FDA Warns Abbott on IoT Vulnerability & More

  /     /     /  
Publicated : 22/11/2024   Category : security


FDA Warns Abbott on IoT Vulnerability & More


The FDA delivered a strongly worded warning to Abbott Labs about continuing vulnerabilities and defects in implantable devices.



Cleaning up a mess is never fun. Cleaning up an inherited mess is worse, and thats the position in which Abbott Labs finds itself after a harsh letter of warning from the US FDA.
At issue are the pacemakers and internal defibrillators sold by St. Jude Medical before the company was acquired by Abbott Labs in January 2017. According to the
FDAs Warning Letter
, St. Jude Medical (now Abbott Labs) has failed to correct previously noted problems in the battery and cybersecurity vulnerabilities in both pacemakers and internal defibrillators. The letter, dated April 12, noted that the company has failed to either correct the problems or implement procedures to insure that they do not recur. In addition, the letter cites Abbott labs for selling a small number of units already under a recall order.
In January,
the FDA confirmed
that the St. Jude Medical devices contained software with vulnerabilities that could allow an unauthorized third party to gain control of the pacemaker or defibrillator and quickly run down the battery or deliver a series of shocks at the wrong time. At the time, St. Jude said that it had developed a software patch that could be automatically applied to devices through the Merlin@home transmitter each patient uses with the devices. Abbott Labs also said that it was working with both the FDA and DHS to improve device security.
The original vulnerability report, published by investment firm
Muddy Waters Research
and based on ethical hacking from
MedSec
, was controversial because Muddy Waters released the information, which described vulnerability to man-in-the-middle attacks in the implantable devices, in a statement regarding stock sales and purchases rather than in a private message to either St. Jude Medical or the FDA.
The latest FDA warning letter indicates that Abbott Labs has not dealt with the problem to the satisfaction of the FDA. On a larger scale, this is the sort of IoT security issue that many experts have warned about: critical components containing serious vulnerabilities deployed in difficult-to-update scenarios. Companies that sell IoT systems, as well as those that are their customers, are likely to be watching the interaction of Abbott Labs and the FDA to see how future IoT vulnerabilities will be dealt with by regulators and industry.
— Curtis Franklin, Security Editor,
Light Reading

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FDA Warns Abbott on IoT Vulnerability & More