TZUTC: -0500   
   MSGID: 53.consprcy@1:2320/105 2c076738   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Patient monitors may have some worrying security flaws   
      
   Date:   
   Mon, 03 Feb 2025 16:09:00 +0000   
      
   Description:   
   Chinese hardware found relaying sensitive data from patient monitors.   
      
   FULL STORY   
   ======================================================================   
    - CISA issues warning about Chinese-made monitor quietly relaying sensitive   
   data   
    - Multiple devices were found carrying malicious code in the firmware   
    - The company tried, and failed, to address the flaw   
      
   At least three healthcare devices built by Chinese manufacturers were found   
   with firmware backdoors apparently relaying sensitive information to a    
   Chinese university.    
      
   The US Cybersecurity and Infrastructure Security Agency (CISA) recently    
   issued a warning about Contec CMS8000, a patient monitor used in hospitals    
   and clinical settings to track vital signs such as ECG, blood pressure,    
   oxygen saturation (SpO), respiratory rate, and temperature.    
      
   The agency said that an independent researcher discovered that the device was   
   engaged in malicious activity, connecting to a hard-coded external IP    
   address. BleepingComputer managed to determine that the IP address belonged    
   to a Chinese university, but did not say which one.    
      
   No patch    
      
   The researchers then uncovered the malicious activity was tied to a backdoor   
   planted in the firmware, which would quietly download and run files on the   
   device. The backdoor would allow unknown third parties the ability to execute   
   programs remotely, take over patient monitors entirely, and send patient data   
   across the pond. The activity was not being logged, either, flying under the   
   radar of IT admins managing the devices.    
      
   Further investigation uncovered that the same IP address was discovered in   
   software for other medical equipment, including a pregnancy patient monitor   
   from another Chinese health manufacturer, BleepingComputer added. FDA said it   
   also found it in Epsimed MN-120 patient monitors (essentially re-branded   
   Contec CMS8000 devices).    
      
   CISA reached out to Contec, notified it about the backdoor, and the company   
   came back with multiple firmware images that were supposed to mitigate the   
   issue. However, each of the firmware updates did not address the issue   
   properly, allowing the backdoor to continue operating.    
      
   Since the vulnerability has not yet been fully addressed, CISA urged all    
   users to disconnect the endpoints from the wider network, if possible.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/patient-monitors-may-have-some-worrying   
   -security-flaws   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426