A critical vulnerability was found in smartwatch software used to help elderly patients. The vulnerability would have allowed hackers to access the watches, sometimes designed to help elderly patients with dementia, and fatally interfere with their treatment.
Security weaknesses in IoT devices continue to make headlines. It\’s not surprising that there is a real push to ensure medical device providers in particular have a process to accept vulnerability reports from third party researchers and the FDA has recently released guidance on how providers should do this because any issues in the device are really messy to clean up. The ETSI has also recently released guidance for all IoT manufacturers selling in Europe on the same theme. However, in this case, the weakness actually wasn\’t in the device but was a bug in the API that communicated with the watch, a super common vulnerability that we see on thousands of customer assets. It\’s great to see that 3G Electronics responded to the researchers and swiftly fixed the vulnerability. This speedy mitigation shows just how important it is to be open to working alongside the creative and diverse hacking community, who genuinely want to help secure products for those who need them.