DHS Finds Vulnerabilities in Medtronic’s Heart Implant Reader

The Department of Homeland Security (DHS) warned that Medtronic’s Smart Model 25000 Patient Reader, a portable device that communicates with its implanted heart device, is vulnerable to certain cybersecurity exploits.

The department said that the communication device could have its data edited or faked if an attacker uses certain exploits, including improper authentication and heap-based buffer overflow vulnerabilities.

“Successful exploitation of these vulnerabilities together could result in the attacker being able to modify or fabricate data from the implanted cardiac device being uploaded to the CareLink Network and remotely execute code on the MCL Smart Patient Reader device, which could allow control of a paired cardiac device,” DHS warned, noting that Medtronic has put out a firmware update that patches the issues.