Monday, January 21, 2013

Hackers "own" Philips XPER medical management system

Security experts hack a Philips XPER medical management system, finding vulnerabilities that would allow them to "own" the machine and control any other medical systems connected to it.

Researchers at security services firm Cylance Inc. uncovered a vulnerability in a Philips(NYSE:PHG) XPER medical management system, exploiting a security flaw to "own" the machine.
The weakness gave the hackers complete control of the machine, one which they had purchased for testing purposes, and gave them access to any devices subsequently connected to it, which may include patient data, they told reporters.
"Anything on it or what's connected to it was owned, too," Cylance's Billy Rios told tech security news site Dark Reading. "By design, these things connect to a database."  
Philips' XPER system "manages other devices," Rios added, which means that a hole in its security compromises other technologies that deliver information to or take orders from the system.
Once hacked, "you can do anything you want to it," he said.
More here:

No comments: