In March, the U.S. Department of Homeland Security issued an alert about vulnerabilities in 16 different models of Medtronic implantable defibrillators, including several that are still for sale around the world today. The vulnerabilities, which also affect bedside monitors that read data from the devices and programming computers used by doctors, include improper access control and cleartext transmission of sensitive information. Quite frankly, it's surprising it took so long for the issue of biohacking to start to be taken seriously.
Researchers discovered vulnerabilities in the Medtronic Maximo, one of the models listed in the alert, more than a decade ago in 2008. Then in 2012, the Showtime series Homeland depicted terrorists remotely tampering with a pacemaker, resulting in a character's demise. While the specifics in the show were somewhat far-fetched, the concept and vulnerability in such devices was not. Articles written about it at the time concluded that while the specifics may have been exaggerated a bit with the remoteness of the attack, the susceptibility of such devices was entirely plausible given the shift from requiring direct contact to reprogram devices to integration of wireless calibration for convenience. [Read more…] about Medtronic vulnerabilities highlight dangers of biohacking
Jonathan is a Senior Security Researcher at Barracuda Networks. Connect with him on LinkedIn here.