[ad_1]
Everything is the same it is common to find dusty defects in medical devices mammography machines and CT scanners ra pacemakers and insulin pumps. But the possible exposure seems to be spreading to the walls: researchers have found nearly a dozen vulnerabilities in a popular system of delivering pneumatic tubes used by many hospitals to carry and distribute essential cargo such as laboratory samples and medicines.
They look like pneumatic tubes outdated and outdated office technology, more appropriate Hudsucker Proxy than the current health care system. However, they are surprisingly common. Swisslog Healthcare, a well-known manufacturer of medical-grade pneumatic tube systems, says more than 2,300 hospitals in North America use its “TransLogic PTS” platform, as do the other 700 in other parts of the world. The nine vulnerabilities found by researchers at the security company Armis Embedded Devices in Swisslog’s Translogic Nexus Control Panels could, however, allow a hacker to take over a system, take it offline, access data, route shipments or otherwise sabotage the pneumatic network.
“You look at one of those pneumatic tube systems connected to the Internet and you think, what could go wrong?” Says Vice President of Army Research Ben Ben Seri. something out of balance can make you vulnerable to assault abuse. This is serious because these systems perform critical functions in the hospital. Medications and samples move faster from place to place, allowing patients to perform more tests, all of which affect them. more reliable health care “.
Attackers can target it as a pneumatic tube system part of a ransomware attack, significantly slowing down laboratory testing and drug distribution. Or hackers can control the data of spy shipments. Delivery routing can be disrupted or samples can be damaged at high speed to complete deliveries by manipulating motors, fans, robotic arms, and other industrial components that normally work in carefully choreographed sequences.
The weaknesses found by Armis researchers in the TransLogic PTS offer are not such as to exploit them directly from the open internet. But there are some pretty simple mistakes to take advantage of, such as encrypted passwords, buffer overflows, memory corruption errors, and the like. An attacker from the same network of pneumatic tubes and control panels would have many ways to manipulate the system. And exploiting some bugs, they can install their own invalidated firmware on a Translogic Nexus control panel. For attackers, this would be a way to establish deep and lasting control; hospitals should install an update to other medical firmware to eliminate intruders.
Investigators told Swisslog on May 1 that they would present their findings at a Black Hat security conference in Las Vegas on Wednesday. The health company has been working to fix the problems has released security advice. Armis said there are nine vulnerabilities while Swisslog counts eight because the company treats different hard-coded password problems as a single vulnerability, Armis researchers say the two errors are two different ones.
Swisslog has started distributing patches except for all the vulnerabilities. The error that remains unresolved is the problem with checking the firmware; the company is currently working on designing validation controls, but says it is releasing other mitigators to customers in the meantime. There is no single update mechanism or platform for Swisslog to distribute patches. The company said different clients have different configurations, “depending on the hospital’s technological environment and priorities.” Armis ’Seri says it can be challenging to get and apply an update for hospitals in practice.
[ad_2]
Source link
