"All devices carry some associated risk, and, like the regulators, we continuously strive to balance the risks against the benefits our devices provide," Medtronic spokesperson Erika Winkels told WIRED in a statement. Rios and Butts say that they've discovered a chain of vulnerabilities in Medtronic's infrastructure that an attacker could exploit to control implanted pacemakers remotely, deliver shocks patients don't need or withhold ones they do, and cause real harm. The pair will walk through their findings Thursday at the Black Hat security conference. And while Medtronic has remediated some of the issues the researchers discovered, Rios and Butts say that too much remains unresolved, and that the risk remains very real for pacemaker patients. The Department of Homeland Security and the Food and Drug Administration have gotten involved as well. But the latest variation on the terrifying theme depends not on manipulating radio commands, as many previous attacks have, but on malware installed directly on an implanted pacemaker.įor nearly two years, researchers Billy Rios of the security firm Whitescope and Jonathan Butts of QED Secure Solutions have gone back and forth with pacemaker manufacturer Medtronic, which makes Carelink 2090 pacemaker programmers and other relevant equipment that the researchers say contain potentially life-threatening vulnerabilities.
The first pacemaker hacks emerged about a decade ago.
0 kommentar(er)
