Hackers can exploit trivial flaws in network-connected Siemens' medical scanners to run arbitrary malicious code on the equipment.
These remotely accessible vulnerabilities lurk in all of Siemens' positron emission tomography and computed tomography (PET-CT) scanners running Microsoft Windows 7. These are the molecular imaging gizmos used to detect tumors, look for signs of brain disease, and so on, in people. They pick up gamma rays from radioactive tracers injected into patients, and perform X-ray scans of bodies.
US Homeland Security warned on Thursday that exploits for bugs in the equipment's software are in the wild, and "an attacker with a low skill would be able to exploit these vulnerabilities." That's because the flaws lie within Microsoft and Persistent Systems' code, which runs on the Siemens hardware, and were patched years ago.
Of course not. Patches? We don' need no stencil' patches!The patches just didn't make their way to the scanners.
After all, making an Internet playground for shady Black Hats, all inside a huge X-Ray control system - what could possibly go wrong?
But...but... Medical, NOBODY would use that for evil, right? Right??? Sigh
ReplyDeleteWhat the article failed to mention is that even though a patch for Windows might have been released by Microsoft, before it can be installed on a medical device it must first go through the FDA approval process. That can take a while. What generally happens is that a lot of patches get approved all at once and then are released and installed in one big patch installation. This happens, generally, about once or twice per year.
ReplyDelete