Hackers Can Remotely Access Wireless Syringe Infusion Pump

Another day, another set of critical vulnerabilities in wireless medical devices – This time; high severity flaws identified in Smiths Medical Syringe Infusion Pumps.

The Medfusion 4000 Wireless Syringe Infusion Pump that is manufactured by Minnesota-based firm Smiths Medical is reportedly plagued with not one or two but eight vulnerabilities. Some of these can easily be exploited by remote hackers, and this would affect the intended operations of the device.

ICS-CERT issued an advisory on Thursday in which it was reported that above-mentioned syringe infusion pump from Smiths Medical could be remotely exploited. It is worth noting that these pumps are used across the globe for delivering small doses of medicines from a syringe, and these are typically used in acute care settings.

According to ICS-CERT, the purpose of syringe infusion pump is to accurately deliver medication in critical care patients such as neonatal and pediatric intensive care units as well as the operating room. Smiths Medical is one of the leading firms in the US that manufactures specialty medical devices.

The company is currently trying to figure out the solutions for fixing the vulnerabilities in its wireless syringe infusion pumps, and the company has promised to release patches for the identified flaws in the upcoming version 1.6.1 of the device. The new version will be releasing in January 2018.

Hackers Can Remotely Access Wireless Syringe Infusion Pump
A Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump

An independent security researcher Scott Gayou has identified these vulnerabilities. As per the findings of Gayou, the flaws are present in version 1.1, 1.5 and 1.6 of the firmware. The researcher hasn’t revealed much about the vulnerabilities to prevent exploitation until a patch is released, but it is being claimed that the flaws are highly severe and critical.

According to ICS-CERT, the pump has one of the most critical of all security holes the ‘CVE-2017-12725’ which has CVSS score of 9.8 can automatically establish wireless network connection unless the default configuration of the device is changed. Other high severity vulnerabilities identified in the pumps include a buffer overflow flaw tracked as CVE-2017-12718.

This can be exploited by attackers for code execution in certain situations. Then there is the lack of authentication and hard-coded credential for the FTP server of the device issues that are tracked as CVE-2017-12720 and CVE-2017-12724. Another flaw is the lack of proper host certification authentication tracked as CVE-2017-12721. It makes the pump vulnerable to man-in-the-middle attacks.

Other flaws are of medium severity as these let the attacker crash the communications module of the device, authenticate to telnet through hard coded credentials and access passwords by exploiting the configuration files.

Smiths Medical has suggested users assign static IP addresses to the device until a patch is released. Furthermore, the company urges customers to remain cautious about malicious DNS and DHCP servers or any malicious activity, set unique and strong passwords, create backups on a regular basis and to install the device on isolated networks only.

ICS-CERT, on the other hand, suggests that the FTP server should be disabled, unused ports must be closed and the traffic is going to the pump must be duly monitored. There must be firewalls behind the devices and it is also advised that the pumps be disconnected temporarily from the networks until the patches are released.

This is the second time in one month that a medical equipment has been found vulnerable to life threatening vulnerabilities. Last week, Food and Drug Administration (FDA) revealed that 465,000 pacemakers are vulnerable to cyber attacks.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.