The Internet of Things has created an incredible opportunity to greatly increase the comfort, efficiency, and productivity of society. Likewise, it has opened a Pandora’s Box of vulnerabilities that had not been previously considered.
Take for instance the pacemaker; in a recent article (shared below) it was identified that there are 8600 vulnerabilities that exist with this crucial and lifesaving technology. The vulnerabilities specifically existed in the program libraries that the programming devices use to configure the pacemaker devices. Complicating matters, many of the pacemaker programming controllers were found to be running Windows XP, which has not been supported by Microsoft for several years.
More troubling in many ways, the programmers didn’t authenticate the users, meaning anyone who acquired one could use it. The FDA is supposed to control the access to pacemaker programming devices yet a brief eBay search by the article’s authors showed that many can be found online for sale. This creates an opportunity for a malicious entity to acquire and program one of these in a way to hold someone’s life hostage, for example by using ransomware on the programming controller. Additionally, many of the devices were found to still have patient data on them that could be sold and used to commit fraud.
Call to Action
Vulnerabilities and opportunities exist everywhere and many times in places you may not have considered.
- What are you doing to control access to critical data?
- Do you have a Bring Your Own Device policy?
- Are you using other internet connected devices?
- Do you have means of providing authentication for these technologies?
- What are you doing to secure communication with the cloud?
- Do you have an encryption policy?
To schedule a security discussion or demo please contact our Swish security team at (703) 635-3324 or email info@Swishdata.com.