Security News Over 8,600 Security Flaws Found in Pacemaker Systems

[frogboy]

Security researchers from WhiteScope have uncovered over 8,600 vulnerabilities in pacemaker systems and the third-party libraries used to power various of their components.
These issues are broad in nature and range from simple code bugs to terrible design choices that risk the life of their patients.
Researchers discovered these flaws in seven different products from four different manufacturers. These issues are detailed in depth in a report the team released earlier this week.
Most vulnerabilities are in third-party libraries

The focus on their research was on radio-controlled implantable devices such as pacemakers, Implantable Cardioverter Defibrillators (ICD), Pulse Generators, and Cardiac Rhythm Management (CRM) — collectively referred to as "pacemaker systems" in this article.
What researchers found is that most of these pacemaker systems worked on a similar architecture that included the actual implanted medical device, a home monitoring device, a cloud-based infrastructure that relayed data to a physician, and a pacemaker programmer, which the physician used to tweak the implant's settings.

Read More. Over 8,600 Security Flaws Found in Pacemaker Systems

 

[Parsh]

Came across a similar article on the discovered vulnerabilities in the morning. It's really said that such critical sectors have insufficient focus on security.
An MNC where I interned had some projects based on recent OSS like OpenICE where features and proper implementation are planned, however the in-depth analysis and covering the unobvious weaknesses were of least importance till the end. It's difficult to study or reveal potential security issues later on.
A proper study and mitigation of the used software/API etc, be it proprietary or open source, is damn important for what they will be used (medical industry). Securing devices and the loopholes are highlighted here and should be addressed soon before they invite trouble.

 

[frogboy]

Came across a similar article on the discovered vulnerabilities in the morning. It's really said that such critical sectors have insufficient focus on security.
An MNC where I interned had some projects based on recent OSS like OpenICE where features and proper implementation are planned, however the in-depth analysis and covering the unobvious weaknesses were of least importance till the end. It's difficult to study or reveal potential security issues later on.
A proper study and mitigation of the used software/API etc, be it proprietary or open source, is damn important for what they will be used (medical industry). Securing devices and the loopholes are highlighted here and should be addressed soon before they invite trouble.

It is a sad and annoying thing that this sort of vulnerbility should even exist.

 

[ravi prakash saini]

now malware too can break heart

 

[DJ Panda]

First a malware that makes me want to cry, now one that could kill me. How low can humanity get some times.