Posted in Breaches

Report: Connected medical devices vulnerable to hackers

Chris Nerney
Chris Nerney, Contributing Writer |
Report: Connected medical devices vulnerable to hackers

Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights that can be used to refine attacks, thus increasing the chance of successful hack.
That’s the conclusion of research conducted by healthcare Internet of Things (IoT) security vendor Zingbox, which said it discovered that:

  • Information shared as part of common error messages can be leveraged by hackers to compromise target connected devices.
  • Hackers can “trick” or induce medical devices into sharing detailed information about the device’s inner workings.
  • Leveraging this information quickens a hacker’s access to a hospital’s network.

“By simply monitoring the network traffic for common error messages, hackers can gain valuable insight into the inner workings of a device’s application,” Zingbox said. This information includes: the type of web server, framework and versions used; the manufacturer that developed it; the database engine in the back end; protocols used; and even the line of code that is triggering the error.  
Hackers also can also target specific devices to induce error messages, Zingbox said, a technique that can greatly shorten the information-gathering phase and enable them to tailor their attack to the target device.
“Imagine how much more effective hackers can be if they find out that a device is running on IIS Web Server, using Oracle as backend and even gathering usernames,” Daniel Regalado, principal security researcher at Zingbox, said in a statement.
You can view the full report here.