Search
  • IPG

IoT: Security researchers warn of vulnerabilities in hospital pneumatic tube systems


PwnedPiper vulnerabilities affect pneumatic tube system (PTS) stations used throughout thousands of hospitial networks - and attackers could use them to crash systems, deliver ransomware and steal data, warn security researchers, so patch now.


Security researchers have detailed vulnerabilities in the system controlling the pneumatic tube networks used in thousands of hospitals around the world, which could allow hackers to disrupt the services or potentially launch ransomware attacks.


The series of vulnerabilities have been discovered in Nexus Control Panel, which powers current models of Translogic's pneumatic tube system (PTS) stations by Swisslog Healthcare. The tubes allow staff to send patient test samples and medication around the hospital and are a key part of providing care to patients.


Dubbed PwnedPiper, the nine security vulnerabilities have been detailed by cybersecurity researchers at Armis ahead of a presentation on the findings at Black Hat USA.


They include hard-coded passwords, a privilege escalation vulnerability, memory corruption bugs that can lead to remote-code-execution and denial of service and a design flaw in which firmware upgrades on the Nexus Control Panel are unencrypted and don't require any cryptographic signature, which could allow an attacker to gain unauthenticated remote-code execution privileges by initiating a firmware update procedure while also maintaining persistence on the device.


"It was surprisingly easy to find these vulnerabilities; too easy, I would say. Although this device has a crucial function in hospitals for the critical infrastructure, the type of vulnerabilities that we found are similar to stuff that you would find on an average IoT device," Ben Seri, VP of research at Armis, told ZDNet.


To get to a Nexus Control Panel, an attacker would need some access to the network via a phishing attack or breached remote desktop credentials.


According to Armis, the infrastructure is used in more than 3,000 hospitals worldwide, including 2,300 in the United States.


Researchers warn that by exploiting vulnerabilities in these systems, attackers could gain control over the tube network.


It could also provide attackers with the ability to exploit the escalation of privileges enabled by the vulnerabilities to gain access to other sections of the network to the extent they could launch a ransomware attack against the hospital network.


"It wasn't difficult to find vulnerabilities here. It's just the system that is hidden in plain sight. You don't think about it and, normally, you don't connect it being related to any critical functions – it's a lack of knowledge of this area which leads to vulnerabilities," said Seri.


The vulnerabilities have been disclosed to Swisslog and security updates are available to close them and protect networks – healthcare organisations using Translogic's PTS are urged to apply them.


"I think the lesson to be learned here is that this is the story of IoT in a way. Many applications have moved over the years from analogue systems to digital systems and eventually to be connected to the network and then later to the internet," said Seri.


"From the hospital's point of view, this is just another reason to go ahead and apply network segmentation in the most effective way possible," he added.


According to Armis, the infrastructure is used in more than 3,000 hospitals worldwide, including 2,300 in the United States.


Researchers warn that by exploiting vulnerabilities in these systems, attackers could gain control over the tube network.


It could also provide attackers with the ability to exploit the escalation of privileges enabled by the vulnerabilities to gain access to other sections of the network to the extent they could launch a ransomware attack against the hospital network.


"It wasn't difficult to find vulnerabilities here. It's just the system that is hidden in plain sight. You don't think about it and, normally, you don't connect it being related to any critical functions – it's a lack of knowledge of this area which leads to vulnerabilities," said Seri.


The vulnerabilities have been disclosed to Swisslog and security updates are available to close them and protect networks – healthcare organisations using Translogic's PTS are urged to apply them.


"I think the lesson to be learned here is that this is the story of IoT in a way. Many applications have moved over the years from analogue systems to digital systems and eventually to be connected to the network and then later to the internet," said Seri.


"From the hospital's point of view, this is just another reason to go ahead and apply network segmentation in the most effective way possible," he added.


https://www.zdnet.com/article/iot-security-researchers-warn-of-vulnerabilities-in-hospital-pneumatic-tube-systems/

11 views0 comments
GearBox-with-Logo_1080x1080.jpg

Simple. Powerful. Cybersecurity.

IPG’s GearBoxTM is the first cybersecurity tool designed to secure and protect the Internet of Things (IoT).