DerbyCon 2015: Linking medical equipment to the internet may have seemed like a very smart idea to you a few years ago.
But you will change your mind when you watch the presentation of Scott Erven and Mark Collao from the recent DerbyCon 2015 Security Conference.
According to the two security researchers, over 68.000 medical systems are online, with at least 12.000 of them belonging to a single healthcare organization.
What is even more worrying is that most of these devices are connected to the Internet through computers running very old versions of Windows such as XP and 98, since they are known not to be upgraded and thus have many vulnerabilities points.
All these devices are easily traced through Shodan, a search engine that can detect online devices online, and it's also easy to hack someone through brute-force attacks and using hard-coded logins.
During the duration of their research, the two experts came across anesthesia equipment, cardiology devices, nuclear medicine systems, infusion systems, pacemakers, MRI scanners, as well as archival images and communications tools, all with simple queries in Shodan.
Using their initial findings, the two security experts created honeypots hackers), on special servers that looked to the outside like medical devices, with vulnerability and fake medical data, but also with strong login credentials.
Making a screening of the logs collected by these honeypots, the researchers found that the attackers managed to pass SSH authentication over 55.000 times, and that they left behind 299 malware.
There have also been 24 cases where attackers have successfully exploited the vulnerability of MS08-067 XP, the same as that used in Conficker worm infections.
Researchers say that most of the time the attackers didn't realize exactly what they were hacking and were content to just leave an infected machine behind, just like a computer.eye of botnet their.
If the hacker realized what he was doing, he could easily access patient information through these devices, even using the devices to spread a more dangerous malware inside the information infrastructure of the hospital, which would help them carry out even more disastrous attacks.
See the presentation of Scott Erven and Mark Collao in DerbyCon 2015, below:
