Patient monitors may have some worrying security flaws

CISA issues warning about Chinese-made monitor quietly relaying sensitive data
Multiple devices were found carrying malicious code in the firmware
The company tried, and failed, to address the flaw

At least three healthcare devices built by Chinese manufacturers were found with firmware backdoors apparently relaying sensitive information to a Chinese university.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning about Contec CMS8000, a patient monitor used in hospitals and clinical settings to track vital signs such as ECG, blood pressure, oxygen saturation (SpO₂), respiratory rate, and temperature.

The agency said that an independent researcher discovered that the device was engaged in malicious activity, connecting to a hard-coded external IP address. BleepingComputer managed to determine that the IP address belonged to a “Chinese university”, but did not say which one.

No patch

The researchers then uncovered the malicious activity was tied to a backdoor planted in the firmware, which would quietly download and run files on the device. The backdoor would allow unknown third parties the ability to execute programs remotely, take over patient monitors entirely, and send patient data across the pond. The activity was not being logged, either, flying under the radar of IT admins managing the devices.

Further investigation uncovered that the same IP address was discovered in software for other medical equipment, including a pregnancy patient monitor from another Chinese health manufacturer, BleepingComputer added. FDA said it also found it in Epsimed MN-120 patient monitors (essentially re-branded Contec CMS8000 devices).

CISA reached out to Contec, notified it about the backdoor, and the company came back with “multiple firmware images” that were supposed to mitigate the issue. However, each of the firmware updates did not address the issue properly, allowing the backdoor to continue operating.

Since the vulnerability has not yet been fully addressed, CISA urged all users to disconnect the endpoints from the wider network, if possible.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/2TVeUAUX6uxSiEwtKNJpFS-1200-80.jpg

Source link

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes – how to stay safe

Help your family browse safely with this VPN

How to pair Sony headphones with your phone

Quordle hints and answers for Tuesday, February 4 (game #1107)

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Patient monitors may have some worrying security flaws

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes – how to stay safe

Help your family browse safely with this VPN

How to pair Sony headphones with your phone

Quordle hints and answers for Tuesday, February 4 (game #1107)

Leave a reply Cancel reply