Two years ago, researchers Billy Rios and Jonathan Butts discovered disturbing vulnerabilities in Medtronic's popular MiniMed and MiniMed Paradigm insulin pump lines. An attacker could remotely target these pumps to withhold insulin from patients, or to trigger a potentially lethal overdose. And yet months of negotiations with Medtronic and regulators to implement a fix proved fruitless. So the researchers resorted to drastic measures. They built an Android app that could use the flaws to kill people.
Rios and Butts, who work at the security firm QED Security Solutions, had first raised awareness about the issue in August 2018 with a widely publicized talk at the Black Hat security conference in Las Vegas. Alongside that presentation, the Food and Drug Administration and Department of Homeland Security warned affected customers about the vulnerabilities. Medtronic itself didn't publish a security bulletin until March 2019. And no one presented a plan to fix or replace the devices. To spur a full replacement program, which ultimately went into effect at the end of June, Rios and Butts wanted to convey the true extent of the threat.
"We’ve essentially just created a universal remote for every one of these insulin pumps in the world," Rios says. "I don’t know why Medtronic waits for researchers to create an app that could hurt or kill someone before they actually start to t ..
Support the originator by clicking the read the rest link below.
