Market Overview

CyberMDX Research Team Discovers Two Major Medical Device Vulnerabilities

Share:

Becton Dickinson's Alaris® TIVA Syringe Pump & Qualcomm's Capsule
Datacaptor Terminal Server Show Vulnerabilities to Detrimental Hacks,
Disclosed by ICS-CERT

CyberMDX,
a leading healthcare cybersecurity provider delivering visibility and
threat prevention for medical devices and clinical networks, today
announced that the research group of its company has discovered two
security vulnerabilities found in commonly used medical devices: Becton
Dickinson (BD)'s Alaris® TIVA Syringe Pump and
Qualcomm Life Capsule's Datacaptor Terminal Server (DTS). Working
closely with both vendors, the vulnerabilities have been publicly
disclosed via ICS-CERT.

About the BD Alaris TIVA Syringe Pump Vulnerability

CyberMDX found a potential vulnerability in the BD Alaris TIVA syringe
pump with software version 2.3.6 and below that is sold and used outside
of the U.S.

Through CyberMDX's research, the team discovered that if a malicious
attacker can gain access to a hospital's network and if the Alaris TIVA
syringe pump is connected to a terminal server, the attacker can perform
hacks without any prior knowledge of IP addresses or location of the
pump.

The attack could lead to unauthorized start/stop of the pump and/or
unauthorized changes in the rate of infusion.

To learn more about this potential vulnerability, classified as a CVSS
9.4 (critical), refer to the ICS-CERT
advisory
(ICSMA-18-235-01).

CyberMDX worked closely with the Product Security team at BD that
emphasizes collaboration across the health care industry to enhance
cybersecurity of medical technology and devices.

More information on the vulnerability can be found on the CyberMDX
website
.

About the Qualcomm Life Capsule Datacaptor Terminal Server
Vulnerability

Qualcomm Life Capsule's Datacaptor Terminal Server (DTS) is a medical
gateway device used by hospitals to connect their medical devices to the
network. The gateway is typically used to connect bedside devices such
as monitors, respirators, anesthesia, and infusion pumps, and like many
other IoT devices, the DTS has a web management
interface used for remote configuration, based on Allegrosoft RomPager.

The CyberMDX research team found that interacting with the web
management using the "Misfortune Cookie" vulnerability, which hands out
a crafted HTTP cookie to the device, resulted in an arbitrary write to
its memory. This action can be performed with no authentication and the
arbitrary write may be used to login without credentials, gain
administrator-level privileges on the terminal server, or simply crash
them. This may result in harm to the device availability as well as the
network connectivity of the serial medical devices connected to it.

Although the Misfortune Cookie vulnerability has been publicly known for
four years, prior to this disclosure, there was no awareness of it in
this instance.

After collaboration with Qualcomm Life Capsule, CyberMDX recommended
users to immediately update the DTS devices to their latest firmware
version to overcome the vulnerability. Qualcomm Life worked quickly to
validate the vulnerability, provide a workaround and an update to the
firmware, and notify customers.

To learn more about this potential vulnerability, classified as a CVSS
9.8 (critical), refer to the ICS-CERT
Advisory (ICSMA-18-240-01)
.

The full disclosure report on the research can be accessed on the CyberMDX
website
.

"Uncovering these vulnerabilities illustrates how responsible disclosure
between cybersecurity researchers and medical device vendors can work
when both sides are committed to improving patient safety," said Elad
Luz, Head of Research at CyberMDX. "We are a catalyst for change in the
healthcare industry by focusing our research capabilities solely on
medical devices. Our research team is committed to ensuring patient
safety by tirelessly working closely with hospitals and manufacturers to
improve the security and resiliency of connected medical devices at
hospitals worldwide."

About CyberMDX's Cybersecurity Research & Analyst Team

CyberMDX's research and analyst team regularly works with medical device
organizations in the responsible disclosure of security vulnerabilities.
The comprehensive threat intelligence analyst team tirelessly works to
help protect hospitals and healthcare organizations from malicious
attacks on connected medical devices. The team's researchers, white
hackers and engineers collect information about potential and existing
threats to understand attacker motivations, intentions, and methodology
and deliver the best protection against attacks and malware.

About CyberMDX

CyberMDX, a leading provider of medical cybersecurity, delivers zero
touch visibility and threat prevention for medical devices and clinical
assets. CyberMDX delivers a scalable, easy to deploy cybersecurity
solution, providing unmatched visibility and protection of medical
devices ensuring their operational continuity as well as patient and
data safety. CyberMDX multidisciplinary team consist of veterans of
Israeli Intelligence's elite cyber units, medical devices experts, and
AI academic leaders.

For more information, please visit us at www.cybermdx.com.

View Comments and Join the Discussion!