- CISA issues warning about the Chinese manufacturing monitor, silently transmitting confidential data
- Multiple devices with malicious code were found in firmware
- The company tried and failed to address the defect
At least three medical care devices built by Chinese manufacturers were found with firmware rear doors apparently transmitting confidential information to a Chinese university.
The United States Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning on CMS8000 Contec, a patient monitor used in hospitals and clinical environments to trace vital signs such as ECG, blood pressure, oxygen saturation (spo₂), Respiratory rate and temperature.
The agency said an independent researcher discovered that the device was involved in malicious activities, connecting to an external IP address coded. Bleepingcomputer He managed to determine that the IP address belonged to a “Chinese University”, but did not say which one.
No patch
Then, the researchers discovered that the malicious activity was linked to a rear door planted in the firmware, which would discharge and silently execute files on the device. The rear door would allow unknown third parties for the ability to execute programs remotely, take care of the patient monitors completely and send patient data through the pond. The activity was not registering either, flying under the radar of the administrators who handled the devices.
Additional investigation discovered that the same IP address in software for other medical equipment was discovered, including a pregnancy patient monitor from another Chinese health manufacturer, Bleepingcomer added. The FDA said it also found it in monitors of patients with EPSIMED MN-120 (essentially with CMS8000 Contec devices).
CISA contacted Contec, notified him on the back door, and the company returned with “multiple firmware images” that would suppose the problem. However, each of the firmware updates did not address the problem correctly, which allows the rear door to continue operating.
Since vulnerability has not yet been approached completely, CISA urged all users to disconnect the final points of the widest network, if possible.
Through Bleepingcomputer
