Security News > 2020 > December > Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices
Vulnerabilities discovered in Medtronic's MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device.
Designed to obtain information from a patient's implanted cardiac device, the MCL Smart Patient Reader then sends the data to the Medtronic CareLink network, to facilitate care management, through the patient's mobile device.
Three vulnerabilities discovered by researchers at IoT security firm Sternum in the MCL Smart Model 25000 Patient Reader could be exploited to modify or fabricate data that is transmitted from the implanted patient device to the CareLink network.
They could allow an attacker to execute code remotely on the MCL Smart Patient Reader, essentially taking control of the paired cardiac device.
"This vulnerability enables an attacker to use another mobile device or malicious application on the patient's smartphone to authenticate to the patient's Medtronic Smart Reader, fooling the device into believing it is communicating with the original Medtronic smart phone application when executed within range of Bluetooth communication," CISA notes in an advisory.