As more companies rush to make every single item connected, the threat of hackers compromising these systems also increases. But it’s not just smart home products that are at risk; the Food and Drug Administration has issued a warning over cybersecurity vulnerabilities found in cardiac devices such as pacemakers.
The FDA notice states that the problem is related to the Merlin@home Transmitters manufactured by St. Jude Medical. They are part of a home monitoring system that transmits and receives RF signals used to wirelessly connect to implanted cardiac devices and read their stored data.
Engadget reports that once the Merlin accesses the information stored on a pacemaker, it’s uploaded to the Merlin.net Patient Care Network, where medical staff can access and monitor the device and the patient's health.
The FDA notice doesn’t go into specifics, but it does warn that if the vulnerabilities in the Merlin were exploited, hackers could “modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
The note emphasizes that there have been no reports of the devices being hijacked, and St. Jude Medical has developed a patch that fixes the security issues. It started rolling out yesterday and will be automatically applied over-the-air to affected Merlin products – just make sure they’re switched on and connected to the network.
The move follows months of denials by St. Jude that its heart implants contain any security vulnerabilities. Last year, Muddy Waters - an investment house founded by Carson Block - published a report claiming St. Jude's devices could be hacked. St. Jude called the claims “false and misleading,” before launching legal action against the company.
In a statement, Block said the FDA's announcement "vindicates" the firm's research. "It also reaffirms our belief that had we not gone public, St. Jude would not have remediated the vulnerabilities," Block said. "Regardless, the announced fixes do not appear to address many of the larger problems, including the existence of a universal code that could allow hackers to control the implants."