Tag: medical devices

Will hack for beer? Cisco's Talos security group rigged up a Kegerator with a WiFi hotspot and other controls, allowing an enterprising hacker who could break into the device to poor him or herself a beer. (Image courtesy of Marc Blackmer.)

At Industrial Control Security Con: Will hack IoT for Beer

In-brief: Cisco’s Marc Blackmer reports from the S4 Conference in Miami – one of the top gatherings of industrial control system security experts. Among the attractions this year: Justine Bone of the firm Medsec, the psychology of malicious insiders and a hackable “kegerator.”

St. Jude issued a software fix for its Merlin@ home product Monday, which is used to manage implantable defibrillators and other implantable medical devices.

St. Jude Patches Hole that allowed Medical Device Hacks

In-brief: St. Jude Medical said on Monday that it patched a serious hole in a product used to program implantable medical devices like defibrillators. But researchers and a Wall Street investment firm say the company still has more holes to close. 

The Department of Health and Human Services has noted the success of the Hack the Pentagon Bug Bounty program and is considering a similar program to spur research on medical devices, the web site Federal Times reported.

It’s the Risk, Stupid: FDA Medical Device Guidance Looks Past the Device

In-brief: The FDA’s final guidance on cybersecurity for postmarket medical devicesmarks a departure from earlier drafts, focusing generically on cybersecurity risk management and jettisoning an early focus on the threat posed by “connected devices” that some considered too narrow.

More Warnings on Security in Implantable Medical Devices

More Warnings on Security in Implantable Medical Devices

Researchers from universities in Belgium and the UK have published research showing that a wide range of implantable medical devices, including implantable defibrillators are still vulnerable to wireless snooping and denial of service attacks. The research, which mimicked the work of a naive (or “weak”) adversary, found that few security protections have been added to such devices, years after researchers first demonstrated that they are vulnerable to wireless attacks and other manipulation.  The discoveries apply to at least 10 types of implantable cardiac defibrillators (ICDs) that are currently on the market, though the devices and manufacturers are not named. The researchers, from Katholieke Universiteit te Leuven in Belgium (KU Leuven) and the University of Birmingham in the United Kingdom echoes the claims made by the firm MedSec earlier this year, which warned of security holes in ICD devices made by St. Jude in August. That research was the foundation of a call […]

Are new laws needed to secure the Internet of Things? An article in IEEE Spectrum weighs the options.

We Need Smart Public Policy for the Internet of Things | IEEE Spectrum

In-brief: is regulation the right approach to securing The Internet of Things or can industry clean up its own act? IEEE Spectrum takes a look.