74
Backdoor found in two healthcare patient monitors, linked to IP in China
(www.bleepingcomputer.com)
Those things shouldn't even be connected to the internet.
this post was submitted on 31 Jan 2025
74 points (96.2% liked)
Cybersecurity
6552 readers
47 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
Might not be. This could have simply been some IT guy noticing that something kept trying to ping the outside world.
The only way some IT guy can notice it pinging the outside world is if it's connected to the internet.
Depends on the router it's hooked to and the level of traffic logging being performed. Being connected to a LAN is not the same as being connected to the internet.
No, it doesn't depend on the router. The device can either send traffic to other devices on the internet or it can't. If the device can ping something on the internet, then it is connected to the internet. It's a tautology.
All traffic from that device is going to pass through the router. In order to start communicating with the other device, the first device has to send a packet. The router sees that packet, and routes it to the other device. If there's no internet connection, things die here, but the router still saw that initial packet.
Sorry, I realized I misread your earlier post. I missed the word "trying," and it sounded like your were saying the device might not be connected to the internet even though it's successfully pinging a server.
Lol, no worries.
They connect to allow the vitals to be pulled into the EMR to allow continuous documentation of vitals for the anesthesia record or central patient monitoring. More and more frequently, the database is not onsite and is shared amongst several sites within a hospital system.
But the device itself shouldn't need internet connectivity for this. That networking should be handled by a local master device, the same way access control systems (e.g. Door badge readers, alarm monitoring, etc) work.
Then this device would only use a local, isolated network to access the master device.
Agreed. Network connected to an isolation vlan without internet access
But I'm sure TikTok is fine and 100% to be trusted.
Or Facebook, fine too... and Instagram, X, Amazon, Microsoft, Google...
Yep, we need broad sweeping data privacy laws and audits in every country for all software. Not just fear mongering over other country's software.
Why tho
Not sure. If true, prolly just generic data mining?
Would fake news ever report if it was pinging mountain view?
Might also not be this device that was specifically targeted. The backdoor could have been placed in component firmware for any generic components this device uses, or in some general software library that gets used all over the place.