Homeland Security has issued a warning for a set of critical-rated vulnerabilities in Medtronic defibrillators that put the devices at risk of manipulation.
These small cardio-defibrillators are implanted in a patient’s chest to deliver small electrical shocks to prevent irregular or dangerously fast heartbeats, which can prove fatal. Most modern devices come with wireless or radio-based technology to allow patients to monitor their conditions and their doctors to adjust settings without having to carry out an invasive surgery.
But the government-issued alert warned that Medtronic’s proprietary radio communications protocol, known as Conexus, wasn’t encrypted and did not require authentication, allowing a nearby attacker with radio-intercepting hardware to modify data on an affected defibrillator.
Homeland Security gave the alert a 9.3 out of 10 rating, describing