CyberMDX Research Team Discovers Two Major Medical Device Vulnerabilities
Becton Dickinson’s Alaris® TIVA Syringe Pump & Qualcomm’s Capsule Datacaptor Terminal Server Show Vulnerabilities to Detrimental Hacks, Disclosed by ICS-CERT
New York, NY, August 28, 2018 – CyberMDX, a leading healthcare cybersecurity provider delivering visibility and threat prevention for medical devices and clinical networks, today announced that the research group of its company has discovered two security vulnerabilities found in commonly used medical devices: Becton Dickinson (BD)’s Alaris® TIVA Syringe Pump and Qualcomm Life Capsule’s Datacaptor Terminal Server (DTS). Working closely with both vendors, the vulnerabilities have been publicly disclosed via ICS-CERT.
About the BD Alaris TIVA Syringe Pump Vulnerability
CyberMDX found a potential vulnerability in the BD Alaris TIVA syringe pump with software version 2.3.6 and below that is sold and used outside of the U.S.
Through CyberMDX’s research, the team discovered that if a malicious attacker can gain access to a hospital’s network and if the Alaris TIVA syringe pump is connected to a terminal server, the attacker can perform hacks without any prior knowledge of IP addresses or location of the pump.
The attack could lead to unauthorized start/stop of the pump and/or unauthorized changes in the rate of infusion.
To learn more about this potential vulnerability, classified as a CVSS 9.4 (critical), refer to the ICS-CERT advisory (ICSMA-18-235-01).
CyberMDX worked closely with the Product Security team at BD that emphasizes collaboration across the health care industry to enhance cybersecurity of medical technology and devices.
More information on the vulnerability can be found on the CyberMDX website.
About the Qualcomm Life Capsule Datacaptor Terminal Server Vulnerability
Qualcomm Life Capsule's Datacaptor Terminal Server (DTS) is a medical gateway device used by hospitals to connect their medical devices to the network. The gateway is typically used to connect bedside devices such as monitors, respirators, anesthesia, and infusion pumps, and like many other IoT devices, the DTS has a web management interface used for remote configuration, based on Allegrosoft RomPager.
The CyberMDX research team found that interacting with the web management using the "Misfortune Cookie" vulnerability, which hands out a crafted HTTP cookie to the device, resulted in an arbitrary write to its memory. This action can be performed with no authentication and the arbitrary write may be used to login without credentials, gain administrator-level privileges on the terminal server, or simply crash them. This may result in harm to the device availability as well as the network connectivity of the serial medical devices connected to it.
Although the Misfortune Cookie vulnerability has been publicly known for four years, prior to this disclosure, there was no awareness of it in this instance.
After collaboration with Qualcomm Life Capsule, CyberMDX recommended users to immediately update the DTS devices to their latest firmware version to overcome the vulnerability. Qualcomm Life worked quickly to validate the vulnerability, provide a workaround and an update to the firmware, and notify customers.
To learn more about this potential vulnerability, classified as a CVSS 9.8 (critical), refer to the ICS-CERT Advisory (ICSMA-18-240-01).
The full disclosure report on the research can be accessed on the CyberMDX website.
“Uncovering these vulnerabilities illustrates how responsible disclosure between cybersecurity researchers and medical device vendors can work when both sides are committed to improving patient safety,” said Elad Luz, Head of Research at CyberMDX. “We are a catalyst for change in the healthcare industry by focusing our research capabilities solely on medical devices. Our research team is committed to ensuring patient safety by tirelessly working closely with hospitals and manufacturers to improve the security and resiliency of connected medical devices at hospitals worldwide.”
About CyberMDX’s Cybersecurity Research & Analyst Team
CyberMDX’s research and analyst team regularly works with medical device organizations in the responsible disclosure of security vulnerabilities. The comprehensive threat intelligence analyst team tirelessly works to help protect hospitals and healthcare organizations from malicious attacks on connected medical devices. The team’s researchers, white hackers and engineers collect information about potential and existing threats to understand attacker motivations, intentions, and methodology and deliver the best protection against attacks and malware.
About CyberMDX
CyberMDX, a leading provider of medical cybersecurity, delivers zero touch visibility and threat prevention for medical devices and clinical assets. CyberMDX delivers a scalable, easy to deploy cybersecurity solution, providing unmatched visibility and protection of medical devices ensuring their operational continuity as well as patient and data safety. CyberMDX multidisciplinary team consist of veterans of Israeli Intelligence’s elite cyber units, medical devices experts, and AI academic leaders. For more information, please visit us at www.cybermdx.com.