Security researchers have discovered 1,418 flaws in outdated medical equipment still in use by some healthcare providers. The vulnerabilities could allow hackers to remotely exploit systems.
Research carried out by Billy Rios and Mike Ahmadi, used automated security scanning tools on a decommissioned device. They found scores of bugs in equipment running customized versions of Windows XP. Out of the 1,418 remotely exploitable flaws, 715 of those vulnerabilities in "automated supply cabinets used to dispense medical supplies" have a severity rating of high or critical.
According to an ICS-CERT notification, an attacker with low skill "would be able to exploit many of these vulnerabilities."
John Smith, principal solution architect at Veracode, said, "Vulnerabilities will always be discovered in connected devices. The security of all IoT devices must be looked at holistically so that all devices, as well as their web and mobile applications, and back-end cloud services, are secure by default."