The Department of Homeland Security warned on Thursday that 20 Medtronic products are vulnerable to short-range hacking.
The list of hackable products includes 16 implantable heart defibrillators — an attacker could alter the settings of someone’s device by manipulating its radio link, the warning said. The others are in-home bedside monitors for the defibrillators and programming computers used by doctors.
The vulnerability may impact up to 750,000 devices, the Star Tribune reported. The defibrillators in question are inserted beneath the skin and can shock a patient’s heart back to a normal rhythm if it becomes irregular.
Researchers found that Medtronic’s proprietary Conexus radio-frequency wireless telemetry protocol, which is used by the devices, doesn’t have any kind of authentication, our sister site ZDNet noted.
In an emailed statement, Medtronic wrote that the problem doesn’t impact its pacemakers, insertable cardiac monitors or other devices.
“To date, no cyberattack, privacy breach, or patient harm has been observed or associated with these issues,” a company spokesperson said.
“Medtronic is developing a series of software updates to better secure the wireless communication affected by these issues. The first update is scheduled for later in 2019, subject to regulatory approvals.”
First published at 5:10 a.m. PT.
Updated at 5:50 a.m. PT: Adds more details.
Source from www.cnet.com