Medtronic, the world’s largest medical device manufacturer has discovered a pretty substantial flaw within their defibrillators. The Department of Homeland Security and Infrastructure Security Agency have sent out an alert that lets users know the flaw could be exploited if the attacker has knowledge of the device and is in close range of someone who uses the device. It is possible that 750,000 devices could be vulnerable. If the flaw is exploited correctly, the vulnerabilities would allow for an attacker to alter the functionality of the devices, which could cause major problems for those that rely on them for everyday health. Researchers stated, “A proof-of-concept attack developed by the researchers was able to take control of the implanted devices in a manner previously unseen in most exploits affecting lifesaving medical devices. With physical access to either a MyCareLink or CareLink console, the researchers could make modifications that would pull patient names, physician names, and relevant phone numbers out of the device and make unauthorized and potentially fatal changes to the shocks the devices delivered. Even more stunning, the attack was able to read and rewrite all the firmware used to operate the implant.” Medtronic is keeping a close eye to make sure no suspicious activity takes place and they say none has occurred at this point. Security fixes for the flaws should be arriving within the next few months.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is