Just wonderful - the Internet of Things invades our hospitals

| No Comments

Why the fsck would a dishwasher need to be connected to the internet? From Motherboard:

A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit
If it's connected to the internet, it can be hacked. In an age where manufacturers are rushing to put any kind of device onto the internet, we're quickly finding out that how adage holds true. Crock-potslight bulbsthermostatsGPS trackers for kidsbillboards, and even teddy bears have all been hacked recently.

Alas, that's not stopping anyone from connecting stuff to the internet. The German domestic-appliance giant Miele decided to make a dishwasher that can be connected to the internet and, of course, someone found out it has a bug that allows hackers to break into it, infect it with malware, and give them the opportunity to use it as leverage to hack other devices on the network.

The worst part of all this is that this ain't your average dishwasher. This is a "washer-disinfector" that's mostly used in hospitals or medical facilities and labs. So it can be a good target if your end goal is to steal private medical information or maybe hold the hospitals' computers for ransom.

Jens Regel, a security consultant, found a "web server directory traversal" bug in the Miele PG 8528 when he was prodding a network for vulnerabilities during a consulting gig, what's known in the industry as a penetration test or "pentest." That kind of vulnerability allows an unauthorized attacker to gain access to the file system of the server to which the machine connects to.

Unreal - and there is no patch forthcoming from Miele. Another example of this is the Pyxis Supplystation from Carefusion - from last March's article in BoingBoing:

Automated drug cabinets have 1400+ critical vulns that will never be patched
The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities.

Many of the vulnerabilities need very little skill to exploit and the researchers say they believe they're already being exploited in the wild, with exploits being publicly available.

The cabinets are based on Microsoft's discontinued Windows XP/Server 2000 products. Carefusion will not issue patches for the old systems, but they have provided some advice to help customers mitigate the risk from these bugs (things like using VPNs, having a firewall, etc).

The ICS-CERT (different CERT than what I am doing out here) report is here: Advisory (ICSMA-16-089-01) CareFusion Pyxis SupplyStation System Vulnerabilities

Christ on a Corn Dog - how many people will be seriously injured with crap like this. I am reminded of the Therac-25 from the 1980's. Next time I am at the hospital visiting anyone, I'm bringing my laptop with nmap and some other goodies installed.

Leave a comment

November 2017

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Environment and Climate
AccuWeather
Cliff Mass Weather Blog
Climate Audit
Climate Depot
Green Trust
ICECAP
Jennifer Marohasy
MetaEfficient
Planet Gore
Science and Public Policy Institute
Solar Cycle 24
Space Weather
Space Weather - Canada
the Air Vent
Tom Nelson
Watts Up With That?


Science and Medicine
Derek Lowe
Junk Science
Life in the Fast Lane
Luboš Motl
Medgadget
New Scientist
Next Big Future
PhysOrg.com
Ptak Science Books
Science Blog


Geek Stuff
Ars Technica
Boing Boing
Don Lancaster's Guru's Lair
Evil Mad Scientist Laboratories
FAIL Blog
Hack a Day
Kevin Kelly - Cool Tools
Neatorama
Slashdot: News for nerds
The Register
The Daily WTF
TYWKIWDBI


Comics
Achewood
The Argyle Sweater
Chip Bok
Broadside Cartoons
Day by Day
Dilbert
Medium Large
Michael Ramirez
Prickly City
Tundra
User Friendly
Vexarr
What The Duck
Wondermark
xkcd


NO WAI! WTF?¿?¿
Awkward Family Photos
Cake Wrecks
Not Always Right
Sober in a Nightclub
You Drive What?


Business and Economics
The Austrian Economists
Carpe Diem
Coyote Blog


Photography and Art
Digital Photography Review
DIYPhotography
James Gurney
Joe McNally's Blog
PetaPixel
photo.net
Shorpy
Strobist
The Online Photographer


Blogrolling
A Western Heart
AMCGLTD.COM
American Digest
The AnarchAngel
Anti-Idiotarian Rottweiler
Babalu Blog
Belmont Club
Bayou Renaissance Man
Classical Values
Cobb
Cold Fury
David Limbaugh
Defense Technology
Doug Ross @ Journal
Grouchy Old Cripple
Instapundit
iowahawk
Irons in the Fire
James Lileks
Lowering the Bar
Maggie's Farm
Marginal Revolution
Michael J. Totten
Mostly Cajun
Neanderpundit
neo-neocon
Power Line
ProfessorBainbridge.com
Questions and Observations
Rachel Lucas
Roger L. Simon
Samizdata.net
Sense of Events
Sound Politics
The Strata-Sphere
The Smallest Minority
The Volokh Conspiracy
Tim Blair
Velociworld
Weasel Zippers
WILLisms.com
Wizbang


Gone but not Forgotten...
A Coyote at the Dog Show
Bad Eagle
Steven DenBeste
democrats give conservatives indigestion
Allah
BigPictureSmallOffice
Cox and Forkum
The Diplomad
Priorities & Frivolities
Gut Rumbles
Mean Mr. Mustard 2.0
MegaPundit
Masamune
Neptunus Lex
Other Side of Kim
Publicola
Ramblings' Journal
Sgt. Stryker
shining full plate and a good broadsword
A Physicist's Perspective
The Daily Demarche
Wayne's Online Newsletter

About this Entry

This page contains a single entry by DaveH published on March 27, 2017 10:13 PM.

Heh - another video was the previous entry in this blog.

A small question of ethics - John Podesta is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.9