Study finds flaws in criticism of St. Jude cyber security
- Goldman sends Dow to record high, techs lift S&P, Nasdaq
- Oil tops $55 for first time in 16 months as OPEC deal fuels buying
- Consolidated Communications (CNSL) to Acquire FairPoint Communications (FRP) in $1.5B Deal
- Pre-Open Stock Movers 12/05: (FRP) (GMED) (CHK) Higher; (CERC) (HDSN) (MRVL) Lower (more...)
- Burberry rejects multiple takeover offers from Coach: Financial Times
The ticker and trading information for St. Jude Medical is displayed where the stock is traded on the floor of the New York Stock Exchange (NYSE) in New York City, U.S., April 28, 2016. REUTERS/Brendan McDermid
News and research before you hear about it on CNBC and others. Claim your 2-week free trial to StreetInsider Premium here.
By Ransdell Pierson
(Reuters) - University of Michigan researchers on Tuesday said their own experiments undermine recent allegations of security flaws in St. Jude Medical Inc's pacemakers and other implantable medical devices.
Shares of St. Jude fell 5 percent on Thursday after short-selling firm Muddy Waters and its business partner, cyber security company MedSec Holdings Inc, alleged finding significant security bugs in the company's Merlin@home device for monitoring implanted heart devices. They said the flaws could potentially enable others to remotely speed up the heart devices or drain their power.
The university said its researchers came "to strikingly different conclusions" after generating the conditions reported by Muddy Waters.
The team consisted of several leading medical device security researchers and a cardiologist from the university, it said in a release.
Muddy Waters founder Carson Block said he shorted St. Jude shares after MedSec approached him three months ago with results of research it had conducted into the company's medical device security.
In an unusual deal, Block said he hired the cyber security firm as a consultant and agreed to pay it a licensing fee for the research and a percentage of any profits from the investment.
The University of Michigan's team reproduced error messages, or signs of a problem, which Muddy Waters cited as evidence of a successful "crash attack" into a home-monitored implantable heart device. But the messages are the same set of errors that display if the device is not properly plugged in, the university said.
"We're not saying the (Muddy Waters) report is false; we're saying it's inconclusive because the evidence does not support their conclusions," said Kevin Fu, University of Michigan associate professor of computer science and engineering and director of the Archimedes Center for Medical Device Security.
St. Jude has called the Muddy Waters report "false and misleading," saying most of the observations applied to older versions of its Merlin@home devices that had not been patched with security upgrades.
Muddy Waters issued a statement saying the firm was not surprised that the result of the research was inconclusive.
"We deliberately did not publish detailed information on the vulnerabilities, exploits or attacks on the devices in order to avoid giving the play book to potential attackers," the statement said. "If anything, this proves that we were responsible with our disclosure."
(Reporting by Ransdell Pierson; Editing by Frances Kerry and Andrew Hay)
Serious News for Serious Traders! Try StreetInsider.com Premium Free!
You May Also Be Interested In
- Somali forces say killed three in attack on Islamic State-linked fighters
- Amazon introduces first physical grocery store
- Kuwait's anti-austerity lawmakers threaten reform plans
Create E-mail Alert Related CategoriesReuters
Related EntitiesMuddy Waters LLC
Sign up for StreetInsider Free!
Receive full access to all new and archived articles, unlimited portfolio tracking, e-mail alerts, custom newswires and RSS feeds - and more!