Patient monitors may have some worrying security flaws

Chinese hardware found relaying sensitive data. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. At least three healthcare devices built by Chinese manufacturers were found with firmware backdoors apparently relaying sensitive information to a Chinese university. The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning about Contec CMS8000, a patient monitor used in hospitals and clinical settings to track vital signs such as ECG, blood pressure, oxygen saturation (SpO₂), respiratory rate, and temperature.

The agency said that an independent researcher discovered that the device was engaged in malicious activity, connecting to a hard-coded external IP address. BleepingComputer managed to determine that the IP address belonged to a “Chinese university”, but did not say which one. Get Incogni at 55% off with code TECHRADAR. Remove your personal information from the internet with ease. Incogni protects your online.

identity and reduces unwanted robocalls and spam emails. The researchers then uncovered the malicious activity was tied to a backdoor planted in the firmware, which would quietly download and run files on the device. The backdoor would allow unknown third parties the ability to execute programs remotely, take over patient monitors entirely, and send patient data across the pond. The activity was not being logged, either, flying under the radar of IT admins managing the devices.

Further investigation uncovered that the same IP address was discovered in software for other medical equipment, including a pregnancy patient monitor from another Chinese health manufacturer, BleepingComputer added. FDA said it also found it in Epsimed MN-120 patient monitors (essentially re-branded Contec CMS8000 devices). CISA reached out to Contec, notified it about the backdoor, and the company came back with “multiple firmware images” that were supposed to mitigate the issue. However, each of the firmware updates did not address the issue properly, allowing the backdoor to continue operating.

Since the vulnerability has not yet been fully addressed, CISA urged all users to disconnect the endpoints from the wider network, if possible. Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!. Via BleepingComputer. Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.