评估物联网上的医疗设备漏洞

2017 IEEE International Conference on Intelligence and Security Informatics (ISI) Pub Date : 2017-07-22 DOI:10.1109/ISI.2017.8004903

Emma McMahon, Richard Ryan Williams, Malaka El, S. Samtani, Mark W. Patton, Hsinchun Chen

{"title":"评估物联网上的医疗设备漏洞","authors":"Emma McMahon, Richard Ryan Williams, Malaka El, S. Samtani, Mark W. Patton, Hsinchun Chen","doi":"10.1109/ISI.2017.8004903","DOIUrl":null,"url":null,"abstract":"Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.","PeriodicalId":423696,"journal":{"name":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"Assessing medical device vulnerabilities on the Internet of Things\",\"authors\":\"Emma McMahon, Richard Ryan Williams, Malaka El, S. Samtani, Mark W. Patton, Hsinchun Chen\",\"doi\":\"10.1109/ISI.2017.8004903\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.\",\"PeriodicalId\":423696,\"journal\":{\"name\":\"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISI.2017.8004903\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISI.2017.8004903","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

支持互联网的医疗设备为患者提供了一定程度的便利。近年来，医疗保健行业的网络攻击数量激增。鉴于受损医疗设备的潜在致命影响，本研究旨在确定医疗设备的漏洞。我们的方法使用Shodan来获取大量的IP地址，这些地址将通过Nessus来验证是否存在任何漏洞。我们确定一些主要供应商(如欧姆龙公司、FORA、罗氏和Bionet)生产的设备包含严重漏洞，如Dropbear SSH Server和MS17-010。这些允许远程执行代码和身份验证绕过潜在的攻击者对其系统的控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Assessing medical device vulnerabilities on the Internet of Things

Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE International Conference on Intelligence and Security Informatics (ISI)

自引率

0.00%

发文量