
FDA Issues Warning about Security Vulnerabilities in Pacemaker Programmers - wglb
https://news.softpedia.com/news/fda-issues-warning-about-security-vulnerabilities-in-pacemaker-programmers-523230.shtml
======
cazum
>The U.S. Food and Drug Administration (FDA) issued a cybersecurity
vulnerability warning for users of Medtronic's CareLink 2090 Programmer and
CareLink Encore 29901 Programmer devices.

Medtronic is also the company that made vulnerable insulin pumps that could be
wirelessly instructed to stop all insulin delivery, or inject a fatal dose
into the user.

~~~
fipple
Ugh, was this ever exploited? I shudder to think about someone walking around
a stadium or shopping mall with a Raspberry Pi, killing people.

------
circular_logic
I heard stories of engineers using decades-old, unsupported and vulnerable
stacks with the assumption that since it was already approved by the FDA they
will have an easier time getting in though than if they tried to update their
product.

~~~
mmirate
> decades-old, unsupported and vulnerable stacks

Oh, dear. Is this the same kind of decades-old TCP/IP stacks that crash if you
ping them the wrong way?

------
mikekij
I'm really glad to see this on the front page of HN. My company is building
API-based security tools to help medical device vendors prevent these kinds of
vulns. There is huge risk in this class of IoT device, but not a ton of
engineering effort going into addressing it.

~~~
falcrist
It isn't just the internet connectivity. There are devices that are controlled
by wireless handsets. Even it those handsets aren't internet connected, they
constitute a potential vulnerability.

I recently worked on an insulin pump that was both wirelessly controlled and
potentially internet connected. Unit tests and communications security seemed
to be an more of an afterthought than anything.

~~~
pdkl95
Using radio at all is probably always going to be a terrible design choice for
any medical device that relies on a non-rechargeable internal battery. Last
year's pacemaker security alerts included the usual braindead protocols and
broken authentication, but the really interesting vulnerability was about
_power usage_. The pacemaker didn't rate-limit it's "RF wake-up" actions;
anybody with a radio could spam those commands just to get the pacemaker to
turn on it's transmitter to quickly ("hours") drain the entire internal
battery.

The older designs that used magnetic coupling to communicated required holding
a bulky device right next to where the pacemaker was implanted may have been
annoying to use, but that kind of roadblock is a _feature_ for pacemakers and
other devices where changing the battery requires major surgery.

Also, for anybody that missed it: Karen Sandler gave a very good followup
talk[2] earlier this year where she discusses her attempts to get the source
code for her own pacemaker.

[1] [https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01](https://ics-
cert.us-cert.gov/advisories/ICSMA-17-241-01)

[2]
[https://www.youtube.com/watch?v=8wPAHu_zYDw](https://www.youtube.com/watch?v=8wPAHu_zYDw)

~~~
jaclaz
>The older designs that used magnetic coupling to communicated required
holding a bulky device right next to where the pacemaker was implanted may
have been annoying to use, but that kind of roadblock is a _feature_ for
pacemakers and other devices where changing the battery requires major
surgery.

Right, not so unexpectedly, physically limiting access to devices (air gapped)
remains the safer practice.

------
mgkimsal
I read the headline as "vulnerabilities in the programmers themselves" (the
humans), and thought it was just awkwardly worded. I thought it would be
something about bribery and blackmail.

------
deytempo
What motive would anyone have for hacking a pacemaker?

~~~
romanr
As seen in “Homeland”

~~~
TeMPOraL
Or Watch_Dogs. Or Person of Interest (insuline pump).

