
Here's the list of companies that are quietly lobbying to kill New York State's Right to Repair legislation (previously), which would force companies to halt anticompetitive practices that prevent small businesses from offering repair services to their communities: "Apple, Verizon, Toyota, Lexmark, Caterpillar, Asurion, Medtronic" and the Consumer Technology Association "which represents thousands of electronics manufacturers."
The Software Freedom Law Center's latest white-paper, "Killed by Code: Software Transparency in Implantable Medical Devices," examines the strange circumstances around pacemakers and other implanted medical devices. Regulators like the FDA inspect the hardware designs for these devices in great detail, but the crucial software that runs the devices is a closed book — a proprietary secret that's only ever called in for examination when the devices start to crash, with disastrous circumstances. — Read the rest
Kevin Fu (associate prof at the UMass Amherst/director of the Medical Device Security Center) gave a Black Hat presentation in Vegas yesterday in which he demonstrated a way of remotely disabling a pacemaker, using open radio technology. It sounds like other implantable devices, like those used for auto-administering drugs, would also be vulnerable to the attack. — Read the rest
