Muddy Waters Capital today launched a new website, profitsoverpatients.com, posting more demo videos and information about vulnerabilities in St. Jude Medical (STM) implantable cardiac devices.
Last month, STM filed a lawsuit against Muddy Waters and MedSec, the security research firm that discovered the vulnerabilities. Rather than disclose the flaws to STM (claiming a history of inadequate response to safety concerns) MedSec teamed up with Muddy Waters to short-sell STM stock. Muddy Waters has created the ProfitsOverPatients.com site as part of their defense against the lawsuit.
The site includes four videos demonstrating "shock-on-T," "emergency shock," "vibrate the ICD," and "disable tachy therapy" attacks, which Muddy Waters asserts exploit STM's [email protected] wireless communication device to "broadcast potentially lethal commands" to STM's implantable cardiac devices.
In a brief, Reuters reported that the CEO of St. Jude "continues to believe allegations of cyber security problems with its heart devices are without merit," and that Muddy Waters is attempting to "'sensationalize, confuse and misrepresent' cyber security of St. Jude devices for its own financial gain."