In the advent of new technology, the rush to meet or create market demand inevitably results in poorly conceived products with suboptimal security. Untested by human experiences, new devices often fail to foresee vulnerabilities until they’ve already been exploited. The IoT is a prime example of this, with medical Internet-connected medical devices leading the charge.
Earlier this year, security researcher Billy Rios raised a red flag when he discovered that popular drug infusion pumps designed by Hospira could easily be accessed by hackers, allowing them to commence drug library updates – the upper and lower limits of a medication a patient can be safely administered – remotely and instruct the pump to not issue an alarm. At the time, his discovery was met with minor concern.
But now, Rios claims he’s discovered a far more tantalizing vulnerability in several pump models (made by the same manufacturer) which could allow hackers to remotely alter the dosage itself and control the amount of mediation being given by changing the pumps’ firmware.
Rios says the vulnerabilities affect at least five models include the company’s standard PCA LifeCare pumps; its PCA3 LifeCare and PCA5 LifeCare pumps; its Symbiq line of pumps, which Hospira no longer sells due to FDA concerns over safety issues; and it’s Plum A+ models. In 2007, the company has at least 400,000 drug pumps installed in hospitals around the world.
Rios suspects that additional devices may be compromised, but these are the only model’s he’s had the opportunity to test thus far.
Taking a look back at Rios’ initial findings from earlier this year concerning the drug library vulnerability, Rios actually discovered that anyone within the hospital’s network – patients, doctors, nurses, guests – could access drug libraries on the pumps and alter the limits of a drug or load a new drug library because of the lack of any form of authentication.
Armed with this knowledge, a hacker is theoretically capable of coupling the two vulnerabilities together to raise the maximum dosage to an alarming limit before injecting the patient with a fatal dosage without the pump ever issuing an alarm.
Chiefly responsible are the communication modules in the LifeCare and Plum A+ pumps which are connected via a serial cable to a circuit board in the pumps containing the firmware that is then used by Hospira to remotely access the firmware and update. The issue stems from the fact that the serial connection does not require that the firmware be authenticated or digitally signed, meaning that anyone can upload their own firmware. “And if you can update the firmware on the main board, you can make the pump do whatever you like,” Rios tells WIRED.
Using this approach, the hackers can literally modify the display message to indicate that a safe dosage was delivered when in fact it was not.
Source: WIRED
Learn more about Electronic Products Magazine