Now Ambulances Are Vulnerable To Hackers

Uploaded on 2016-03-25 in FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

One of the newest arenas for cybersecurity is connected-vehicles, and few types of vehicles are more connected than ambulances. That means medical transport is a growing target for hackers.

As Wired reports, a security researcher in Spain personally found several thousand industrial vehicles, including ambulances, with unsecured communications hubs called telematics gateway units. These TGUs typically track the vehicle’s location, gas mileage and other data not unique to healthcare transport.

But, as Work Truck magazine reported back in 2013, ambulance fleets have been incorporating computer processors, cellular radios, Wi-Fi, GPS and firewalls into their gateways. These gateways sometimes download patient records and send vitals directly to hospital emergency departments.

So it’s chilling to learn that TGUs aren’t always secure. Wired described the work of the researcher, Jose Carlos Norte, who used widely available scanning software:

He found that one TGU in particular, the C4Max sold by the French firm Mobile Devices, had no password protection, leaving the devices accessible to any hacker who scanned for them.

That allowed Norte, the chief technology officer for the security firm EyeOS owned by the Spanish telecom Telefonica, to easily look up the location of any of hundreds or thousands of vehicles at any given moment. And Norte believes he could have gone further, though he didn’t for fear of violating the law; with a few more steps, he says, an intruder could send commands over the vehicle’s internal network, known as its CAN bus, to affect its steering, brakes or transmission.

Norte didn’t go further, but a team at the University of California, San Diego, did last year. That group hacked a Mobile Devices CAN bus in a controlled environment to disable the brakes and windshield wipers of a Corvette, according to Wired.

A hack on patient data would expose the ambulance operator to HIPAA problems, which is bad enough. An attack that takes control of the vehicle could lead to injury or death.

The French company told Wired, that only devices in “development” mode, rather than “deployment” mode, could be taken over by a remote hacker. But CEO Aaron Solomon said that Mobile Devices was still investigating the findings of both Norte and UCSD.

In any case, Norte was able to track as many as 3,000 vehicles at once.

“You could track trucks and watch them and steal their contents,” he was quoted as saying. “There are a lot of operations that bad guys could use this for.”

MedCityNews: http://bit.ly/1RNsOUe

« A Cashless Society Can’t Fix Our Money Worries
ISIS Hackers Publish US Police Officers’ Private Details »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Quantexa

Quantexa

Quantexa automates millions of operational decisions, at scale, across multiple business units, including Anti-Money Laundering, Know-Your-Customer, Fraud, Credit Risk and Customer Intelligence.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Qi An Xin (QAX)

Qi An Xin (QAX)

QAX is a listed company based in China, and a leader in cybersecurity industry, providing new generation enterprise-level and national-level cybersecurity solutions.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.