ICS-CERT Advisory Updated to Include ZingBox Discovery of Vulnerability in BD Alaris Infusion Pumps
Findings Highlight the Much Needed Focus on Security of Connected Medical Devices
MOUNTAIN VIEW, Calif., Oct. 24, 2017 /PRNewswire/ -- ZingBox, leading a new generation of IoT security solutions focused on IoT service protection, today announced that findings from its recent demonstration of BD Alaris infusion pump vulnerabilities have been included in an updated advisory from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Made available by the United States Department for Homeland Security (DHS), the ICS-CERT works to reduce risks within and across all critical infrastructure sectors such as healthcare.
As part of an ongoing research effort to secure connected medical devices, Daniel Regalado, ZingBox's Principal Security Researcher, discovered that an attacker can gain access to and compromise the integrity of the infusion pump's system. A hacker would not only have access to the functionality of the pump, but perhaps more importantly, gain access to the hospital network where hundreds or even thousands of other connected medical devices can be targeted. On stage at DEF CON 2017, Regalado demonstrated how a hacker could gain initial access to a pump, inject rogue code into the device, steal critical credentials, and use it to access other devices or steal Protected Health Information (PHI).
"These findings are a fitting example of how ZingBox is working with device manufacturers as well as the Food and Drug Administration and DHS to improve security of IoT devices," said Xu Zou, CEO and co-founder of ZingBox. "We are glad that BD has been able to leverage our ongoing research to better understand the security needs of their connected medical devices."
ZingBox's illustrative discoveries highlight the importance of identifying these vulnerabilities before they become a serious threat, allowing for collaboration with device manufacturers and various government agencies to protect at-risk connected medical devices from future attacks.
To view the updated ICS-CERT report, please visit: https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02A.
For more details on the vulnerability from the hacker himself, visit: https://www.zingbox.com/blog/my-research-on-vulnerability-of-iv-pumps.
About ZingBox
Enabling the Internet of Trusted Things, ZingBox provides hospitals, companies and manufacturing facilities with Internet of Things (IoT) security software that helps ensure service delivery. ZingBox's new approach is based on deep learning and enforcement of trusted behavior. Founded by Silicon Valley veterans with expertise in cybersecurity, IoT, deep learning and networking, ZingBox was selected by the Stanford StartX program, was named one of NetworkWorld's hottest security startups, and was most recently named a "Cool Vendor in IoT Security, 2017" by Gartner. For more information, visit www.zingbox.com.
Media Contact:
Jacqueline Velasco
ZingBox
(408) 680-0564
[email protected]
SOURCE ZingBox
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article