Abstract
Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.
Original language | English (US) |
---|---|
Title of host publication | 2017 IEEE International Conference on Intelligence and Security Informatics |
Subtitle of host publication | Security and Big Data, ISI 2017 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 176-178 |
Number of pages | 3 |
ISBN (Electronic) | 9781509067275 |
DOIs | |
State | Published - Aug 8 2017 |
Event | 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China Duration: Jul 22 2017 → Jul 24 2017 |
Other
Other | 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 |
---|---|
Country | China |
City | Beijing |
Period | 7/22/17 → 7/24/17 |
Fingerprint
Keywords
- health
- IoT
- medical devices
- Nessus
- Shodan
- vulnerability assessment
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Networks and Communications
- Information Systems
- Information Systems and Management
- Safety, Risk, Reliability and Quality
Cite this
Assessing medical device vulnerabilities on the Internet of Things. / McMahon, Emma; Williams, Ryan; El, Malaka; Samtani, Sagar; Patton, Mark; Chen, Hsinchun.
2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 176-178 8004903.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Assessing medical device vulnerabilities on the Internet of Things
AU - McMahon, Emma
AU - Williams, Ryan
AU - El, Malaka
AU - Samtani, Sagar
AU - Patton, Mark
AU - Chen, Hsinchun
PY - 2017/8/8
Y1 - 2017/8/8
N2 - Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.
AB - Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.
KW - health
KW - IoT
KW - medical devices
KW - Nessus
KW - Shodan
KW - vulnerability assessment
UR - http://www.scopus.com/inward/record.url?scp=85030266409&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030266409&partnerID=8YFLogxK
U2 - 10.1109/ISI.2017.8004903
DO - 10.1109/ISI.2017.8004903
M3 - Conference contribution
AN - SCOPUS:85030266409
SP - 176
EP - 178
BT - 2017 IEEE International Conference on Intelligence and Security Informatics
PB - Institute of Electrical and Electronics Engineers Inc.
ER -