HomeTechnologyCritical Bugs Expose Hundreds of Thousands of Medical Devices and

Critical Bugs Expose Hundreds of Thousands of Medical Devices and


master mentalism tricks

Specialized health care devices, from imaging tools like CT scanners to diagnostic lab equipment, are often inadequately protected on hospital networks. Now, new findings about seven vulnerabilities in an internet of things remote management tool underscore the interconnected exposures in medical devices and the broader IoT ecosystem.

Researchers from the health care security firm CyberMDX, which was acquired last month by the IoT security firm Forescout, found the seven easily exploited vulnerabilities, collectively dubbed Access:7, in the IoT remote access tool PTC Axeda. The platform can be used with any embedded device, but it has proven particularly popular in medical equipment. The researchers also found that some companies have used it to remotely manage ATMs, vending machines, barcode scanning systems, and some industrial manufacturing equipment. The researchers estimate that the Access:7 vulnerabilities are in hundreds of thousands of devices in all. In a review of its own customers, Forescout found more than 2,000 vulnerable systems.

“You can imagine the type of impact an attacker could have when they can either exfiltrate data from medical equipment or other sensitive devices, potentially tamper with lab results, make critical devices unavailable, or take them over entirely,” says Daniel dos Santos, head of security research at Forescout.

Some of the vulnerabilities relate to issues with how Axeda processes undocumented and unauthenticated commands, allowing attackers to manipulate the platform. Others relate to default configuration issues, like hard-coded, guessable system passwords shared by multiple Axeda users. Three of the seven vulnerabilities rate as critical, and the other four are medium- to high-severity bugs.

Attackers could potentially exploit the bugs to grab patient data, alter test results or other medical records, launch denial of service attacks that could keep health care providers from accessing patient data when they need it, disrupt industrial control systems, or even gain a foothold to attack ATMs.

Vulnerabilities aren’t necessarily uncommon in this space, but these would be particularly easy for an attacker to take advantage of. If exploited, the potential damage of the Access:7 bugs could be comparable to that of a recent spate of ransomware attacks, which all stemmed from hackers exploiting flaws in IT management software from a firm called Kaseya. The products are different, but their ubiquity creates similar conditions for disruptive attacks. And Access:7 fits into a larger picture of inveterate IoT insecurity and historic, unresolved vulnerabilities.

The researchers worked on coordinated disclosure with PTC, which has released patches for the flaws, as well as the US Cybersecurity and Infrastructure Security Agency, H-ISAC, and the Food and Drug Administration.

“This disclosure is the culmination of a cooperative effort between PTC, CyberMDX, and CISA,” PTC told WIRED in a statement. “PTC and CyberMDX collaborated to thoroughly investigate and implement appropriate remediations for the vulnerabilities. PTC then notified customers and guided their remediations ahead of disclosure … The result is greater awareness for users and the opportunity to resolve a potential threat to their systems and data.”

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Hollywood Spotlight: Director Jon Frenkel Garcia
The Dutchman Cast: André Holland, Zazie Beetz & More Join
The Creator Reactions: Gareth Edwards’ Latest Is One of 2023’s
Company Paid Critics For Rotten Tomatoes Reviews
‘Fraggle Rock: Back to the Rock’ Season 2 Heading to
FBI Season 6 Episode 6 Review: Unforeseen
The Good Doctor Season 7 Episode 4 Review: Date Night
These Horror Book Series Would Make Great TV Adaptations
Bill McBirnie’s Reflections (For Paul Horn) 
“Be Big” by Stephanie Bettman
“Ride On” by Roots Asylum
Touch the Buffalo’s “Bodhicitta”
9 Boob Tapes That Work For All Busts, Shapes, and
Here’s Why Apple Cider Vinegar Is the Ingredient Your Hair
I Travel a Lot for Work—These Are the Useful Items
The Best Street Style Looks From the Fall 2023 Couture
No Preview
The Heaven & Earth Grocery Store: Recap & Summary
Latest in Mystery Series Follows P
Children’s Book Phenom Anoosha Syed Launches Latest
Winter 2024 Pick: The Heaven & Earth Grocery Store
Mars’s gravitational pull may be strong enough to stir Earth’s
Butterflies could lose spots as climate warms
The FDA recently approved semaglutide (Wegovy) for preventing serious heart
10 years after the deadliest US landslide, climate change is
Killing TikTok
Comedy or Tragedy?
BYD Atto 3 Electric SUV With Blade Battery Technology Launched
Bitcoin Falls to $19,000 in Anticipation of Tighter Fed Policy