Medtronic MyCareLink 24950 Patient Monitor

Monitor4.9ICS-CERT ICSMA-18-219-01Aug 7, 2018

Attack VectorPhysical

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Hardcoded or insecurely stored credentials in Medtronic MyCareLink 24950 and 24952 monitors allow an attacker with physical access to extract per-product credentials used for authenticating data uploads to the CareLink network and encrypting data at rest. With these credentials, an attacker can upload falsified patient data to the CareLink server without authentication. Additionally, weak or missing verification of data integrity on the server allows invalid data to be accepted. Medtronic has implemented server-side updates to improve verification and is implementing additional mitigations for data integrity and authenticity. These vulnerabilities require physical device access and high skill level; no remote exploit path exists.

What this means

What could happen

An attacker with physical access to the monitor could extract embedded credentials used to authenticate data uploads and encrypt stored data. If those credentials leak, an attacker could upload falsified patient data to the Medtronic CareLink network, potentially affecting clinical decisions.

Who's at risk

This advisory affects patient monitoring facilities that deploy Medtronic MyCareLink 24950 and 24952 monitors in home care, assisted living, or remote patient monitoring programs. Facilities, nurses, and care coordinators who rely on CareLink data for clinical decisions should be aware that data integrity could be compromised if a monitor is physically compromised and credentials are stolen.

How it could be exploited

An attacker must physically access the device and extract hardcoded or weakly stored credentials from the device memory or firmware. Once extracted, the credentials can be used remotely to authenticate fraudulent data uploads to the CareLink server, or to decrypt sensitive patient data at rest.

Prerequisites

Physical access to the 24950 or 24952 monitor
Capability to extract firmware or memory contents (device disassembly or debug interface access)
Knowledge of credential extraction techniques

No patch availableRequires physical access but low technical barrier once device is openedAffects patient safety through data integrity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

24950 MyCareLink Monitor: all versionsAll versionsNo fix (EOL)

24952 MyCareLink Monitor: all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGMaintain strict physical control and security over the home monitor—store in a secure location with limited access

HARDENINGObtain monitors only directly from healthcare provider or authorized Medtronic representative to ensure device integrity

HARDENINGVerify the integrity of any files or software before upload or installation; only use sources from trusted healthcare providers or Medtronic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Medtronic security advisories for server-side mitigations that enhance data integrity and authenticity

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: 24950 MyCareLink Monitor: all versions, 24952 MyCareLink Monitor: all versions. Apply the following compensating controls:

HARDENINGEnsure patient monitors are not accessible from the Internet; isolate on a private home network if remote connectivity exists

CVEs (2)

CVE-2018-10626 CVE-2018-10622

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2be50ba8-c7e5-4d34-af20-a8c03a86e227