On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them
- Submitting institution
-
The University of Birmingham
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 41998617
- Type
- E - Conference contribution
- DOI
-
10.1145/2991079.2991094
- Title of conference / published proceedings
- ACSAC '16 : Proceedings of the 32nd Annual Conference on Computer Security Applications
- First page
- 226
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- December
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
5
- Research group(s)
-
-
- Citation count
- -
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper uncovers a serious security vulnerability within the cryptographic protocol used in 22 Medtronic cardiac defibrillator models. The paper also proposes a formally-verified protocol that addresses these issues. The vulnerability we identified enables an attacker to wirelessly re-configure the devices, with potentially lethal consequences.
Our findings have triggered security advisories by The Food and Drug Administration (FDA) and U.S. Department of Homeland Security. Medtronic has confirmed and publicly acknowledged these issues and have committed to fix them.
This work received important media coverage including items by Reuters, NBC News, Fox News and The Telegraph among many others.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -