"Yet who would have thought the old pump to have had so many bugs in him?"

Hospital infusion pump with *Multiple Remote Vulnerabilities"??

By Ian Darwin on 2015-05-07 04:00 in Category: security

According to a 2015-05-07 article in SANS @RISK: The Consensus Security Vulnerability Alert, Vol. 15, Number 18 (which you can get for free by signing up at https://www.sans.org/account):

"The Hospira LifeCare PCA3 Drug Infusion Pump has been found
to contain multiple remotely exploitable security vulnerabilities.
Vulnerabilities such as the ability for an attacker to get an
unauthenticated remote root shell, hardcoded local accounts with
administrative privileges, storage of wireless keys in clear text, and
the use of additional software packages that have had security patches
released since the device has shipped are some of the vulnerabilities
found within the device.  The U.S. Dept. of Homeland Security has issued
an advisory, indicating that the vendor is currently working to patch
these vulnerabilities." For more details, see http://hextechsecurity.com/?p=123
It seems that everyone - the F.D.A, the manufacturers, and everyone who tested this thing - has failed the most vulnerable person here - the hospital patient whose drugs are administered by this exploitable pump. It's only been about TEN YEARS since an episode of TV show Law&Order showed a vengeful nerd exploiting just such a vulnerability in just such a pump to kill people. Nothing has changed.
Twitter logo RSS/Atom Feed Icon
Categories Cloud