Of pacemakers and insulin pumps To mammography machines, ultrasounds and monitors, dizziness range of medical devices contain worrying security vulnerabilities. The latest addition to this dastardly lineup is a popular infusion pump and docking station, the B. Braun Infusomat Space large volume pump and the B. Braun SpaceStation, which a determined hacker could wield to deliver a double dose of drug to victims.
Infusion pumps automate the delivery of drugs and nutrients into a patient’s body, usually from an intravenous fluid bag. They are especially useful for delivering very low or nuanced doses of drugs without error, but that means the stakes are high when problems arise. Between 2005 and 2009, for example, the FDA received approximately 56,000 reports of infusion pump-related “adverse events” “including numerous injuries and deaths,” and the agency subsequently repressed on the safety of infusion pumps in 2010. As a result, products like the B. Braun Infusomat Space Large Volume pump are extremely software-locked; it is supposed to be impossible to send commands directly to the device. But researchers at security firm McAfee have finally found ways around this obstacle.
“We pulled all the threads we could and finally found the worst case scenario,” says Steve Povolny, head of McAfee’s Advanced Threat Research group. “As an attacker you shouldn’t be able to move back and forth from the SpaceStation to the pump operating system, so break that security boundary and get access to be able to interact between those two – that’s a real problem.” . We have shown that we can double the speed.
The researchers found that an attacker with access to a healthcare facility’s network could take control of a space station by exploiting a common connectivity vulnerability. From there, they could exploit four more loopholes in sequence to send the drug doubling command. The complete attack is not easy to achieve in practice and requires this first foothold in the network of a medical establishment.
“Successful exploitation of these vulnerabilities could allow a sophisticated attacker to compromise the security of Space or compactplus communications devices,” B. Braun wrote in a security alert to clients, “allowing an attacker to elevate privileges, display sensitive information, download arbitrary files, and execute code remotely”.
The company said in the notification that using the latest versions of its software released in October is the best way to secure devices. It also recommended that customers implement other network security mitigation measures, such as segmentation and multi-factor authentication. McAfee researchers note, however, that most bugs have not been fixed in existing products. B Braun, they say, has simply removed the vulnerable networking feature in the new version of its SpaceStations.
Once the hackers take control of the SpaceStation by exploiting the network’s first bug, the hack plays out by combining four vulnerabilities that are all related to the lack of access control between the SpaceStation and a pump. Researchers have found specific commands and conditions in which pumps do not properly verify data integrity or authenticate commands sent from the SpaceStation. They also found that the lack of download restrictions allowed them to corrupt a device backup with a malicious file and then restore from the backup to install malware on a pump. And they’ve noticed that devices send data in the clear without encryption, exposing it to interception or manipulation.