Until now we used to witness hackers taking control of devices such as smartphones, PCs and others. Now, hackers seem to have started hacking devices that are implanted inside the human body. As reported by Ars Technica, the government has warned of a new flaw in Medtronic cardio defibrillators that let hackers take control of devices implanted inside patients. These devices are said to be taken control over using radio communications.

For those unaware, Defibrillators are small devices that are surgically implanted inside a human to give regular electrical shocks in order to treat irregular heart rhythms. These are made by Medtronic. The flaw was found by security firm Clever Security and was alerted to Medtronic in January 2018. Now, however, it has been made public by the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency in the form of an advisory.

It has been mentioned that the Conexus Radio Frequency Telemetry Protocol, which is also Medtronic's proprietary method to wirelessly connect to implanted devices, used no encryption to make the wireless connection to implanted devices secure. This makes it easy for attackers to eavesdrop on the communications. Also mentioned is that the native method to connect with the device has no authentication tool in place when a new device is connected.

As per the advisory, the attacker can “interfere with, generate, modify, or intercept the radio frequency (RF) communication of the Medtronic proprietary Conexus telemetry system, potentially impacting product functionality and/or allowing access to transmitted sensitive data... The result of successful exploitation of these vulnerabilities may include the ability to read and write any valid memory location on the affected implanted device and therefore impact the intended function of the device.”

The advisory added that exploiting this flaw would require low skills and the severity of it is rated 9.3 out of 10. Meanwhile, the patients are advised to use authentic tools to monitor health, not connect unapproved devices to home monitors, use home monitors in private environments and do report if any concerning behaviour is noticed in these products.

Source: gadgetsnow.com