DerbyCon 2015: Linking medical equipment to the internet may have seemed like a very smart idea to you a few years ago.
But you will change your mind when you watch it presentation by Scott Erven and Mark collao from the recent DerbyCon 2015 security conference.
According to the two security researchers, more than 68.000 medical systems are online online, with at least 12.000 of them belonging to a single organization health care.
What is even more alarming is that most of these devices connect to the Internet through computers running very old versions of Windows, such as XP and 98, since they are known not to be upgraded and thus have many vulnerabilities.
Όλες αυτές οι συσκευές είναι εύκολα ανιχνεύσιμες μέσω της Shodan, μιας μηχανής αναζήτησης που μπορεί να εντοπίσει συνδεδεμένες συσκευές σε απευθείας σύνδεση στο διαδίκτυο και είναι επίσης εύκολο να τις χακάρει κάποιος μέσω brute-force attacks and using hard-coded logins.
During their research, the two experts found themselves in front of anesthesia equipment, cardiology devices, nuclear medicine systems, infusion systems, pacemakers, MRI scanners, as well as archiving images and communication tools, all with simple queries in Shodan.
Drawing on their initial findings, the two security experts created honeypots, special servers that looked like outpatients as medical devices, with vulnerability and fake medical data, but also with strong credentials.
Making a screening of the logs collected by these honeypots, the researchers found that the attackers managed to pass SSH authentication over 55.000 times, and that they left behind 299 malware.
There have also been 24 cases where attackers have successfully exploited the vulnerability of MS08-067 XP, the same as that used in Conficker worm infections.
Researchers say that most of the time the attackers did not realize what they were just hacking and were happy simply leaving behind an infected machine, just like a bit of their botnet.
If the hacker realized what he was doing, he could easily access patient information through these devices, even using the devices to spread a more dangerous malware inside the information infrastructure of the hospital, which would help them carry out even more disastrous attacks.
See the presentation of Scott Erven and Mark Collao in DerbyCon 2015, below: