Thursday, August 13, 2015

How to hack a morphine pump to administer a lethal dose

We had been told that in the last Blackberry Security Summit in New York, the head of security of the brand David Kleidermacher and the expert Graham Murphy had shown how easy it is to hack a drug delivery device. But nothing frightens so much like seeing it live. We will show it, as well as the list of Lenovo products which come with a "rootkit" installed by default, a new malware which attacks Cisco firmwares and a new chapter of the drama of the summer in the United States about how necessary are the rear doors and the limits to the encryption.

The device is charged with morphine. The hacker shows how it is possible and easy to connect via Ethernet or WiFi to the device, browse the file system, detect the executables and, handling the suitable one, administer a lethal dose. In 15 minutes that could be 10, even 5. The device is manufactured by a company named Hospira, in Illinois, and has sold 400,000 devices like this to hospitals all around the world.

A bug in Lenovo

Meanwhile, the owners of Lenovo computers have their own problems: yesterday, during the forum of the magazine ArsTechnica, someone claimed his Lenovo had a "rootkit" factory installed which not only monitored him and sent the data to the company but it could also install programs and delete files remotely. Today it has been confirmed and there is already a list of affected computers. Today at 11:00 pm on Twitter we publish how to eliminate it.

Another bug, in Cisco

Another one which has bugs in its firmware is Cisco IOS, not default but "in the wild". Someone has discovered how to create and install a malicious image on the ROMMON (the boot of IOS) Cisco. It's not related to a bug, because administrators have permission to install new ROM images. The problem is that someone has discovered how to create malicious images. Then it's as easy as getting the administrator credentials and install them.

Back doors, yes or not

We finish with a discussion which is now officially the summer snake in the United States: what limits put to the encryption and how much we need the back doors. The blog of the expert Bruce Schneier offers some examples to think about this topic, nothing easy: Is always true that in all crimes and offenses the mobile phones provide clues to clarify them?.

Interesting dilemma to think about, better on the banks of a pool or beach.


Post a Comment