The U.S. government has issued an alert about vulnerabilities that could compromise the cybersecurity of a paired cardiac device, reports Mass Device.
Medtronic’s MyCareLink (MCL) Smart Model 25000 patient reader is potentially vulnerable to improper authentication, heap-based buffer overflow and the time-of-check/time-of-use race condition, according to a notice from DHS.
Successful exploitation of the vulnerabilities could result in an attacker being allowed to modify or fabricate data from the implanted cardiac device being uploaded to the CareLink network and remotely execute code on the MCL smart patient reader device, which could allow control of a paired cardiac device.
Read more at Mass Device.
