14 DAY TRIAL // Connecting medical equipment to the Internet seemed a pretty smart idea a few years back. You'll change your mind after you watch Scott Erven and Mark Collao's presentation from the recent DerbyCon 2015 security conference.
According to the two security researchers, over 68,000 medical systems are exposed online, with over 12,000 of them belonging to one single healthcare organizations.
What's even worrisome is that most of these devices are connected to the Internet through computers running very old versions of Windows XP, known to have lots of exploitable vulnerabilities.
All of these devices are easily discoverable via Shodan, a search engine that can find Internet-connected devices online, and are also easy to hack via brute-force attacks and using hard-coded logins.
During their research, the two infosec experts found anesthesia equipment, cardiology devices, nuclear medical systems, infusion systems, pacemakers, MRI scanners, and picture archiving and communications gear, all via simple Shodan queries.
Fake medical equipment honeypots attracted curious hackers
Acting on their initial findings, the two security experts created honeypots, special servers that looked to outsiders as medical devices, complete with vulnerability and fake medical data, but which also contained a powerful logging component.
Sifting through the logs gathered by these honeypots, the researchers found that attackers managed to authenticate via SSH on the fake medical devices over 55,000 times, even leaving 299 malware payloads behind.
There were also 24 cases when the attackers successfully exploited the MS08-067 XP vulnerability, the same one used in Conficker worm infections.
The researchers say that most of the times the attackers did not realize what they'd just hacked and were content with leaving an infected machine behind, just as a part of their botnets.
If hackers realized the access they could gain through these devices, they could easily steal patient health information, and even use the devices to spread more dangerous malware inside a hospital IT infrastructure, which would help them carry out more devastating attacks.
Scott Erven and Mark Collao's full presentation can be seen below:
