Your new post is loading...
Security researchers have discovered vulnerabilities in two models of hospital anesthesia machines manufactured by General Electric (GE).
The two devices found to be vulnerable are GE Aestiva and GE Aespire -- models 7100 and 7900. According to researchers from CyberMDX, a healthcare cybersecurity firm, the vulnerabilityies reside in the two devices' firmware.
RESEARCHERS: FLAWS CAN PUT PATIENTS AT RISK
CyberMDX said attackers on the same network as the devices -- a hospital's network -- can send remote commands that can alter devices' settings.
"There is simply a lack of authentication," a CyberMDX researcher told ZDNet in an email today, detailing the exact nature of the security flaws.
"The mentioned commands are supported by design," he added. "Some of them are only supported on an earlier version of the protocol, however there is another command that allows changing the protocol version (for backward compatibility). After sending a command to change the protocol version to an earlier one, an attacker can send all other commands.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Medicine
Security researchers have discovered vulnerabilities in two models of hospital anesthesia machines manufactured by General Electric (GE).
The two devices found to be vulnerable are GE Aestiva and GE Aespire -- models 7100 and 7900. According to researchers from CyberMDX, a healthcare cybersecurity firm, the vulnerabilityies reside in the two devices' firmware.
RESEARCHERS: FLAWS CAN PUT PATIENTS AT RISK
CyberMDX said attackers on the same network as the devices -- a hospital's network -- can send remote commands that can alter devices' settings.
"There is simply a lack of authentication," a CyberMDX researcher told ZDNet in an email today, detailing the exact nature of the security flaws.
"The mentioned commands are supported by design," he added. "Some of them are only supported on an earlier version of the protocol, however there is another command that allows changing the protocol version (for backward compatibility). After sending a command to change the protocol version to an earlier one, an attacker can send all other commands.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Medicine