February 25, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

Medtronic defibrillators vulnerable to attack

2 min read

Original Post from SC Magazine
Author: Doug Olenick

The Department of Homeland Security is warning users of Medtronic
defibrillators of two vulnerabilities that could lead to an attacker accessing
and altering the device.

The warning, which was issued through the DHS Cybersecurity and Infrastructure Security Agency, covers two vulnerabilities, CVE-2019-6538 and CVE-2019-6540. A complete list of the models affected can be found here.

The first is a flaw in the Conexus telemetry system the device use to communicate that does not implement authentication or authorization. This could allow an attacker, who must be relatively close to the defibrillator to intercept, read, modify and inject data into the device’s RF signal. This, in turn, would allow someone to read or write to the memory of the implanted device.

CVE-2019-6540 involves the Conexus telemetry system not
using encryption and transmitting data in cleartext so an attacker with
adjacent short-range access to a target product can listen to communications,
including the transmission of sensitive data.

Medtronic has pushed out some additional
controls for monitoring and responding to improper use of the Conexus telemetry
protocol and more are expected. In the meantime the company said users
should maintain good physical control over home monitors and programmers, use
only home monitors, programmers, and implantable devices obtained directly from
your healthcare provider or a Medtronic representative to ensure integrity of
the system, and do not connect unapproved devices to home monitors and
programmers through USB ports or other physical connections.

The post Medtronic defibrillators vulnerable to attack appeared first on SC Media.

Go to Source
Author: Doug Olenick

Copyright © All rights reserved. | Newsphere by AF themes.