Hackers can increase drug doses through infusion pump defects


From pacemaker with Insulin Pump arrive Mammography machine, Ultrasound, and Monitor, Dazzling A series of medical devices It has been found to contain worrying security vulnerabilities. The latest members of the series are the popular infusion pumps and bases, namely the B. Braun Infusomat Space large-capacity pump and the B. Braun Space Station, which can be manipulated by a determined hacker to provide victims with double doses of medicine.

The infusion pump automatically delivers drugs and nutrients into the patient’s body, usually from a bag of intravenous infusion. They are particularly useful for error-free administration of very small doses or other subtle differences, but this means that the risk is high when problems do occur.For example, between 2005 and 2009, the FDA received approximately 56,000 reports of “adverse events” related to infusion pumps, “including a large number of casualties.” The agency subsequently Blow On the safety of infusion pumps in 2010. Therefore, products like the B. Braun Infusomat Space large-volume pump are extremely locked at the software level; it should be impossible to send device commands directly. But researchers at the security company McAfee finally found a way around this obstacle.

“We did our best to find the worst case scenario,” said Steve Povolny, head of the McAfee Advanced Threat Research Group. “As an attacker, you should not move back and forth between the space station and the actual pump operating system, so break the security boundary and gain access to be able to interact between the two-this is a real problem. We prove We can double the flow rate.”

Researchers have discovered that attackers who have access to the healthcare facility network can control the space station by exploiting common connection vulnerabilities. From there they can use the other four deficiencies in turn to send drug doubling orders. It is not easy to carry out a full-scale attack in practice, and it is necessary to establish a foothold in the network of medical institutions first.

“Successful exploitation of these vulnerabilities may allow an experienced attacker to compromise the security of Space or Compactplus communications equipment,” B. Braun wrote in an article. Security alert For customers, “allowing attackers to elevate permissions, view sensitive information, upload arbitrary files, and execute remote codes.” The company further admitted that hackers can change the configuration of the connected infusion pump and thereby change the infusion speed.

The company stated in the notice that using the latest software version released in October is the best way to ensure device safety. It also recommends that customers implement other network security mitigations, such as segmentation and multi-factor authentication. However, McAfee researchers pointed out that most bugs have not actually been patched in existing products. They said that B Braun only removed vulnerable network functions in its new version of SpaceStation.

Once the hacker gains control of SpaceStation by exploiting the first network vulnerability, the hacker will combine four vulnerabilities, all of which are related to the lack of access control between SpaceStation and the pump. The researchers discovered that the pump was unable to adequately verify the data integrity or the specific commands and conditions of the commands sent from the space station. They also found that since there are no upload restrictions, they can contaminate the device backup with malicious files and then restore from the backup to load the malware onto the pump. They noticed that these devices send some data back and forth in clear text without encryption, making it easy to intercept or manipulate.


Source link