What’s the matter?
The Food and Drug Administration (FDA) has issued a warning to consumers about critical cybersecurity flaws in some medical devices that could allow hackers to take complete control of them.
What devices are vulnerable?
Security researchers have detected 11 vulnerabilities in medical devices that could allow attackers to remotely take control of them and change their functionality causing a denial of service.
Medical devices that use third-party and outdated software called IPnet are vulnerable. However, how many devices such as insulin pumps or pacemakers are vulnerable to hacking remains unknown.
“Though the IPnet software may no longer be supported by the original software vendor, some manufacturers have a license that allows them to continue to use it without support. Therefore, the software may be incorporated into a variety of medical and industrial devices that are still in use today,” the FDA said.
What actions are being taken?
“However, due to the complexities in how the code from the IPnet third-party software component was incorporated into various medical devices and the availability of the exact operating system versions impacted, it will be difficult to develop a comprehensive list of affected devices,” Alison Hunt, FDA spokeswoman said in a statement.