Friday, June 14, 2013

Vast array of medical devices vulnerable to serious hacks, feds warn

The ICS-CERT has emitted a warning concerning hard-coded passwords in medical devices.  I see there a parallel with the vulnerabilities found in the SCADA devices: applications that used to be on disconnected networks, or even specialized networks now get a web front-end, developers who spent years focusing on the functionalities now have to include security, and not very disseminated devices.

I suspect that before long, there will be other issues found: buffer overflows, authentication/authorization bypass and other tricks.