Pneumatic tubes are still used in hospitals-they can be hacked


All this too It is very common to find crackable defects in medical equipment, from Mammography machine and CT scanner arrive pacemaker and Insulin PumpBut it turns out that the potential exposure extends to the wall: Researchers found nearly a dozen loopholes in a popular brand of pneumatic tube conveying system, which many hospitals use to transport and distribute important goods such as laboratory samples and medicines.

The pneumatic tube might look like Weird and outdated office technology,More suitable Hudsucker agent Instead of the modern healthcare system. However, they are surprisingly common. Swisslog Healthcare is a well-known medical-focused pneumatic tube system manufacturer. It stated that more than 2,300 hospitals in North America use its “TransLogic PTS” platform, and more than 700 hospitals in other parts of the world are also using it. However, researchers from embedded device security company Armis found nine vulnerabilities in Swisslog’s Translogic Nexus control panel that could allow hackers to take over the system, take it offline, access data, reroute delivery, or otherwise disrupt the pneumatic network.

Ben Seri, vice president of research at Armis, said: “You look at one of these pneumatic tube systems connected to the Internet and think about what will go wrong.” “But once you look inside, you will see that everything is very delicately aligned. , And one thing out of balance can make it vulnerable to abuse in an attack. This is serious because these systems perform key functions in hospitals. Drugs and specimens are moved from one place to another faster, and patients can get More tests, all of this will lead to more reliable healthcare.”

Attackers can target pneumatic pipe systems Part of a ransomware attack, Which significantly slows down laboratory testing and drug distribution. Or hackers can monitor delivery data for espionage. They can even manipulate motors, blowers, robotic arms, and other industrial components that are usually carefully choreographed to complete the delivery of industrial components, destroying delivery routes or damaging samples at high speeds.

The vulnerabilities discovered by Armis researchers in TransLogic PTS products cannot be exploited directly from the open Internet. But they are relatively simple flaws that can be exploited, a small number of hard-coded passwords, buffer overflows, memory corruption errors, etc. Attackers on the same network as the pneumatic pipe and control panel network will have multiple ways to manipulate the system. By exploiting certain flaws, they can even install their own unverified firmware on the Translogic Nexus control panel. For attackers, this will be a way to establish deep, permanent control-the hospital needs to install another effective firmware update to eradicate the intruder.

The researchers will present their findings at the Black Hat Security Conference in Las Vegas on Wednesday, and will notify Swisslog of the vulnerability on May 1.This healthcare company has been collaborating to solve these problems and has Issued a security bulletinArmis said there are 9 vulnerabilities and Swisslog has 8 because the company treats two different hard-coded password issues as one vulnerability, and Armis researchers say they are two different vulnerabilities.

Swisslog has started distributing patches for all vulnerabilities except for one of them. The unpatched defect is a firmware verification issue; the company is working hard to design verification checks, but said it is also issuing other mitigation measures to customers. Swisslog does not distribute patches through a single update mechanism or platform. The company said that different customers have different settings, “depending on the hospital’s technical environment and preferences.” Armis’ Seri said that in practice, hospitals can be challenging to obtain and apply updates.


Source link