Hackers Scheme to Weaponize Insecure Connected Medical Devices and What You Can Do About It

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

But nobody’s died yet…

So often, we hear, “What’s the panic about securing connected medical devices? Nobody’s died yet and nobody can prove that insecure connected medical devices were vectors in an attacker’s botnet yet.”

The operative word is “yet,” as hackers are scheming to weaponize connected medical devices. You might have read how life-saving connected insulin pumps can be turned into lethal devices. We’ve read about devices like benign ultrasound machines that could be conscripted into a hacker’s army for botnet attacks.

Like many things, it’s not the objects themselves that pose risks, it’s how they’ll be used. And it’s only a matter of time before these devices are leveraged in a range of attacks.

 

How?

The firmware running on millions of connected medical devices is completely insecure. Most older and many newer connected medical devices were never built with security in mind. These devices are being used around the clock by the healthcare industry and individuals who rely on them for support, but they’re also riddled with vulnerabilities that hackers are looking to exploit. When they find one viable security hole, they could launch a direct attack on an individual through a single device or exploit a group of devices as vectors in a coordinated attack.

 

Do something

It’s time for medical manufacturers and others take action:

Build secure firmware on connected devices using secure coding practicesReverse engineer compiled firmware images to check for security holes. It’s time manufacturers started thinking like the bad guys in order to stay ahead of them.Lock down or patch the code on connected medical devices before and after productionRinse and repeat

Insecure connected medical devices will continue to entice hackers who forge harmful and lethal schemes, day in and day out. Attackers don’t rest, so medical device manufacturers cannot be complacent when building (or patching) devices. They must take concrete and responsible steps to find and fix the holes on insecure connected medical devices – before it’s too late.

 

Is your connected medical device at risk? Find out.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
100 Followers
About Tactical Network Solutions
Are you concerned about risky, vulnerable embedded firmware in IoT devices, connected medical devices, automotive ECUs and industrial control systems? You're not alone. Since 2007, Fortune 500 companies and governments around the world have sought out Tactical Network Solutions for reverse engineering training programs, firmware evaluations, and cyber risk mitigation strategies. Clients are excited to leverage our automated firmware evaluations and consulting performed with the proprietary Centrifuge IoT Security Platform. The evals are completed with NO access to source code on compiled images containing a Linux-based root filesystem compiled for either MIPS, ARM, or X86. We also support QNX (a real-time operating system) and Docker containers. TNS evaluations have revealed thousands of hidden attack vectors including erroneously placed private crypto keys, insecure binaries with highly vulnerable function calls and other rampant security holes on embedded firmware. Our community of clients includes firmware developers, underwriters, law firms, governments and intelligence agencies worldwide who share a common goal: to discover hidden attack vectors in IoT and connected devices.
Promoted Content
TNS Issues a Sample IoT Security Report Showing Backdoors in a Connected Device
First, the good news: The extremely high number of connected devices rapidly coming to market has consumers and manufacturers excited. The new IoT devices often include advancements, more effective data collection and greater ease of use. Now, the bad news: When the devices are not built securely, they also bring unnecessary exposure, vulnerabilities, and danger.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel