Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

All in the Family: Industrial Control Vendors Make Buggy Medical Devices, Too!

chicksdaddy (814965) writes | about 2 years ago

Security 0

chicksdaddy writes "On the surface, the kinds of industrial control systems that run a power plant or factory floor are very different from, say, a drug infusion pump sitting bedside in a hospital intensive care unit. But two security researchers say that many of these systems have two important things in common: they’re manufactured by the same company, and contain many of the same critical software security problems.

In a presentation at a gathering of industrial control security experts in Florida, researchers Billy Rios and Terry McCorkle said an informal audit of medical devices from major manufacturers, including Philips and Siemens showed that medical devices have many of the same kinds of software security holes found in industrial control system (ICS) products from the same firms. The research suggests that lax coding practices may be institutionalized within the firms, amplifying their effects.

Rios (@xssniper), a security researcher at Google, and McCorkle (@0psys), the CTO of SpearPoint Security told attendees at S4 in Miami that they conducted their research out of curiosity and in an effort to branch out from investigating industrial control systems. Using eBay, they purchased second-hand medical devices, often from hospitals. They soon realized that many of names they came across were familiar: firms like General Electric, Siemens, Honeywell and Philips, among them.

“The same PLC (programmable logic controller) vulnerability that you see on iCS software, you also see on medical device software,” Rios told Security Ledger in a phone interview. "I don't want to say (the security issues) are more ridiculous in the medical field, but we came across some ridiculous things.""

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?