{
  "docId": "019dd923-622c-750b-8b96-73aafa09c850",
  "docSlug": "9686328c7016",
  "documentTitle": "St. Jude Medical (STJ)",
  "authorId": "51_Muddy_Waters",
  "authorName": "Carson Block",
  "documentKindSlug": "research-note",
  "documentKindLabel": "Research note",
  "sourceTypeSlug": "short_seller",
  "sourceTypeLabel": "Short seller",
  "presentationDate": "2016-08-29 00:00:00",
  "orientation": "portrait",
  "aspectRatio": 0.77272725,
  "pageNumber": 2,
  "pageCount": 6,
  "prevPage": 1,
  "nextPage": 3,
  "slideType": "preempt_rebuttal",
  "function": "preempt_rebuttal",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "This is a research note page from a report by MedSec/MWC regarding St. Jude Medical (STJ) device security.",
  "elementsJson": [
    "paragraph",
    "bullet_list",
    "footnote",
    "quote_block"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-622c-750b-8b96-73aafa09c850/2",
  "deckHref": "/decks/019dd923-622c-750b-8b96-73aafa09c850",
  "deckJsonHref": "/decks/019dd923-622c-750b-8b96-73aafa09c850.json",
  "deckAnchorHref": "/decks/019dd923-622c-750b-8b96-73aafa09c850#slide-2",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "There were two components to STJ's response: substance (~20%) and fluff (~80%).",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd953-203b-7073-9f32-78a00d9f7786",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.25,
        "w": 0.764,
        "x": 0.118,
        "y": 0.337
      },
      "kind": "list",
      "text": "STJ responded that users would have to be within seven feet of a Merlin@home in order to be vulnerable to attacks... It acknowledges that the hundreds of thousands of active Merlin@home users who sleep near their Merlin@homes would obviously be vulnerable... It completely ignores our comments about broadcasting an attack through a software-defined radio (\"SDR\")...",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "294e54ff-9f71-4f5d-a871-1757f2dc7360",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.075,
        "w": 0.764,
        "x": 0.118,
        "y": 0.615
      },
      "kind": "paragraph",
      "text": "2. STJ seems to want to give the impression that its software updates addressed \"the majority\" of the vulnerabilities MedSec identified. The below statement from STJ's response seems to be an admission that a) STJ is aware it distributed devices with serious vulnerabilities, and b) STJ believes some vulnerabilities still exist on the device.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "05c5cb4d-025e-4b3d-a735-60543eaf69c4",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.065,
        "w": 0.764,
        "x": 0.118,
        "y": 0.178
      },
      "kind": "paragraph",
      "text": "This past Friday, STJ published a response to the report MWC issued the day before. STJ's response contained very little substance, and actually included admissions to several key points. There are no changes to MedSec or our conclusions about the lack of security in the STJ device ecosystem, and our belief in the need for recall and remediation.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "34ad6dc1-3c4b-47c9-ab6f-3716038b2ba7",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.72,
        "x": 0.14,
        "y": 0.723
      },
      "kind": "quote",
      "text": "\"Our analysis concluded that the majority of the observations in the report apply to older versions of the Merlin@home™ devices (i.e., those that have not been updated through the automated remote upgrade process).\"",
      "attrs": null,
      "subkind": "pull-quote",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "dcc745be-581b-4b54-b38f-2f89d30cb116",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "quote",
      "text": "Our analysis concluded that the majority of the observations in the report apply to older versions of the Merlin@home™ devices (i.e., those that have not been updated through the automated remote upgrade process). — St. Jude Medical",
      "attrs": null,
      "subkind": null,
      "toolName": "Authority citation",
      "toolSlug": "authority-citation",
      "confidence": null,
      "componentId": "019dd953-203b-7073-9f32-7c2ca1acbb57",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.764,
        "x": 0.118,
        "y": 0.82
      },
      "kind": "source-note",
      "text": "1 This report is written for investors, and is deliberately non-technical. 2 The crux of STJ's argument seems to be that when an implantable device is inside a person, the range is greatly shortened compared to laboratory range in which the device is not implanted. 3 As we stated in the August 25, 2016 report (the \"Report\"), it would be illegal to attempt to validate the theory that these (and other) attacks against STJ devices could be executed on a large scale basis. 4 See Report, p. 15.",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "8b4aa245-da00-44f4-9eff-abfe978bf724",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.015,
        "w": 0.186,
        "x": 0.407,
        "y": 0.125
      },
      "kind": "title",
      "text": "STJ: Still Non-Secure",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "6c2a74d1-669a-4b81-8338-99cb12261fac",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 5,
      "from": 2,
      "beatId": "00b380e0-e19f-4a6e-ad54-6c51909a9cc5",
      "arcName": "Overcoming the Monster",
      "arcSlug": "overcoming-monster",
      "beatName": "The Monster",
      "beatSlug": "overcoming-monster-the-monster",
      "evidence": "The analysis of St. Jude Medical's credibility and the exposure of contradictions",
      "position": 0,
      "confidence": 0.8,
      "parentBeatName": "Hook",
      "parentBeatSlug": "hook"
    }
  ],
  "loops": [
    {
      "to": 5,
      "from": 2,
      "name": "Myth Buster",
      "slug": "12-myth-buster",
      "bestFor": "Rebranding, changing market perception, correcting false assumptions",
      "matchId": "250b742a-5438-494d-ae72-24c9b8a42556",
      "evidence": "The document exposes contradictions in STJ's response",
      "position": 1,
      "objective": "What are the contradictions in St. Jude Medical's response?",
      "structure": "The Common Belief -> The Friction/Failure of that Belief -> The New Truth",
      "confidence": 0.8,
      "description": "Address a common misconception head-on to clear the room for a new truth"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}