Over 1,400 Vulnerabilities Found In Automated Medical Supply System

← Back to Stories (view on slashdot.org)

Over 1,400 Vulnerabilities Found In Automated Medical Supply System

Posted by msmash on Wednesday March 30, 2016 @03:20AM from the seeking-immediate-attention dept.

An anonymous reader writes: Security researchers have discovered 1,418 vulnerabilities in CareFusion's Pyxis SupplyStation system -- automated cabinets used to dispense medical supplies -- that are still being used in the healthcare and public health sectors in the US and around the world. The vulnerabilities can be exploited remotely by attackers with low skills, and exploits that target these vulnerabilities are publicly available. Things already seem to be getting out hand.

3 of 85 comments (clear)

Min score:

Reason:

Sort:

No surprise by marcansoft · 2016-03-30 03:26 · Score: 4, Insightful

Medical and healthcare companies consistently seem to have *no idea* whatsoever about security, and *no idea* that they actually need to hire someone who knows security.
Anything with a computer in it needs to take into account security. If you're putting code into your product and don't know security and aren't hiring someone who does, you're doing it wrong. Medical devices, cars, even Bluetooth toilets. If it communicates with the outside world or is exposed to users who aren't authorized full control over the device, it needs security. If you don't do it, your product is a ticking time bomb waiting for a researcher, if you're lucky, or a malicious attacker, if you aren't, to notice the lack of security. This will keep happening until everyone gets the message.
End of Life systems prone to New Attacks= by bigdady92 · 2016-03-30 03:30 · Score: 4, Insightful

No Shit sherlock.

Windows XP and Windows 2003 systems are prone to all sorts of horrible security flaws. Reading the Fucking Article I see that the newer, non EOL, equipment isn't prone to any of these problems.

I wonder how many vulnerabilities are in older Cisco routers that haven't been patched since 2007?

--
Wheel of Time: Book by Book and Sumview (summary review) Bigdady92 style: http://bigdady92.blogspot.com/
1. Re:End of Life systems prone to New Attacks= by aaarrrgggh · 2016-03-30 03:38 · Score: 3, Insightful
  
  The bulk attacks that are likely enabled by XP/2003 I would agree with you on. However, they are representative of many other problems with brand new Pyxis units from what I hear. The unspoken word seems to be that it is still less vulnerable than the traditional human-centric supply systems. The typical solution is defense in depth, with a key-code door lock to the room and a camera in the room-- so things can be tracked by belt and suspenders in a failure/attack.