• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 15th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Abbott to fix critical vulnerabilities in 350,000 ICDs & Pacemakers

Abbott to fix critical vulnerabilities in 350,000 ICDs & Pacemakers

May 5th, 2018 Waqas Security 0 comments
Abbott to fix critical vulnerabilities in 350,000 ICDs & Pacemakers
Share on FacebookShare on Twitter

Abbott has recalled around 350,000 implantable defibrillators for firmware upgrading because these devices are identified to be containing life-threatening flaws and vulnerable to exploitation. The company, formerly known as St. Jude Medical, has recalled such a huge number of devices to patch the flaw and protect patients from putting their lives in danger through hacked pacemakers.

Reportedly, some of the implantable cardioverter defibrillators (ICD) also known as cardiac resynchronization therapy defibrillator (CRT-D) devices from Abbott will be undergoing firmware upgrade. Through the upgrade, the devices or pacemakers as we commonly refer to them will provide improved protection against hack attacks, unauthorized access, and about 465,000 affected patients will be protected from life-threatening situations.

Last year, security researchers MedSec and Muddy Waters identified flaws in Abbott pacemakers but the company rubbished the claims and went on to file a defamation suit against the researchers.
However, FDA’s report and a U.S Department of Homeland Security ICS-CERT advisory also seconded the findings of the researcher duo putting pressure on Abbott to fix the flaws. Hence, Abbott was left with no other choice but to start releasing firmware updates and issue a voluntary recall. The FDA report revealed that Abbott had been aware of the issues with its pacemakers since 2014.

See: Medicine pumps & Pacemaker threat as Dr’s simulate hacked overdose

After upgrading, nobody except for the doctor will be able to implement changes in the pacemaker. The update has been approved by the FDA and includes a pair of vital sounding fixes as well as security updates. After the firmware upgrading, the device will be able to detect if its battery drains out quicker than expected and will notify the patient accordingly.

According to its website, Abbott has planned a series of updates for its implantable devices, remote monitoring systems, and programmers. Pacemaker patching is the first part of this series that was planned in 2017 after there were claims from researchers that the cardiac implantation devices were plagued with security flaws, which may lead to devastating results. The company is requesting patients to contact their doctors prior to getting the implantation procedure done.

The issue with pacemakers developed by Abbott is related to a hardcoded unlock code. If this code is identified by a hacker then it would become quite easy to obtain backdoor access to all vulnerable devices. Merlin@home transmitter was also identified to be vulnerable to Man-in-the-Middle attack. If collectively exploited, a hacker can send commands from the Merlin@home transmitter to manipulate the implants and create cardiovascular issues that may lead to the death of the patient.

Abbott claims that there haven’t been any reports about its pacemakers being exploited by hackers or somebody gaining unauthorized access to the implanted devices. To get the updates an in-office visit is required but the updating process itself would be non-intrusive. As explained by Abbott:

See: Johnson & Johnson’s Insulin Pumps vulnerable to cyber attacks

“During the upgrade, a wand will be placed over your ICD or CRT-D and will transfer the information to the device. At the end of the process, the final settings on your device will be reviewed to ensure that the updates have been completed successfully. The upgrade process takes approximately three minutes to complete.”

The company recommends that patients consult their doctors regarding which is the right update for them. So far nearly 50,000 firmware updates have been carried out on installed devices and the FDA and Abbott both affirmed that there haven’t been any issues so far.

Source: SJM | Via: ThreatPost

  • Tags
  • hacking
  • ICD
  • internet
  • IoT
  • Medical
  • Pacemaker
  • Technology
Facebook Twitter Google+ LinkedIn Pinterest
Previous article A bug stored Twitter passwords in plain text so change your password
Next article Android users hit by ZooPark malware stealing data & recording calls
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

2.7 billion email addresses & plain-text passwords exposed online

2.7 billion email addresses & plain-text passwords exposed online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

373
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

316
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

302
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

1361

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us