Archives for 

Security Conference

Thousands of medical systems are exposed to widespread cyber-attacks – Derbycon

medical devices hacked foxRecent reports presented by Scott Erven and Mark Collao at Derbycon have revealed that thousands of medical systems are exposed to widespread cyber-attacks. The researchers reported that a giant U.S. medical organization with 12,000 staff and 3,000 physicians has over 68,000 systems that are vulnerable. The researchers indicate that this is just the tip of the ice berg, as thousands of similar organizations are exposed too.

According to The Register, the vulnerabilities are not limited to one kind of system but cut across a large number of categories. It is reported that these include 21 anesthesia, 488 cardiology, 67 nuclear medical and 133 infusion systems in addition to 97 MRI scanners and 323 picture archiving and communications devices.

To detect the vulnerabilities, they made internet searches using the Shodan search engine. They were able to identify some gaps that allowed for administrative access over the open, public internet- resulting in more than 55,000 SSH and web logins and 299 malware payloads. They attracted mostly clueless attackers using “real life” MRI and defibrillator machine honeypots that mimicked actual medical devices.

With 5 years’ experience in securing medical devices, Erven, also an associate Director at Protiviti, paints a very gloom picture. He indicates that hackers have access to critical hospital machinery. Furthermore, alteration of the search in order to target specialty clinics such as pediatrics and podiatry revealed more cause for concern. They machines had numerous misconfigurations apart from countless direct attack channels. This exposed the clinics to data theft as well as breach of patients’ privacy.

On his part, Callao, a security consultant from NeoHapsis stated that: “You can easily craft an email and send it to the guy who has access to that [medical] device with a payload that will run on the (medical) machine,” This is made possible by the fact that attackers can build create detailed intelligence on medical centers, including the location of specific devices. He further highlighted that most of these critical systems were running on Windows XP or XP service pack two and likely do not have any antivirus. This enabled them to dangers such as execution of custom payloads, establishing shells, and lateral pivoting within a network.

GE is one of the affected medical equipment manufacturers and the report revealed that their devices granted login access a whopping 85% of the time. Some allowed for remote root access over Telnet and FTP to nuclear imaging and cardiology systems. In fact, some of these were either hard coded or had default passwords such as “bigguy”. Apart from this, there were also revelations of the failure by manufacturers to scrub out bugs thus resulting in patched flaws in over a hundred medical devices. However, Erven gave credit to GE for being the most proactive in not only fixing bugs but also interacting with security experts.

It was revealed that one of the reasons why more devices are increasingly getting exposed to danger is that most hospitals are now Wi-Fi connected and do not support arcane protocols. For half a year, they based their honeypots on numerous devices as well as a fake Twitter hacker account to attract interested would-be-attackers. The attackers did not really know what type of devices they had gained access to. However, they did enumerations, dropped payloads and even connected to command centers.

In conclusion, it is safe to say that this report reveals a serious flaw in the often critical medical systems. These flaws need to be addressed quickly and conclusively so as to eliminate the danger that they pose not only to patients but also the medical organizations.

pic ref fox

Share Button

Google Chrome can be crashed with 16 characters

If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […]
Share Button
Continue reading →

Chevrolet Corvette can be hacked by using a text message via tracking dongle( insurance dongle)

  Researchers from University of California, San Diego have demonstrated to hack Corvette by sending specially crafted SMS messages to a tracking dongle plugged to the car’s OBD-II (On-Board Diagnostics port). In a youtube video ( below) demonstrating the exploit, the researchers operated the windshield wipers,  applied and deactivated the brakes at lower speeds. ( Dongle is a […]
Share Button
Continue reading →

3 Key Take Away’s from RSA Conference 2014 – San Francisco for CISOs and Security Enthusiasts

Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month  Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions  and lot of new […]
Share Button
Continue reading →

Hackers get together for HackMiami 2013 Conference in Miami

Hackmiami had its first ever Hackers conference in Miami, Florida. Hackmiami started by a small group of passionate folks since 2008 has grown itself to a full fledged hacking community in Florida with the intention of educating the information security community in staying ahead of the bad guys. The Hackmiami 2013 conference had a variety […]
Share Button
Continue reading →