Profile picture
Beau Woods
@beauwoods
, 13 tweets, 8 min read Read on Twitter
Yesterday it was revealed that 750,000 @Medtronic pacemakers are potentially vulnerable to unauthenticated radio frequency attack, causing battery drain or alter how it works.

Don’t panic, it sounds worse than it is! fda.gov/MedicalDevices…
Mitigating factor 1: The attacker would have to be close to the victim. The RF spec says 20 feet, but we all know that can be extended with a directional antenna and a high power radio. That’s still way less bad than if it’s vulnerable across the Internet. Physical isolation.
Mitigating factor 2: The device is only vulnerable temporarily, when it tries to connect with the monitoring station. It’s unclear how frequent this is, but it’s not all the time. Time isolation.
Mitigating factor 3: Medtronic can monitor for unsuccessful attempts to tamper with the device.

Mitigating factor 4: Wireless shuts down when it is being tampered with, and the device continues working as programmed.
Make no mistake, this is a big deal. It’s likely what the FDA would call an “uncontrolled risk” and it needs to be addressed.

How bad is it? Ask a security researcher who discovered similar issues a decade ago. @br_ isn’t concerned about an attack in the wild right now.
And it turns out fixing the issue can be really safe. When Abbott recalled 500,000 devices, 25% took the update. Of those 125,000, NONE had serious adverse events from the update. This is great news, now we need higher adoption rates! ahajournals.org/doi/pdf/10.116…
If you are affected by either the Medtronic or Abbott issue:
- The monitoromg device can spot some attack attempts.
- Decide with your doctor if, when, & how to update.
- If you suspect an issue, report it to your doctor, the manufacturer, & the FDA. accessdata.fda.gov/scripts/medwat…
Excellent work by @dhalperi @benessa @drkevinfu @yoshi_kohno @williammaisel @br_ who wrote about similar issues in 2008. secure-medicine.org/hubfs/public/p…
Excellent work by @xssniper and Jonathan Butts, who have reported similar issues to manufacturers in the past, as well as the tram who discovered and coordinated on this one.
And props to @Medtronic and @Abbott, who have pledged to engage the security research community at @dc_bhv @defcon, to be safer, sooner, together. #Wehearthackers Wehearthackers.Org
Other sources and stories
cyberscoop.com/medtronic-defi…

startribune.com/750-000-medtro…

arstechnica.com/information-te…

These are defibrillators (hi-voltage, rarely triggered) not pacemakers (low-voltage, regular use).
Hearing that some of these devices may do both pacing and defibrillating. The thread and recommendations apply to both/either.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Beau Woods
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Wehearthackers

More from @beauwoods see all

Profile picture
Beau Woods
@beauwoods
This response perpetuates stereotypes about @defcon and about cybersecurity that are no longer true, if they ever were. It puts in writing the degree to which many of their executives and board are ignorant of good security practice in 2018.
Let’s start at the top. @thedarktangent is a member of @CFR_org, a fellow with @AtlanticCouncil, former CSO of @ICANN, and advises @DHSgov. These groups aren’t likely to be undermining US national security any time soon.
Going down the list of @defcon organizers, many have been and/or still are members of law enforcement, military, and government, from US and allied governments. Also groups not known for subversive tendencies.
Read 17 tweets
Profile picture
Beau Woods
@beauwoods
At the @NTIAgov multistakeholder process on software component transparency. Expecting sparks here today. ntia.doc.gov/SoftwareTransp…
Auditing a single application with 100M Lines of Code: 300+ 3rd party components, from 150+ sources, 25% are individuals' names with little more detail.

