Assessing medical device vulnerabilities on the Internet of Things

Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: ResearchConference contribution

Abstract

Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

LanguageEnglish (US)
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecurity and Big Data, ISI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages176-178
Number of pages3
ISBN (Electronic)9781509067275
DOIs
StatePublished - Aug 8 2017
Event15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China
Duration: Jul 22 2017Jul 24 2017

Other

Other15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
CountryChina
CityBeijing
Period7/22/177/24/17

Fingerprint

Medical devices
Internet of things
Vulnerability
Industry
Authentication
Servers
Internet
Vendors
Attack
Healthcare
World Wide Web

Keywords

  • health
  • IoT
  • medical devices
  • Nessus
  • Shodan
  • vulnerability assessment

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

McMahon, E., Williams, R., El, M., Samtani, S., Patton, M., & Chen, H. (2017). Assessing medical device vulnerabilities on the Internet of Things. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017 (pp. 176-178). [8004903] Institute of Electrical and Electronics Engineers Inc.. DOI: 10.1109/ISI.2017.8004903

Assessing medical device vulnerabilities on the Internet of Things. / McMahon, Emma; Williams, Ryan; El, Malaka; Samtani, Sagar; Patton, Mark; Chen, Hsinchun.

2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 176-178 8004903.

Research output: ResearchConference contribution

McMahon, E, Williams, R, El, M, Samtani, S, Patton, M & Chen, H 2017, Assessing medical device vulnerabilities on the Internet of Things. in 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017., 8004903, Institute of Electrical and Electronics Engineers Inc., pp. 176-178, 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017, Beijing, China, 7/22/17. DOI: 10.1109/ISI.2017.8004903
McMahon E, Williams R, El M, Samtani S, Patton M, Chen H. Assessing medical device vulnerabilities on the Internet of Things. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc.2017. p. 176-178. 8004903. Available from, DOI: 10.1109/ISI.2017.8004903
McMahon, Emma ; Williams, Ryan ; El, Malaka ; Samtani, Sagar ; Patton, Mark ; Chen, Hsinchun. / Assessing medical device vulnerabilities on the Internet of Things. 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 176-178
@inbook{34dbd6a376314fb1973e3e606ae1247f,
title = "Assessing medical device vulnerabilities on the Internet of Things",
abstract = "Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.",
keywords = "health, IoT, medical devices, Nessus, Shodan, vulnerability assessment",
author = "Emma McMahon and Ryan Williams and Malaka El and Sagar Samtani and Mark Patton and Hsinchun Chen",
year = "2017",
month = "8",
doi = "10.1109/ISI.2017.8004903",
pages = "176--178",
booktitle = "2017 IEEE International Conference on Intelligence and Security Informatics",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - CHAP

T1 - Assessing medical device vulnerabilities on the Internet of Things

AU - McMahon,Emma

AU - Williams,Ryan

AU - El,Malaka

AU - Samtani,Sagar

AU - Patton,Mark

AU - Chen,Hsinchun

PY - 2017/8/8

Y1 - 2017/8/8

N2 - Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

AB - Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

KW - health

KW - IoT

KW - medical devices

KW - Nessus

KW - Shodan

KW - vulnerability assessment

UR - http://www.scopus.com/inward/record.url?scp=85030266409&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030266409&partnerID=8YFLogxK

U2 - 10.1109/ISI.2017.8004903

DO - 10.1109/ISI.2017.8004903

M3 - Conference contribution

SP - 176

EP - 178

BT - 2017 IEEE International Conference on Intelligence and Security Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -