Now Ambulances Are Vulnerable To Hackers

One of the newest arenas for cybersecurity is connected-vehicles, and few types of vehicles are more connected than ambulances. That means medical transport is a growing target for hackers.

As Wired reports, a security researcher in Spain personally found several thousand industrial vehicles, including ambulances, with unsecured communications hubs called telematics gateway units. These TGUs typically track the vehicle’s location, gas mileage and other data not unique to healthcare transport.

But, as Work Truck magazine reported back in 2013, ambulance fleets have been incorporating computer processors, cellular radios, Wi-Fi, GPS and firewalls into their gateways. These gateways sometimes download patient records and send vitals directly to hospital emergency departments.

So it’s chilling to learn that TGUs aren’t always secure. Wired described the work of the researcher, Jose Carlos Norte, who used widely available scanning software:

He found that one TGU in particular, the C4Max sold by the French firm Mobile Devices, had no password protection, leaving the devices accessible to any hacker who scanned for them.

That allowed Norte, the chief technology officer for the security firm EyeOS owned by the Spanish telecom Telefonica, to easily look up the location of any of hundreds or thousands of vehicles at any given moment. And Norte believes he could have gone further, though he didn’t for fear of violating the law; with a few more steps, he says, an intruder could send commands over the vehicle’s internal network, known as its CAN bus, to affect its steering, brakes or transmission.

Norte didn’t go further, but a team at the University of California, San Diego, did last year. That group hacked a Mobile Devices CAN bus in a controlled environment to disable the brakes and windshield wipers of a Corvette, according to Wired.

A hack on patient data would expose the ambulance operator to HIPAA problems, which is bad enough. An attack that takes control of the vehicle could lead to injury or death.

The French company told Wired, that only devices in “development” mode, rather than “deployment” mode, could be taken over by a remote hacker. But CEO Aaron Solomon said that Mobile Devices was still investigating the findings of both Norte and UCSD.

In any case, Norte was able to track as many as 3,000 vehicles at once.

“You could track trucks and watch them and steal their contents,” he was quoted as saying. “There are a lot of operations that bad guys could use this for.”

MedCityNews: http://bit.ly/1RNsOUe

« A Cashless Society Can’t Fix Our Money Worries
ISIS Hackers Publish US Police Officers’ Private Details »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

SevenShift

SevenShift

SevenShift is a security consulting firm with a wealth of experience in the worlds of Cybersecurity and Internet of Things (IoT).

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Macomb-OU Incubator

Macomb-OU Incubator

Macomb-Oakland University Incubator supports startup and emerging companies in the niche industries of defense, homeland security, advanced manufacturing and technology.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

SideChannel

SideChannel

At SideChannel, we match companies with an expert virtual CISO (vCISO), so your organization can assess cyber risk and ensure cybersecurity compliance.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.