1 min read

Two Valleylab Electrosurgical Medical Devices Can Be Compromised Remotely by Low-Skill Attacker

Silviu STAHIE

November 15, 2019

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Two Valleylab Electrosurgical Medical Devices Can Be Compromised Remotely by Low-Skill Attacker

US-CERT (United States Computer Emergency Readiness Team) has disclosed vulnerabilities in the Valleylab FX8 and Valleylab FT10 Energy Platforms from Medtronic, saying they could let remote attackers compromise surgical equipment.

The Valleylab FX8 and Valleylab FT10 Energy Platforms are electrosurgical solutions that feature tissue-sensing technology and other important features. The vulnerabilities identified in both of these devices could be exploited remotely and by hackers with little skill.

“Successful exploitation of these vulnerabilities may allow an attacker to overwrite files or remotely execute code, resulting in a remote, non-root shell on the affected products. By default, the network connections on these devices are disabled,” reads the advisory from US-CERT. “Additionally, the Ethernet port is disabled upon reboot. However, it is known that network connectivity is often enabled.”

Medtronic already issued patches for these vulnerabilities, but they have to be manually applied. Until that happens, the company advises hospitals and practices to disconnect the devices from the Internet or segregate the networks wherever possible.

Healthcare is the most targeted industry because the attackers can inflict serious damage, either by blocking the activity in a hospital or by stealing private medical information. The biggest security problem is the aging IT infrastructure and the lack of support for many of the devices, which also happens to include installing patches from vendors.

When we say the Internet of Things, people think about smart speakers, thermostats, vacuum cleaners, and so on. But the IoT umbrella gathers all Internet-connected devices, including medical infrastructure, which poses a much greater risk than a compromised smart speaker.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader