SwiftSafe
SwiftSafe
Sep 5, 2018 · 2 min read

Cyber vulnerabilities found in two commonly used medical devices

Cyber-security researchers at CyberMDX have discovered two major security flaw in commonly used medical devices: Becton Dickinson (BD)’s Alaris TIVA syringe pump and Qualcomm Life Capsule’s Datacaptor Terminal Server (DTS).

The researchers worked closely with both the vendors and the vulnerabilities were publically disclosed via the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). They called the flaws as Misfortune Cookie, assigned them a severity rating of 9.8.

A potential vulnerability is found in the BD Alaris TIVA syringe pump’s software version 2.3.6 and later ones, which were sold outside the United States.

The team found out that if a hacker could gain access to a hospital’s network and the Alaris TIVA syringe pump is connected to the server, then the hacker can malicious activity without being caught.

Research head at CyberMDX, Elad Luz said: “Uncovering these vulnerabilities illustrates how responsible disclosure between cybersecurity researchers and medical device vendors can work when both sides are committed to improving patient safety.

“We are a catalyst for change in the healthcare industry by focusing our research capabilities solely on medical devices.

“Our research team is committed to ensuring patient safety by tirelessly working closely with hospitals and manufacturers to improve the security and resiliency of connected medical devices at hospitals worldwide.”

The research team has informed a security team at Qualcomm Life, who was initially unaware of this vulnerability. However, they have developed a patch to resolve the security issue. “Capsule suggests that customers with any of these three versions of DTS disable the installed web server to mitigate the vulnerability,” the company said.

“The web server is only employed for configuration during the initial deployment and is not required for the continued remote support of the device.”

SwiftSafe

Written by

SwiftSafe

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade