from the world's big
Millions of medical devices using old code are open to attack, FDA says
The recent discovery highlights an alarming cybersecurity vulnerability in the health care industry.
- In July, the security firm Armis Security discovered network protocol bugs in a software component that supports many medical devices operating today.
- Now, the FDA and security researchers say that these vulnerabilities extend to more devices than initially thought.
- Fortunately, a large-scale attack seems impossible.
The Food and Drug Administration is warning hospitals and healthcare providers about decades-old cybersecurity vulnerabilities that could mean millions of medical devices are, and have for years been, open to attack.
In July, the security firm Armis Security discovered a suite of 11 network protocol bugs, named Urgent/11, within IPnet, a software component that supports network communications. These bugs could allow hackers to take control of certain medical devices and change their function, cause a denial of service, or cause information leaks or logical flaws that may prevent the device from functioning correctly, the FDA stated.
"Urgent/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions," Armis researchers wrote in a blog post. "These devastating traits make these vulnerabilities 'wormable,' meaning they can be used to propagate malware into and within networks."
This week, security researchers and government officials warned that these bugs aren't limited to platforms running IPnet, but also other distinct platforms that have incorporated the same decades-old code.
"Though the IPnet software may no longer be supported by the original software vendor, some manufacturers have a license that allows them to continue to use it without support," the FDA wrote in a statement. "Therefore, the software may be incorporated into other software applications, equipment, and systems which may be used in a variety of medical and industrial devices that are still in use today."
What kinds of devices might be vulnerable? Patient monitors, infusion pumps, cameras, printers, routers, Wi-Fi mesh access points, and a Panasonic doorbell camera, to name a few. But fortunately, a large-scale attack is likely impossible because, as a BD Alaris spokesperson told WIRED, hackers would need to target each device individually. Also, hackers wouldn't be able to, for example, interrupt an in-process infusion.
Still, the discovery highlights a problem in the healthcare industry: most medical devices are hard to update, and don't get updated unless a serious problem occurs.
"It's a mess and it illustrates the problem of unmanaged embedded devices," said Ben Seri, vice president of research at Armis. "The amount of code changes that have happened in these 15 years are enormous, but the vulnerabilities are the only thing that has remained the same. That's the challenge."
Some operating that might be affected include:
- VxWorks (by Wind River)
- Operating System Embedded (OSE; by ENEA)
- INTEGRITY (by Green Hills)
- ThreadX (by Microsoft)
- ITRON (by TRON Forum)
Armis released a free urgent11-detector tool that's able to detect whether a system, on any operating system, is vulnerable to Urgent/11. The FDA also published a list of recommendations for health care providers, patients, and caregivers on its website.
Join multiple Tony and Emmy Award-winning actress Judith Light live on Big Think at 2 pm ET on Monday.
Construction of the $500 billion dollar tech city-state of the future is moving ahead.
- The futuristic megacity Neom is being built in Saudi Arabia.
- The city will be fully automated, leading in health, education and quality of life.
- It will feature an artificial moon, cloud seeding, robotic gladiators and flying taxis.
The Red Sea area where Neom will be built:
Saudi Arabia Plans Futuristic City, "Neom" (Full Promotional Video)<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="c646d528d230c1bf66c75422bc4ccf6f"><iframe type="lazy-iframe" data-runner-src="https://www.youtube.com/embed/N53DzL3_BHA?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span>
Frequent shopping for single items adds to our carbon footprint.
- A new study shows e-commerce sites like Amazon leave larger greenhouse gas footprints than retail stores.
- Ordering online from retail stores has an even smaller footprint than going to the store yourself.
- Greening efforts by major e-commerce sites won't curb wasteful consumer habits. Consolidating online orders can make a difference.
A pile of recycled cardboard sits on the ground at Recology's Recycle Central on January 4, 2018 in San Francisco, California.
Photo by Justin Sullivan/Getty Images<p>A large part of the reason is speed. In a competitive market, pure players use the equation, <em>speed + convenience</em>, to drive adoption. This is especially relevant to the "last mile" GHG footprint: the distance between the distribution center and the consumer.</p><p>Interestingly, the smallest GHG footprint occurs when you order directly from a physical store—even smaller than going there yourself. Pure players, such as Amazon, are the greatest offenders. Variables like geographic location matter; the team looked at shopping in the UK, the US, China, and the Netherlands. </p><p>Sadegh Shahmohammadi, a PhD student at the Netherlands' Radboud University and corresponding author of the paper, <a href="https://www.cnn.com/2020/02/26/tech/greenhouse-gas-emissions-retail/index.html" target="_blank">says</a> the above "pattern holds true in countries where people mostly drive. It really depends on the country and consumer behavior there."</p><p>The researchers write that this year-and-a-half long study pushes back on previous research that claims online shopping to be better in terms of GHG footprints.</p><p style="margin-left: 20px;">"They have, however, compared the GHG emissions per shopping event and did not consider the link between the retail channels and the basket size, which leads to a different conclusion than that of the current study."</p><p>Online retail is where convenience trumps environment: people tend to order one item at a time when shopping on pure player sites, whereas they stock up on multiple items when visiting a store. Consumers will sometimes order a number of separate items over the course of a week rather than making one trip to purchase everything they need. </p><p>While greening efforts by online retailers are important, until a shift in consumer attitude changes, the current carbon footprint will be a hard obstacle to overcome. Amazon is trying to have it both ways—carbon-free and convenience addicted—and the math isn't adding up. If you need to order things, do it online, but try to consolidate your purchases as much as possible.</p><p>--</p><p><em>Stay in touch with Derek on <a href="http://www.twitter.com/derekberes" target="_blank">Twitter</a>, <a href="https://www.facebook.com/DerekBeresdotcom" target="_blank">Facebook</a> and <a href="https://derekberes.substack.com/" target="_blank">Substack</a>. His next book is</em> "<em>Hero's Dose: The Case For Psychedelics in Ritual and Therapy."</em></p>
Chronic irregular sleep in children was associated with psychotic experiences in adolescence, according to a recent study out of the University of Birmingham's School of Psychology.