The Department of Homeland Security is warning users of Medtronic defibrillators of two vulnerabilities that could lead to an attacker accessing and altering the device.

The warning, which was issued through the DHS Cybersecurity and Infrastructure Security Agency, covers two vulnerabilities, CVE-2019-6538 and CVE-2019-6540. A complete list of the models affected can be found here.

The first is a flaw in the Conexus telemetry system the device use to communicate that does not implement authentication or authorization. This could allow an attacker, who must be relatively close to the defibrillator to intercept, read, modify and inject data into the device’s RF signal. This, in turn, would allow someone to read or write to the memory of the implanted device.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.