The second series of the TV show Homeland has brought the possibility of compromised medical equipment to wider awareness, though the details were unrealistic.
Paging Dr Evil: Philips medical device control kit 'easily hacked'
Researchers have discovered security problems in management systems used to control X-ray machines and other medical devices. Terry McCorkle and Billy Rios of security start-up Cylance used fuzzing approaches previously applied to unearth security holes in industrial control systems to find a way into the Xper Information …
-
This post has been deleted by its author
-
Friday 18th January 2013 17:41 GMT Tom Maddox
There's your problem
Both the US Department of Homeland Security (DHS) ICS-CERT, which normally deals with security issues involving industry control kit, and the US Food and Drug Administration (FDA) are reportedly taking an interest in the issue.
Clearly the problem is excessive regulation by the federal authorities. They shouldn't bother the poor manufacturer with their intrusive regulations and requirements; they should just let the free market sort it out!
(This is what some people actually believe.)
-
-
This post has been deleted by its author
-
Saturday 19th January 2013 18:41 GMT Anonymous Coward
Jackpotting an ATM ..
`Last year Barnaby Jack, the security researcher best known for "jackpotting" an ATM live on stage at BlackHat 2010'
July 2010: Barnaby Jack hits ATM jackpot at Black Hat
"according to Jack there's an easier, much more alarming way to get the money out. Criminals can connect to the machines by dialing them up"
April 1988: Dial-Back Modem Security
"An increasingly popular technique for protecting dial-in ports from the ravages of hackers and other more sinister system penetrators is dial back operation wherein a legitimate user initiates a call to the system he desires to connect with, types in his user ID and perhaps a password, disconnects and waits for the system to call him back at a prearranged number"
-
Monday 21st January 2013 12:14 GMT Anonymous Coward
bit more complicated than that
Once a device has been certified by the FDA then the manufacturer has no real liability should it be proven to be wide open to attack and the FDA has not seen security as an issue worth looking into -even now that all these devices are becoming network aware.
Most devices started appearing with ethernet ports over the last 15 years and it was ~10 years ago when the first devices with "wifi" logos turned up in the hospital that i worked in. The ECG machine next to me has 802.11g with WEP and a well old version of telnet on it.
I predict that as soon as people start doing formal testing of any kit then, like Barnaby et al, they will discover that it is all pwnable. It is just that the kit is very expensive to buy and tends to be traded on when it reaches eol.
This topic is closed for new posts.
Biting the hand that feeds IT
