Feeds

back to article Paging Dr Evil: Philips medical device control kit 'easily hacked'

Researchers have discovered security problems in management systems used to control X-ray machines and other medical devices. Terry McCorkle and Billy Rios of security start-up Cylance used fuzzing approaches previously applied to unearth security holes in industrial control systems to find a way into the Xper Information …

COMMENTS

This topic is closed for new posts.
Silver badge

The second series of the TV show Homeland has brought the possibility of compromised medical equipment to wider awareness, though the details were unrealistic.

2
0
Silver badge
Meh

I'm sure the CIA will also have an interest in being able to turn off medical equipment from a distance.

I wonder who might be on their list?

4
0
Silver badge

I wonder who might be on their list?

If only there was someone on their wanted list using cave-based kidney dialysis...

0
0

This post has been deleted by its author

Trollface

There's your problem

Both the US Department of Homeland Security (DHS) ICS-CERT, which normally deals with security issues involving industry control kit, and the US Food and Drug Administration (FDA) are reportedly taking an interest in the issue.

Clearly the problem is excessive regulation by the federal authorities. They shouldn't bother the poor manufacturer with their intrusive regulations and requirements; they should just let the free market sort it out!

(This is what some people actually believe.)

14
1
Gold badge
Thumb Down

"Current Xper IM systems do not use this version of software"

Because of course medical organisations always update their software to the latest version.

Yeah right.

7
0
Holmes

"Current Xper IM systems do not use this version of software," a Philips spokesman told Dark Reading.

"Current" meaning anything coming off the assembly line from now since they patched the hole last last night.

10
0

This post has been deleted by its author

Joke

What they didnt mention was a hidden rootkit from the programming machine which fixes "the bug"

2
0
Anonymous Coward

Jackpotting an ATM ..

`Last year Barnaby Jack, the security researcher best known for "jackpotting" an ATM live on stage at BlackHat 2010'

July 2010: Barnaby Jack hits ATM jackpot at Black Hat

"according to Jack there's an easier, much more alarming way to get the money out. Criminals can connect to the machines by dialing them up"

April 1988: Dial-Back Modem Security

"An increasingly popular technique for protecting dial-in ports from the ravages of hackers and other more sinister system penetrators is dial back operation wherein a legitimate user initiates a call to the system he desires to connect with, types in his user ID and perhaps a password, disconnects and waits for the system to call him back at a prearranged number"

0
0
Anonymous Coward

bit more complicated than that

Once a device has been certified by the FDA then the manufacturer has no real liability should it be proven to be wide open to attack and the FDA has not seen security as an issue worth looking into -even now that all these devices are becoming network aware.

Most devices started appearing with ethernet ports over the last 15 years and it was ~10 years ago when the first devices with "wifi" logos turned up in the hospital that i worked in. The ECG machine next to me has 802.11g with WEP and a well old version of telnet on it.

I predict that as soon as people start doing formal testing of any kit then, like Barnaby et al, they will discover that it is all pwnable. It is just that the kit is very expensive to buy and tends to be traded on when it reaches eol.

0
0
This topic is closed for new posts.