backdoor in US medical device calls out to chinese university
Key points of the YouTube video about the Conta CMS 8000 patient monitor:
-
Critical Backdoors: The Conta CMS 8000 (and its rebranded version, the Epimed MN10), used in US and EU hospitals, contains multiple serious backdoors.
-
Reverse Backdoor Functionality: The device actively “phones home” to a hardcoded IP address in China, a university, not the manufacturer. This allows remote code execution and firmware updates from an untrusted source. This is a “reverse backdoor” – the device initiates contact, unlike a traditional backdoor where an attacker initiates contact.
-
Patient Data Leakage: The device leaks sensitive patient data (name, date of birth, hospital department, admission date, physician name, etc.) in plain text to the same hardcoded IP address.
-
Firmware Overwriting: The backdoor allows the remote server to completely overwrite the device’s firmware, potentially disabling critical monitoring functions.
-
Lack of Security Measures: The connection to the university server lacks authentication or encryption. Files are transferred via a simple file share, making it easily exploitable.
-
Malicious Potential: This vulnerability allows for potential sabotage of patient care. An attacker could manipulate vital signs data, potentially leading to serious harm or death.
-
Mitigation: The immediate solution is to disconnect the devices from the internet. Hospitals should replace these devices.
-
Wider Implications: The presenter suggests this is likely not an isolated incident, and similar vulnerabilities may exist in other medical devices from similar manufacturers or countries.