Isn't this the kind of shenanigans that usually land people on the "not so good" side of the SEC?
MedSec's 'hackable pacemaker' report autopsy: Bombshell crash claim in doubt
Researchers at the University of Michigan (U-M) have poured doubt on one claim by MedSec that St Jude Medical's implanted pacemakers and defibrillators are remotely breakable. Last week MedSec went public with a report saying that life-giving devices sold by St Jude Medical could be wirelessly compromised by hackers – who …
-
-
-
Thursday 1st September 2016 08:34 GMT Anonymous Coward
Wouldn't surprise me if there were charges other than financial shenanigans and defamation, anyway.
It's the US. Lawsuits are inevitable :).
I personally hope that the SEC takes these clowns to the cleaners in a substantial way or we will see more of these attempts to manipulate stock. The only stock that appears impervious to security revelations is MFST, but that took a good 2 decades of security problems to achieve :)
-
-
Thursday 1st September 2016 09:44 GMT Anonymous Coward
Re: stressing the crap out of a group of people who have dodgy tickers
Reminds me of a daydream I had about a possible future:
Hitmen hired by pension funds are trying to kill you off (to cut costs) while bodyguards from life insurance companies keep you alive (so they don't have to pay out). You only need to make sure that neither company knows the identity of the other so that they cannot make a deal behind your back.
-
-
-
-
Thursday 1st September 2016 07:15 GMT David 132
I know which risk I'd accept...
If, heaven help me, I was in a situation where the physician said to me
"You have a cardiac problem & are at significant risk of dying or being enfeebled if you don't get treatment. We can implant this pacemaker...oh, but if we do so, there's a trivial chance that a malicious hacker (who's specifically aware of the model of pacemaker you have, where you live, and your routine) could interfere with it wirelessly and maybe crash it..."
...I think I know how I'd evaluate those risks!
And that's even IF we take MedSec's claims at face value.
For what it's worth, I think their whole approach of notifying a brokerage house first, rather than the manufacturer or even the regulatory authorities, is utterly scummy and they deserve to be smacked senseless by the FTC, the FDA, and probably for good measure the FBI too.
-
Thursday 1st September 2016 07:20 GMT Anonymous Coward
Security blackmail
"For what it's worth, I think their whole approach of notifying a brokerage house first, rather than the manufacturer or even the regulatory authorities, is utterly scummy "
I expect to see a lot more of this. Even if the security researchers have vestigial ethics, hedge funds are often borderline financial crime and would be likely to overrule any objections with large quantities of money. The whole financial industry lines up to defend shorting whenever there are serious attempts to regulate, because they might want to do it themselves one day.
-
Thursday 1st September 2016 07:41 GMT Anonymous Coward
crooked dealings
"partnered with investment firm Muddy Waters Capital to short St Jude's stock. This allowed the pair to cash in when they made their vulnerability findings public"
Sounds like insider trading to me - they were about to publish something that would adversely affect the share price, and leaked that info to a 3rd party plus used it for personal gain. Pretty much the definition of insider. So never mind the veracity of their claim, they should be going to jail.
-
Thursday 1st September 2016 16:51 GMT David 132
Re: crooked dealings
Weeelllll.... keen though I am to see MedSec and Muddy Waters strung up by their figgins for this one (see my post above), I'm not sure that this would count as insider trading.
Insider trading, as I understand it (as an Internet armchair commenter, not a financial expert) is: making use of information that a) materially affects the value of the company, and b) isn't publicly available. So:
scenario a) Bob works for AcmeCorp, and knows that their widely-touted, under-development next-gen product is actually a crock of shit. He quietly uses that knowledge to short AcmeCorp stock.
or
scenario b) Alice, a researcher, does some digging into an AcmeCorp product that's already on the market, and discovers that it's actually a crock of shit. She uses that knowledge to short Acmecorp stock.
In the first instance, the information used is definitely "not publicly available" - as only someone inside the company would be aware of it. That's pretty much the canonical definition of insider trading, and Bob would get the book thrown at him.
In the second instance, one could argue that the info is publicly available - anyone with the time and interest to spare, could have taken an in-depth look at the product and figured out that it's a CoS... it just happens to be that Alice was the first one to do so. Alice is under no obligation to loudly announce to the world at large "hey, this product is actually a CoS, and I think AcmeCorp stock is overvalued" before she quietly places her own bets on the stock.
Short version: I think that what MedSec and Muddy Waters did is sleazy, and gives the impression that they're more concerned about making money than improving patient safety or medical security. But I don't think it's insider trading. Anyone care to demonstrate otherwise?
-
-
Thursday 1st September 2016 21:05 GMT Herby
These things (pacemakers) work in weird ways...
First the communication is by inductive coupling (not radio) which has a VERY limited range (inches). Yes, the parameters can be changed, and lots of information is there, but by and large they are not big computing devices. The pacemakers St. Jude makes (at least while I worked there about 16 years ago) run on CMOS 6502 chips. They have ALL SORTS of power conserving tricks they use since the power source is quite limited (and is about half of the implantable device). The processor wakes up for every heartbeat and does minimal stuff.
The biggest thing that happens is when it detects atrial fibrillation and needs to shock the heart to get rid of the problem. In that case the patient is VERY conscious and gets a very rude jolt (as it was described to me). It doesn't happen often, but when it does, you will know about it. The more serious ventricular fibrillation (see your nice medical show) when external paddles are usually used, a pacemaker can also give a jolt, but in that case, the patient is usually unconscious so the patient usually doesn't feel a thing.
The software inside these devices goes under quite a lot of scrutiny and LOTS of tests to see that it works properly. The chances of significant problems are really quite small.
I wish operating system vendors would be as thorough (is Redmond listening??).
-
Friday 2nd September 2016 01:45 GMT a_yank_lurker
Not Surprised
The whole episode smells of a reverse pump and dump so a criminal short selling scheme can be used. Maybe a good old fashioned, enrich the shysters class the lawsuit should be filed with the management team being held personally responsible (difficult to do but not impossible).
Biting the hand that feeds IT
