Don’t Turn Lifesaver into Killer

If a human being is a sophisticated machine, then heart is the engine that restlessly provides power to it. Once the engine breaks down, it’s hard to imagine how this machine may continue to work. This is the severity of a heart attack. In contrast to the old days when patients kept themselves on their toes for the life-and-death moment, nowadays people are privileged with state-of-the-art technology — implanted cardio defibrillators. Being a typical example of extension of Internet connectivity into physical devices (IoT), it monitors your heart rate and maintains a steady heart rate using electrical shocks.

However, the security of this device is being questioned recently. The federal government of the United States warned in this March of a serious flaw in Medtronic cardio defibrillators that leaves lethal vulnerabilities for hackers, and advised patients to keep their monitors and programmers updated and in sight. With malicious intent and certain technological proficiency, someone is fully capable of obtaining personal and physical information, as well as manipulating the implanted device per se, without any encryption or authentication. Doors are wide open for dangers.

The news has not only alerted individuals with heart diseases, but also put Medtronic in the teeth of the storm. Responding to the authoritative warning, Ryan Mathre, Medtronic representative, claimed that it takes “comprehensive and specialized knowledge of medical devices, wireless telemetry, and electrophysiology” for someone with malicious intent to cause harm to patients, and that no victims have been reported yet.

Admittedly, these requirements make it far less possible for the vulnerabilities to be exploited, but the statements function more as a public relation campaign – because it makes no excuse for providers like Medtronic to overlook the importance of security.

The whole point of security is to serve as a precaution before tragedy happens. It’s only too late when a promising life dies from the security flaws of his or her life-saving device. Fortunately, the silver lining still resides in this story. Apart from the Department of Homeland Security, scientists and researchers from Clever Security are also working on these issues. Through proof-of-concept attack, they switch to the hackers’ perspective to see the vulnerabilities of a software, based on which they patch things up.

The reason for Clever Security to get involved in this matter is not as technological as the company’s name suggests. “Since our friend had this device implanted, there was a visceral sense of duty to ensure that the vulnerability gets patched with the utmost care for anyone affected by the vulnerability…Hopefully he’s a little bit safer than when we started,” said Morgan, the Clever Security founder.

We share similar concerns with Clever Security. When emails serve as the primary and official means to negotiate and close your deals, things are the same for us. We can’t attach more importance to email security and believes that noticing is better than nothing and that now is better than never. Under the scenario of emailing, we strive to think and act ahead of scam, phishing, ransomware and business email compromise.

After telling whether or not the email you receive is safe, Mr. Post marks the dangerous parts with only one click.

Mr. Post

Having sorted out and organized your emails, you can maintain these crucial data with Mr. Guard and get free from unauthorized data tampering.

Mr. Guard

Both are available on MicroSoft AppSource FOR FREE. Get protected now.

Reference:

[1] https://arstechnica.com/information-technology/2019/03/critical-flaw-lets-hackers-control-lifesaving-devices-implanted-inside-patients/

[2] https://www.engadget.com/2019/03/22/dhs-warning-medtronic-implantable-defibrillator-flaws/

[3] Photo by BruceBlaus on Wikipedia, as well as David Alberto Carmona Coto, Travis SaylorHelena Lopes and Louis Bauer from Pexels.

2019-04-04T07:12:28+08:00April 2nd, 2019|Insight|