Home / Security / Security: A widely used infusion pump can be remotely hijacked, say researchers

Security: A widely used infusion pump can be remotely hijacked, say researchers

Security:

A workstation used to dock an infusion pump widely used in hospitals and medical facilities has critical security flaws that allow it to be remotely hijacked and controlled, according to security researchers.

Researchers at healthcare security firm CyberMDX found two vulnerabilities in the Alaris Gateway Workstation, developed by medical device maker Becton Dickinson.

Infusion pumps are one of the most common bits of kit in a hospital. These devices control the dispensing of intravenous fluids and medications, like painkillers or insulin. They’re often hooked up to a central monitoring station so medical staff can check on multiple patients at the same time.

But the researchers found that an attacker could install malicious firmware on a pump’s onboard computer, which powers, monitors and controls the infusion pumps. The gateway run on Windows CE, commonly used in pocket PCs before smartphones.

In the worst-case scenario, the researchers said it would be possible to adjust specific commands on the pump — including the infusion rate — on certain versions of the device by installing modified firmware.

The researchers said it was also possible to remotely brick the onboard computer.

The bug was scored a rare maximum score of 10.0 on the industry standard common vulnerability scoring system, according to Homeland Security’s advisory. A second vulnerability, scored at a lesser 7.3 out of 10.0, could allow an attacker to gain access to the workstation’s monitoring and configuration interfaces through the web browser.

The researchers said creating an attack kit was “quite easy” and “worked consistently,” said Elad Luz, CyberMDX’s head of research, in an email to TechCrunch. But the attack chain is complex and requires multip

Read More

About admin

Check Also

Security: The best home security cameras of 2019 – CNET

Security: The best home security cameras of 2019 – CNET

Whether you're concerned about theft or you simply want to check in on a mischievous pet, home security cameras can provide alerts and peace of mind. The good news: There are plenty of great options to choose from, with features such as two-way communication, night vision, cloud storage, and HD video for prime video quality.…

Leave a Reply

Your email address will not be published. Required fields are marked *