Drug Pump’s Security Flaw Lets Hackers Raise Dose Limits

Found on Wired on Tuesday, 14 April 2015

Anyone on the hospital’s network—including a patient in the hospital or a hacker accessing the pumps over the internet—can load a new drug library to the pumps that alters the limits, thereby potentially allowing the delivery of a deadly dosage.

The system also stores usernames and passwords in plaintext.

The pumps themselves don’t bother to check whether the system sending them updates is the MedNet system, any system on the hospital’s network can access the pumps to install a new library or anyone can reach out to them over the internet through one of their internet-facing ports, and do the same.

With all the hype around the IoT, there will be many more such problems; and in this case it was even a medical device where the developers should pay extra attention to security. In most everyday IoT devices, a company just tries to get the product working without caring about security at all.

Browse all articles« Previous « » Next »