Information security researchers have found a way to hack the firmware of a pacemaker company Medtronic. They allow attackers to remotely control implants, endangering the lives of their owners. It is reported by ArsTechnica.
About the problem was told by the experts Billy Rios (Billy Rios) and Jonathan Batts (Jonathan Butts). According to experts, they first told Medtronic about the issues in January 2017, however the company has not accepted measures to eliminate the vulnerability. August 9 at the conference Black Hat in Las Vegas Rios and Batts have demonstrated the possibility of hacking in real time.
The vulnerability is that the firmware is not digitally signed. The updates for programmers of medical devices is transmitted over insecure channels. This allows you to inject malicious firmware is able to control the number of heart beats of the patient using the stimulator.
In addition, Riots and Batts showed some vulnerabilities in the products of the company Medtronic. For example, they are managed with a cheap radio to control the device for insulin injections, keeping it away from the patient the proper dose of necessary medication.
Company Medtronic has released a security Advisory for their customers in which he stated that the existing monitoring system is able to cope with these problems. However, the hackers criticized the firm for the slowness in resolving these issues. In their view, the implanted device is really good, however the actions of some manufacturers is not credible.
Video, photo All from Russia.