- Jun 9, 2013
- 6,720
Patients with pacemakers manufactured by Abbott — formerly St. Jude Medical's — are advised to reach out to their doctors and inquire about the availability of a security update for their implanted medical devices.
The security update will fix three vulnerabilities discovered last year by MedSec Holdings Ltd.. The flaws are detailed in a security alert issued by the Department of Homeland Security's CERT team.
Flaws are not easy to exploit
US CERT says the flaws allow attackers to gain access to a pacemaker and issue commands, change settings, or otherwise interfere with the intended function of the pacemaker.
Despite the dire consequences, US CERT experts say the attacks are not easy to pull off, as there's no public exploit code to help attackers develop their own attack packages, and exploitation requires a high level of skills, that very few programmers possess.
In addition, attackers need to be sufficiently close (few inches) to the target pacemaker as to allow RF communications.
The flaws were discovered by MedSec, a company that Abbott is very familiar with. In September 2016, Abbott sued MedSec and fellow security company Muddy Waters, claiming the two companies organized a media stunt on the back of vulnerabilities in its pacemakers. Those flaws, detailed here, were eventually fixed in January 2017.
Read More. Welcome to 2017: Pacemaker Patients Told to Visit Doctors to Receive Security Patches
The security update will fix three vulnerabilities discovered last year by MedSec Holdings Ltd.. The flaws are detailed in a security alert issued by the Department of Homeland Security's CERT team.
Flaws are not easy to exploit
US CERT says the flaws allow attackers to gain access to a pacemaker and issue commands, change settings, or otherwise interfere with the intended function of the pacemaker.
Despite the dire consequences, US CERT experts say the attacks are not easy to pull off, as there's no public exploit code to help attackers develop their own attack packages, and exploitation requires a high level of skills, that very few programmers possess.
In addition, attackers need to be sufficiently close (few inches) to the target pacemaker as to allow RF communications.
The flaws were discovered by MedSec, a company that Abbott is very familiar with. In September 2016, Abbott sued MedSec and fellow security company Muddy Waters, claiming the two companies organized a media stunt on the back of vulnerabilities in its pacemakers. Those flaws, detailed here, were eventually fixed in January 2017.
Read More. Welcome to 2017: Pacemaker Patients Told to Visit Doctors to Receive Security Patches
