Now Ambulances Are Vulnerable To Hackers

Uploaded on 2016-03-25 in FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

One of the newest arenas for cybersecurity is connected-vehicles, and few types of vehicles are more connected than ambulances. That means medical transport is a growing target for hackers.

As Wired reports, a security researcher in Spain personally found several thousand industrial vehicles, including ambulances, with unsecured communications hubs called telematics gateway units. These TGUs typically track the vehicle’s location, gas mileage and other data not unique to healthcare transport.

But, as Work Truck magazine reported back in 2013, ambulance fleets have been incorporating computer processors, cellular radios, Wi-Fi, GPS and firewalls into their gateways. These gateways sometimes download patient records and send vitals directly to hospital emergency departments.

So it’s chilling to learn that TGUs aren’t always secure. Wired described the work of the researcher, Jose Carlos Norte, who used widely available scanning software:

He found that one TGU in particular, the C4Max sold by the French firm Mobile Devices, had no password protection, leaving the devices accessible to any hacker who scanned for them.

That allowed Norte, the chief technology officer for the security firm EyeOS owned by the Spanish telecom Telefonica, to easily look up the location of any of hundreds or thousands of vehicles at any given moment. And Norte believes he could have gone further, though he didn’t for fear of violating the law; with a few more steps, he says, an intruder could send commands over the vehicle’s internal network, known as its CAN bus, to affect its steering, brakes or transmission.

Norte didn’t go further, but a team at the University of California, San Diego, did last year. That group hacked a Mobile Devices CAN bus in a controlled environment to disable the brakes and windshield wipers of a Corvette, according to Wired.

A hack on patient data would expose the ambulance operator to HIPAA problems, which is bad enough. An attack that takes control of the vehicle could lead to injury or death.

The French company told Wired, that only devices in “development” mode, rather than “deployment” mode, could be taken over by a remote hacker. But CEO Aaron Solomon said that Mobile Devices was still investigating the findings of both Norte and UCSD.

In any case, Norte was able to track as many as 3,000 vehicles at once.

“You could track trucks and watch them and steal their contents,” he was quoted as saying. “There are a lot of operations that bad guys could use this for.”

MedCityNews: http://bit.ly/1RNsOUe

« A Cashless Society Can’t Fix Our Money Worries
ISIS Hackers Publish US Police Officers’ Private Details »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

RealmOne

RealmOne

RealmOne addresses the most challenging issues in the realms of defense and cyberspace, adapting to the continuously changing demands of our national security customers.

Cure53

Cure53

Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits.

Cyber Overwatch

Cyber Overwatch

Cyber Overwatch holds your hand, giving you the tools to detect threats, monitor your cyber footprint, and secure your organisation, before attackers strike.