Medtronic Locks Down Vulnerable Pacemaker Programming Kit Due To Cybersecurity Concerns (theregister.co.uk) 40
AmiMoJo shares a report from The Register: The U.S. Food and Drug Administration (FDA) is advising health professionals to keep an eye on some of the equipment they use to monitor pacemakers and other heart implants. The watchdog's alert this week comes after Irish medical device maker Medtronic said it will lock some of its equipment out of its software update service, meaning the hardware can't download and install new code from its servers. That may seem counterintuitive, however, it turns out security vulnerabilities in its technology that it had previously thought could only be exploited locally could actually be exploited via its software update network. Malicious updates could be pushed to Medtronic devices by hackers intercepting and tampering with the equipment's internet connections -- the machines would not verify they were actually downloading legit Medtronic firmware -- and so the biz has cut them off.
And IoT will be much more secure... right (Score:4, Interesting)
We're talking a device which when it malfunctions, kills (or could kill) someone. And still the manufacturer didn't get the basics of security correct: using signed software updates.
How can we believe that IoT devices, which are manufactured with much less profit overhead, will be more secure? (Unless somehow regulated -- which also didn't for for those FDA-approved pacemakers).
Re: (Score:1)
Errata:
"which also didn't for for those FDA-approved pacemakers" -> "which also didn't work for those FDA-approved pacemaker programmers"
Re: (Score:3)
Re: (Score:2)
The FDA alert notice says that the FDA made the determination that there was a problem, so it sounds like they didn't realize during the approval process but have figured it out now.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:1)
but an electronics attack could happen from anywhere in the world and leave practically no trace, not so easy with a gun
Re: And IoT will be much more secure... right (Score:3, Insightful)
Re:And IoT will be much more secure... (Score:1)
From the article:
The security bugs are not present in the implants themselves, but rather in Medtronic "programmers," which doctors and medics connect to patients' implants during and after surgery, allowing them to check battery levels, monitor heart rhythms, and adjust any settings.
So -in this case- it's not patients' pacemakers etc at risk, but the equipment that monitors those pacemakers & perhaps adjust their settings. I'd imagine that as a hacker, you could (perhaps) still do some damage like adjust settings to the point where a pacemaker becomes ineffective. But this is rather different from upload-compromised-firmware-to-implant, which the summary might suggest to some.
Re: (Score:3)
The problem is no one wants to add 6 additional months to a product to make it much more secure.
Then there is getting people who are willing to think about security problems when making such products.
A good security design is much more then a normal checklist of items. It is designing your product in a way that you will assume that any level of your application could be broken into. So you need to make sure that each level once in will need to limit what damage it could do.
How does it improve security? (Score:3, Insightful)
The original company stops making updates available.
Before that, a hacker could impersonate the update server (probably using a MITM attack) so the device received a hacked firmware, not the legit one. But if no hacking occurs, the device receives a legit update.
After the change, if a hacker impersonates the (unavailable) update server, the device can only find the hacked firmware, never the legit one.
How is this exactly improving security?
Re: (Score:3)
How is this exactly improving security?
Depends on how they are doing it. If you try to update an iPhone, the iPhone will ask Apple if the update is legit. Maybe they did something similar, but hackers found ways to create updates that will be identified as "legitimate". All they need to change is the "legitimate" checker to always return "NO".
Re: (Score:3)
Perhaps. But these things are being implanted on Baby Boomers, That generation made suing people for any sort of damages (Real or imaginary) cool and the trendy thing to do.
Granted it is probably a bit better then the old way, where they would just shoot each other.
Re: (Score:2)
After the change, if a hacker impersonates the (unavailable) update server, the device can only find the hacked firmware, never the legit one.
How is this exactly improving security?
"The change" was to push an update that modifies the software to never attempt to retrieve updates.
It improves the security in a way, because a hacker impersonating the update server would never get any hits to download those updates.
Obviously it isn't the type of improvement that's desired, to sign updates to ensure they are from the right source, but ultimately if the computers aren't connecting anywhere to attempt to download updates, both methods still result in no malicious updates being retrieved.
Re: (Score:3)
From what I can get from their web site the diagnostic system is basically a PC that downloads a firmware image, and then uploads it to the pacemaker. The pacemaker itself never connects directly to the internet.
The update disables the online update mechanism on the diagnostic equipment entirely. Presumably they could still send out a USB flash drive with new firmware if required. But the diagnostic PC won't even look for new firmware any more.
Security not even an agenda item (Score:5, Insightful)
How is this not a solved problem (Score:3)
Re: (Score:1)
There's only one solution to this ... companies bear full legal liability for the security of their products.
The problem with that is that instead of having insecure pacemakers, we'd have no pacemakers at all, which would be worse. Or they'd cost a lot more, to support the cost of fighting lawsuits and paying fines. There has to be a middle ground somewhere.
Updating... Please Wait. (Score:2)
Further, it's a pacemaker! It does the same thing as they did decades ago, no? Why are there even post-factory updates?!
Incomplete solution... (Score:2)
...medical device maker Medtronic said it will lock some of its equipment out of its software update service, meaning the hardware can't download and install new code from its servers. That may seem counterintuitive... Malicious updates could be pushed to Medtronic devices by hackers intercepting and tampering with the equipment's internet connections -- the machines would not verify they were actually downloading legit Medtronic firmware -- and so the biz has cut them off.
If this is right, locking them out of the service on the server side doesn't do a damn thing. You need to tell the devices to stop "looking for updates". All this does is let's me know that if I got an update after the shutdown then it's fake.
Cutting off the server side still allows a device to look for updates and if a man-in-the-middle answers it will allow the update, because the whole problem is that it's not verifying the update's source.
Re: (Score:2)
After reading some of the other comments it appears they made one "final" update that tells the devices to stop looking for updates. So that works.
I owe Hacknet an apology.. (Score:2)
I thought Hacknet was full it, but here I see I was wrong. That event just seemed a little.. too far.. on the far side of the reality bright-line. Whoops.
https://store.steampowered.com... [steampowered.com]