Self-Motivation
David Goggins
Former Navy Seal
Career Development
Bryan Cranston
Actor
Critical Thinking
Liv Boeree
International Poker Champion
Emotional Intelligence
Amaryllis Fox
Former CIA Clandestine Operative
Management
Chris Hadfield
Retired Canadian Astronaut & Author
Learn
from the world's big
thinkers
Start Learning

Millions of medical devices using old code are open to attack, FDA says

The recent discovery highlights an alarming cybersecurity vulnerability in the health care industry.

Pixabay
  • In July, the security firm Armis Security discovered network protocol bugs in a software component that supports many medical devices operating today.
  • Now, the FDA and security researchers say that these vulnerabilities extend to more devices than initially thought.
  • Fortunately, a large-scale attack seems impossible.


The Food and Drug Administration is warning hospitals and healthcare providers about decades-old cybersecurity vulnerabilities that could mean millions of medical devices are, and have for years been, open to attack.

In July, the security firm Armis Security discovered a suite of 11 network protocol bugs, named Urgent/11, within IPnet, a software component that supports network communications. These bugs could allow hackers to take control of certain medical devices and change their function, cause a denial of service, or cause information leaks or logical flaws that may prevent the device from functioning correctly, the FDA stated.

"Urgent/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions," Armis researchers wrote in a blog post. "These devastating traits make these vulnerabilities 'wormable,' meaning they can be used to propagate malware into and within networks."

This week, security researchers and government officials warned that these bugs aren't limited to platforms running IPnet, but also other distinct platforms that have incorporated the same decades-old code.

"Though the IPnet software may no longer be supported by the original software vendor, some manufacturers have a license that allows them to continue to use it without support," the FDA wrote in a statement. "Therefore, the software may be incorporated into other software applications, equipment, and systems which may be used in a variety of medical and industrial devices that are still in use today."

What kinds of devices might be vulnerable? Patient monitors, infusion pumps, cameras, printers, routers, Wi-Fi mesh access points, and a Panasonic doorbell camera, to name a few. But fortunately, a large-scale attack is likely impossible because, as a BD Alaris spokesperson told WIRED, hackers would need to target each device individually. Also, hackers wouldn't be able to, for example, interrupt an in-process infusion.

Still, the discovery highlights a problem in the healthcare industry: most medical devices are hard to update, and don't get updated unless a serious problem occurs.

"It's a mess and it illustrates the problem of unmanaged embedded devices," said Ben Seri, vice president of research at Armis. "The amount of code changes that have happened in these 15 years are enormous, but the vulnerabilities are the only thing that has remained the same. That's the challenge."

Some operating that might be affected include:

  • VxWorks (by Wind River)
  • Operating System Embedded (OSE; by ENEA)
  • INTEGRITY (by Green Hills)
  • ThreadX (by Microsoft)
  • ITRON (by TRON Forum)

Armis released a free urgent11-detector tool that's able to detect whether a system, on any operating system, is vulnerable to Urgent/11. The FDA also published a list of recommendations for health care providers, patients, and caregivers on its website.

The “new normal” paradox: What COVID-19 has revealed about higher education

Higher education faces challenges that are unlike any other industry. What path will ASU, and universities like ASU, take in a post-COVID world?

Photo: Luis Robayo/AFP via Getty Images
Sponsored by Charles Koch Foundation
  • Everywhere you turn, the idea that coronavirus has brought on a "new normal" is present and true. But for higher education, COVID-19 exposes a long list of pernicious old problems more than it presents new problems.
  • It was widely known, yet ignored, that digital instruction must be embraced. When combined with traditional, in-person teaching, it can enhance student learning outcomes at scale.
  • COVID-19 has forced institutions to understand that far too many higher education outcomes are determined by a student's family income, and in the context of COVID-19 this means that lower-income students, first-generation students and students of color will be disproportionately afflicted.
Keep reading Show less

How #Unity2020 plans to end the two-party system, bring back Andrew Yang

The proposal calls for the American public to draft two candidates to lead the executive branch: one from the center-left, the other from the center-right.

Former Democratic presidential candidate Andrew Yang

Photo by David Becker/Getty Images
Politics & Current Affairs
  • The #Unity2020 plan was recently outlined by Bret Weinstein, a former biology professor, on the Joe Rogan Experience.
  • Weinstein suggested an independent ticket for the 2020 presidential election: Andrew Yang and former U.S. Navy Admiral William McRaven.
  • Although details of the proposal are sparse, surveys suggest that many Americans are cynical and frustrated with the two-party system.
Keep reading Show less

Dinosaur bone? Meteorite? These men's wedding bands are a real break from boredom.

Manly Bands wanted to improve on mens' wedding bands. Mission accomplished.

Sex & Relationships
  • Manly Bands was founded in 2016 to provide better options and customer service in men's wedding bands.
  • Unique materials include antler, dinosaur bones, meteorite, tungsten, and whiskey barrels.
  • The company donates a portion of profits to charity every month.
Keep reading Show less

What if Middle-earth was in Pakistan?

Iranian Tolkien scholar finds intriguing parallels between subcontinental geography and famous map of Middle-earth.

Could this former river island in the Indus have inspired Tolkien to create Cair Andros, the ship-shaped island in the Anduin river?

Image: Mohammad Reza Kamali, reproduced with kind permission
Strange Maps
  • J.R.R. Tolkien hinted that his stories are set in a really ancient version of Europe.
  • But a fantasy realm can be inspired by a variety of places; and perhaps so is Tolkien's world.
  • These intriguing similarities with Asian topography show that it may be time to 'decolonise' Middle-earth.
Keep reading Show less
Surprising Science

Giant whale sharks have teeth on their eyeballs

The ocean's largest shark relies on vision more than previously believed.

Scroll down to load more…
Quantcast