This is a hard problem for tracking, it's a bigger issue for security and quality.
Oracle: We shouldn't abandon transparency, we should address the challenges that exist so we can be better.
Read 62 tweets

Related threads

Profile picture
covert_extrovert
@ExtrovertCovert
1) @realDonaldTrump #QAnon post No. 2682...
thehill.com/opinion/white-…
#TheHill reports, in a damage control effort, the realities behind #Dem [#HRC] #RussiaCollusion in #U1/#Rosatom. This & more, have always been the issue! The time of a set stage, ripe for action, moves closer.
2) These arrests & prosecutions will be the way faith is restored 2the public.
Projection here, is the transference of ill acts from the guilty party, 2another party, in this instance, #Patriots.
With the system so thoroughly corrupted, the necessitation of a complete removal of
3) #OldGuard Minions in the #FBI & #DOJ (& replacements within a corrupt court system) becomes a necessity. 2restore, for the sleeping masses, an image of trust, they must be subjected 2a deprograming effort.
A slow speed, high torque, effort is needed to combat the #Clown's,
Read 25 tweets
Profile picture
t1gRé_blanc_333
@T1gre9
☝As Hive operations steadily get interrupted and/or shut down, the network of communication that allows them to direct the people they're blackmailing, threatening and straight up mind controlling gets hit hard, too. If they cannot communicate, their programming breaks down.
☝In nature, bees rely on communication for the Hive to survive and flourish. They use pheromones to send messages; direct operations, identify others of their Hive, and track each other. If a bee is cut off from its hive it cannot find its way back, & if it's cut off long enough
☝it will eventually stop recognizing the pheromone language of its hive completely. The subhuman cannibal Hive that has controlled our planet works the same way. There's a lot of talk out there about MK ultra and mind control, but this critical detail is almost never mentioned.
Read 13 tweets
Profile picture
ENoCH
@elenochle
PANIC IN DC
[RR] called [LL] 4x in the past 11 days?
Q

#QANON
#MAGA
#PANIC
PANIC IN DC
[LL] recorded calls w/ [RR]?
[LL] talking?
Q
FISA = START
FISA BRINGS DOWN THE HOUSE.
WHEN DO BIRDS SING?
Q
Read 9 tweets
Profile picture
GAIL SIMONE
@GailSimone
Yesterday, we got a completely unexpected call that my mother had had a heart attack, and had to be taken by helicopter to the nearest real hospital, about 75 minutes away.
My mother, who is very healthy and active, apparently had a mostly blocked carotid. They had to immobilize her, as any movement put her life in further danger.
This comes very closely on the heels of the passing of my mother-in-law, who has always been a second mom to me, and whom I was 24/7 caregiver during her decline.
Read 12 tweets
Profile picture
Antonello Guerrera
@antoguerrera
Yesterday a big anti-terrorism operation took place in #Italy. Several suspect terrorists allegedly linked to ISIS have been detained or are wanted. They’re connected to Anis Amri, the perpetrator of 2016 Berlin terrorist attack, were allegedly planning to attack Italy 👉🏻THREAD
1. Everything started with the arrest on Wednesday of Elmahdi Halili, 23 years old, a guy born in Italy of Moroccan origin and living near Turin. He had been already arrested a few years ago for terrorist propaganda, he is the writer of the 1st Italian known ISIS manifesto
#italy
2. This time something was different though. Halili seemed to have upgraded his terrorist linked activity: in fact he allegedly turned into a jihadist recruiter, according to prosecutors, “raising” a dozen of potential terrorists to prepare a terrorist attack, likely in #Italy
Read 17 tweets
Profile picture
Tanmoy Goswami
@toymango
Every day next few days I'll share one #depression/#anxiety insight from my own experience. If it helps anyone a wee bit, it'll be worth it.
1. "#Happiness" can scare #anxiety patients. In our heads, things are always going wrong. Fear of a "happy" moment undone is doubly painful.
Sorry, this won't be a daily affair as I had earlier imagined. But here's insight #2 based on my brush with #depression/#anxiety.
Read 96 tweets

Trending hashtags

#PublicUtilities #Anon #Nitwit #CIA #ThePlan #GeneralPublic #HusseinWH #SCIF #DC #GameTheory #nightmares #AG #BCImpeachment #MindControl #DECLAS #NutShellReport #USAttorneysOffice #DiversionaryTacts #DepressionIsReal #NewsGuard #America #RayChandler #USMil #PriscillaChan #DECLASFISA
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!