Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Medtronic’s Implantable Defibrillators Vulnerable to Life-Threatening Hacks

March 22, 2019
in Internet Privacy
Medtronic’s Implantable Defibrillators Vulnerable to Life-Threatening Hacks
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk.

You might also like

Detecting the “Next” SolarWinds-Style Cyber Attack

Hackers Using Website’s Contact Forms to Deliver IcedID Malware

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

Cardioverter Defibrillator is a small surgically implanted device (in patients’ chests) that gives a patient’s heart an electric shock (often called a countershock) to re-establish a normal heartbeat.

While the device has been designed to prevent sudden death, several implanted cardiac defibrillators made by one of the world’s largest medical device companies Medtronic have been found vulnerable to two serious vulnerabilities.

Discovered by researchers from security firm Clever Security, the vulnerabilities could allow threat actors with knowledge of medical devices to intercept and potentially impact the functionality of these life-saving devices.

“Successful exploitation of these vulnerabilities may allow an attacker with adjacent short-range access to one of the affected products to interfere with, generate, modify, or intercept the radio frequency (RF) communication of the Medtronic proprietary Conexus telemetry system, potentially impacting product functionality and/or allowing access to transmitted sensitive data,” warns the advisory released by DHS.

The vulnerabilities reside in the Conexus Radio Frequency Telemetry Protocol—a wireless communication system used by some of Medtronic defibrillators and their control units to wirelessly connect to implanted devices over the air using radio-waves.

Flaw 1: Lack of Authentication in Medtronic’s Implantable Defibrillators

According to an advisory [PDF] published by Medtronic, these flaws affect more than 20 products, 16 of which are implantable defibrillators and rest are the defibrillators’ bedside monitors and programmers.

The more critical flaw of the two is CVE-2019-6538 which occurs because the Conexus telemetry protocol does not include any checks for data tampering, nor performs any form of authentication or authorization.

The successful exploitation of this vulnerability could allow an attacker within the radio range of the affected device and right radio gear to intercept, spoof, or modify data transmitting between the device and its controller, which could potentially harm or perhaps even kill the patient.

“This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device,” the DHS says.

Flaw 2: Lack of Encryption in Medtronic’s Implantable Defibrillators

The Conexus telemetry protocol also provides no encryption to secure the telemetry communications, making it possible for attackers within the range to eavesdrop on the communication. This issue has been assigned CVE-2019-6540.

However, Medtronic said the vulnerabilities would be hard to take advantage of and harm patients since it requires the following conditions to be met:

  • An unauthorized individual would need to be in close proximity of up to 6 meters (20 feet) to the targeted device or clinic programmer.
  • Conexus telemetry must be activated by a healthcare professional who is in the same room as the patient.
  • Outside of the hospital activation times of devices are limited, which vary patient to patient and are difficult to be predicted by an unauthorized user.

The medical technology giant also assures its users that “neither a cyberattack nor patient harm has been observed or associated with these vulnerabilities” to this date.

Medtronic also noted that its line of implanted pacemakers, including those with Bluetooth wireless functionality, as well as its CareLink Express monitors and CareLink Encore programmers (Model 29901) used by some hospitals and clinics are not vulnerable to either of these flaws.

Medtronic has already applied additional controls for monitoring and responding to the abuse of the Conexus protocol by the affected implanted cardiac devices and is working on a fix to address the reported vulnerabilities.

The security fix will soon become available, and in the meantime, Medtronic urged “patients and physicians continue to use these devices as prescribed and intended.”


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Government is Reskilling Workforce to Handle Disruptions from Spread of AI

Next Post

Norsk Hydro will not pay ransom demand and will restore from backups

Related Posts

Detecting the “Next” SolarWinds-Style Cyber Attack
Internet Privacy

Detecting the “Next” SolarWinds-Style Cyber Attack

April 14, 2021
Hackers Using Website’s Contact Forms to Deliver IcedID Malware
Internet Privacy

Hackers Using Website’s Contact Forms to Deliver IcedID Malware

April 14, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
Next Post
Norsk Hydro will not pay ransom demand and will restore from backups

Norsk Hydro will not pay ransom demand and will restore from backups

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Detecting the “Next” SolarWinds-Style Cyber Attack
Internet Privacy

Detecting the “Next” SolarWinds-Style Cyber Attack

April 14, 2021
Weekly NFT roundup March 23-29: Circle, Klaytn, and more
Blockchain

Weekly NFT roundup April 7–13: Christie’s, Triller, and more

April 14, 2021
Machine learning can help keep the global supply chain moving
Machine Learning

Machine learning can help keep the global supply chain moving

April 14, 2021
Why I Think That Avengers: Age of Ultron is One of the Best Sci-Fi Movies About A.I | by Brighton Nkomo | Apr, 2021
Neural Networks

Why I Think That Avengers: Age of Ultron is One of the Best Sci-Fi Movies About A.I | by Brighton Nkomo | Apr, 2021

April 14, 2021
Mobile Marketing Data Analysis Made Easy
Marketing Technology

Mobile Marketing Data Analysis Made Easy

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch April 14, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 14, 2021
  • Weekly NFT roundup April 7–13: Christie’s, Triller, and more April 14, 2021
  • Machine learning can help keep the global supply chain moving April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates