{
  "docId": "019dd923-622c-750b-8b96-76efb5813bae",
  "docSlug": "8ff52fe302da",
  "documentTitle": "St. Jude Medical (STJ)",
  "authorId": "51_Muddy_Waters",
  "authorName": "Carson C. Block",
  "documentKindSlug": "research-note",
  "documentKindLabel": "Research note",
  "sourceTypeSlug": "short_seller",
  "sourceTypeLabel": "Short seller",
  "presentationDate": "2016-08-25 00:00:00",
  "orientation": "portrait",
  "aspectRatio": 0.77272725,
  "pageNumber": 15,
  "pageCount": 34,
  "prevPage": 14,
  "nextPage": 16,
  "slideType": "problem_statement",
  "function": "diagnose_problem",
  "density": "overcrowded",
  "nDataPoints": 2,
  "notes": "This is a research note detailing cybersecurity vulnerabilities in medical devices.",
  "elementsJson": [
    "paragraph",
    "bullet_list",
    "footnote"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-622c-750b-8b96-76efb5813bae/15",
  "deckHref": "/decks/019dd923-622c-750b-8b96-76efb5813bae",
  "deckJsonHref": "/decks/019dd923-622c-750b-8b96-76efb5813bae.json",
  "deckAnchorHref": "/decks/019dd923-622c-750b-8b96-76efb5813bae#slide-15",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "MedSec demonstrated two types of potentially catastrophic attacks: \"crash\" attacks that remotely disable cardiac devices, and in some cases, appear to cause the Cardiac Device to pace at a dangerous rate, and a battery drain attack that remotely runs Cardiac Device batteries down.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd953-1ac3-70f9-854f-bef005600301",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.8,
        "x": 0.1,
        "y": 0.35
      },
      "kind": "list",
      "text": "“crash” attacks that remotely disable cardiac devices, and in some cases, appear to cause the Cardiac Device to pace at a dangerous rate, and a battery drain attack that remotely runs Cardiac Device batteries down.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d7f0ce34-e0a9-4365-b9fb-6d4df73dc86c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.07,
        "w": 0.8,
        "x": 0.1,
        "y": 0.2
      },
      "kind": "paragraph",
      "text": "In the U.S. alone, STJ has over 260,000 active Merlin@home devices in the homes of users of Cardiac Devices. (The worldwide number is likely hundreds of thousands of units higher.) Many Merlin@home users keep the devices in their bedrooms, connected to STJ’s network while they sleep.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0cf926a6-540c-4ba1-b424-7e46f90c59fd",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.8,
        "x": 0.1,
        "y": 0.52
      },
      "kind": "paragraph",
      "text": "It is important to note that MedSec demonstrated these attacks on pacemakers and ICDs. CRTs, which were 16% of 2015 revenue, were unavailable for the demonstrations. Because these attacks exploit the communication protocol between the Merlin@home devices and the Cardiac Devices, MedSec is confident that CRTs are similarly vulnerable.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "5aba308d-d9dd-4f7b-b69c-fcb96dad806a",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.06,
        "w": 0.8,
        "x": 0.1,
        "y": 0.09
      },
      "kind": "paragraph",
      "text": "STJ reworks large portion of the code of the Merlin@home, Programmer, and implantable Cardiac Devices. The company should include anti-fuzzing, anti-debugging methods, buffer overflow protection, integer overflow protection, and string format protection.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "a77f7776-a55b-482b-a626-106f8208a583",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.8,
        "x": 0.1,
        "y": 0.65
      },
      "kind": "paragraph",
      "text": "The Crash Attacks involve broadcasting a combination of signals that places Cardiac Devices into a state of malfunction. Many of the Cardiac Devices tested are vulnerable to attacks broadcast through a single Merlin@home device that is either compromised, or via a software defined radio (“SDR”) using a broadcast antenna. The Crash Attacks generally took less than one hour to take effect.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c0a9d24d-c7ae-449a-b56f-98631cd66182",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "quote",
      "text": "\"Software-defined radio (SDR) is a radio communication system where components that have been typically implemented in hardware (e.g. mixers, filters, amplifiers, modulators/demodulators, detectors, etc.) are instead implemented by means of software on a personal computer or embedded system.\" — Markus Dillinger, Kambiz Madani, Nancy Alonistioti (via Wikipedia/Wiley & Sons, 2003)",
      "attrs": null,
      "subkind": null,
      "toolName": "Authority citation",
      "toolSlug": "authority-citation",
      "confidence": null,
      "componentId": "019dd953-1ac3-70f9-854f-c35c35e87e35",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.8,
        "x": 0.1,
        "y": 0.78
      },
      "kind": "source-note",
      "text": "17 As of May 2014... 18 “Software-defined radio (SDR) is a radio communication system...",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0856a36a-0975-4150-af9e-5ea96b8026ca",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.5,
        "x": 0.1,
        "y": 0.16
      },
      "kind": "title",
      "text": "Demonstrated Attacks – Likely Just Two of Many Possibilities",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "2b8948a9-9f71-46fc-a2f1-8925bca29e8e",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.2,
        "x": 0.1,
        "y": 0.62
      },
      "kind": "title",
      "text": "a. “Crash Attacks”",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f64b7643-688b-4a56-94a8-d6928a405361",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 16,
      "from": 15,
      "beatId": "6559ca19-6514-47c9-9f35-ed43e8a37ab7",
      "arcName": "Problem-Agitate-Solution",
      "arcSlug": "problem-agitate-solution",
      "beatName": "Agitate (Make it worse)",
      "beatSlug": "problem-agitate-solution-agitate-make-it-worse",
      "evidence": "The document agitates the problem by highlighting demonstrated attacks and potential consequences",
      "position": 1,
      "confidence": 0.8,
      "parentBeatName": "Development",
      "parentBeatSlug": "development"
    }
  ],
  "loops": [],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}