Thousands of vulnerabilities have been discovered in Pacemakers and hackers can exploit it leaving many patients at risk, which could finally take their lives. We will see much ransomware for Pacemakers very soon.
A pacemaker is a device that’s put in the chest or belly to help control unusual heart rhythms. This small device uses electrical pulses to help the heart to beat at a natural rate.
White Scope security researchers analysed 7 pacemaker products from four different vendors and found that they use more than 300 third party libraries, 174 of which are known to have over eight thousands security flaws that attackers could exploit in pacemaker programmers.
White Scope researchers said:
” Despite efforts from the FDA to streamline routine cybersecurity updates, all programmers we examined had outdated software with known vulnerabilities. Across the 4 programmers built by 4 different vendors, we discovered over 8,000 vulnerabilities associated with outdated libraries and software in pacemaker programmers.”
“We believe that this statistic shows that the pacemaker ecosystem has some serious challenges when it comes to keeping systems up-to-date. No one vendor really stood out as having a better/worse update story when compared to their competitors. In two instances, we were able to confirm that patient data was stored unencrypted on the programmer. In one instance, we discovered actual unencrypted patient data (SSNs, names, phone numbers, medical data…etc) on a pacemaker programmer. The patient data belonged to a well-known hospital on the east coast and has been reported to the appropriate agency. These types of issues highlight the need for strong device disposal policies from hospitals.”
White Scope researchers have already communicated with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), so the companies of the tested devices can fix the vulnerabilities.
