Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Medicine

Hackers Can Falsify Patient Vitals (bleepingcomputer.com) 26

Hackers can falsify patients' vitals by emulating data sent from medical equipment clients to central monitoring systems, a McAfee security researcher revealed over the weekend at the DEF CON 26 security conference. BleepingComputer: The research, available here, takes advantage of a weak communications protocol used by some patient monitoring equipment to send data to a central monitoring station. McAfee security researcher Douglas McKee says he was able to reverse engineer this protocol, create a device that emulates patients vitals, and send incorrect information to a central monitoring station. This attack required physical access to the patient, as the attacker needed to disconnect the patient monitoring client and replace it with his own device that feeds incorrect patient vitals to the central station monitored by medical professionals. But McKee also devised another method of feeding central monitoring stations without needing to disconnect the patient monitoring client.
This discussion has been archived. No new comments can be posted.

Hackers Can Falsify Patient Vitals

Comments Filter:
  • mcfuckee reports an analog hacker can write false data on patient chart.

  • Really bad (Score:4, Funny)

    by 110010001000 ( 697113 ) on Tuesday August 14, 2018 @01:48PM (#57125118) Homepage Journal
    "This attack required physical access to the patient, as the attacker needed to disconnect the patient monitoring client and replace it with his own device that feeds incorrect patient vitals to the central station monitored by medical professionals"

    How do I get a job as a "Security Researcher"?
    • I got your research. I hook the leads up to my OWN ARM... Serious crazy hack right there...

    • Agree that one's lame, but keep reading:

      A variation of the attack requires the attacker to be on the same network as the patient monitoring client in order to ARP spoof the central monitoring station.

      The attacker can pose as the central monitoring station, capture data sent by the actual patient monitoring equipment, and then send falsified patient data to the real central monitoring station.

      This second attack scenario works in real-time and is feasible because of the insecure design of the Rwhat protocol used by some medical equipment to send data from patient monitors to central stations via WiFi or wired connections —the protocol relying on simple unencrypted UDP packets sent between the client and server, packets that can be easily spoofed and modified.

    • "But McKee also devised another method of feeding central monitoring stations without needing to disconnect the patient monitoring client.
      A variation of the attack requires the attacker to be on the same network as the patient monitoring client in order to ARP spoof the central monitoring station.
      The attacker can pose as the central monitoring station, capture data sent by the actual patient monitoring equipment, and then send falsified patient data to the real central monitoring station."
      • He "devised" ARP spoofing to attack an insecure protocol? Again, how do I get this job? This is like decades old. There are many protocols in use that aren't secured.
        • by pnutjam ( 523990 )
          We know this, but demonstrating it for others in a public forum will force it to be addressed. (theoretically)
  • If you have physical access to the person you want to harm and that person is already in a state where they need life monitoring equipment and can apparently not shout to the nurse or anything... It seems easier to just.. you know... harm them.
    Shoot some Drano on the IV drip or what ever.
    Seems pretty convoluted and slower to rig up some hack.

    • I think you're ignoring a whole other angle here. What if you want to break someone out of the hospital: fake BETTER vital signs so they'll let you leave, or fake constant vital signs so you can unhook them, get them dressed and walk out while the nurse still sees a consistent signal from the monitors. What if you want not to kill them, but keep them in the hospital longer: fake only slightly worse vital signs. Lots of room to play here.

      Also, if this can be done with vital signs, then how secure is the o

    • by arth1 ( 260657 )

      It might be beneficial for an assassin to be able to walk out of the hospital, because the monitoring still shows plausible values despite the target being dead.
      Or even abduct the patient.
      Or fake half a dozen emergencies, so staff all mill around and don't notice who walks off with all the morphine.
      Or play mind games with a staff member you hate, causing him or her to rush back and forth to patients all night.

      The possibilities will include many other scenarios - you just have to think of them.

  • But they need editor acce...err...nm

  • And this, kids, is why no network admin with the brains G_d gave your average cockroach allows unauthenticated computers on a network. Granted, some of these older units still use serial connections up to an aggregator, but TFA mentioned ARP spoofing. I accidentally shut down half a basement at a hospital at one point by plugging my laptop into a port in the training room. The ports on that network switch were locked to specific MAC addresses, and would actually shut down if a network adapter with any other MAC address than the designated one were plugged in. It was somewhat embarrassing.

    And it's also one of the reasons why every reasonable EMR requires that human eyes look at the data before adding it to the database. Yes, you could fudge factor vitals readings to a certain extent, but the human body is a collection of systems that have really nice feedback loops to maintain equilibrium. If you see a change in one measurement, there will almost always be a corresponding change in one or more others. So, it's not enough to change an SpO2 reading. You not only need to know what the clinically valid ranges are for an SpO2 reading, but what changing SpO2 will do for respiration and pulse rate. And then you get to add additional factors (like COPD) into the mix.

    So, all in all, this would take someone with some level of medical training, a specific goal in mind, an almost criminally stupid network admin, and active cooperation from the patient to make it work.

    • So, all in all, this would take someone with some level of medical training, a specific goal in mind, an almost criminally stupid network admin, and active cooperation from the patient to make it work.

      Well, they probably have a goal or they wouldn't be in there, and the next one is practically a given. That just leaves your first and last conditions.

  • This attack required physical access to the patient

    If you have physical access to a patient that has one of these machines hooked up to them then you could just as easily inject something into their IV line because they are definitely going to have one. A simple bacteria or viral load would be far easier and make their death look natural. Faking their vitals and hoping they die from their existing injuries is just a stupid plan.

  • "Before The Devil Knows Your Dead" showed you don't need hax0r skillz at all to pull this off.
  • Test leads and a lot of medical cabling is very cheaply made and unshielded. It is very easy to use induction to modify the reading the equipment is getting from the test leads without disconnecting anything. Disconnecting things would trigger alarms on the stuff sending data to the central monitoring station. Of course, you still need access to the patient.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...