Now Ambulances Are Vulnerable To Hackers

Uploaded on 2016-03-25 in FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

One of the newest arenas for cybersecurity is connected-vehicles, and few types of vehicles are more connected than ambulances. That means medical transport is a growing target for hackers.

As Wired reports, a security researcher in Spain personally found several thousand industrial vehicles, including ambulances, with unsecured communications hubs called telematics gateway units. These TGUs typically track the vehicle’s location, gas mileage and other data not unique to healthcare transport.

But, as Work Truck magazine reported back in 2013, ambulance fleets have been incorporating computer processors, cellular radios, Wi-Fi, GPS and firewalls into their gateways. These gateways sometimes download patient records and send vitals directly to hospital emergency departments.

So it’s chilling to learn that TGUs aren’t always secure. Wired described the work of the researcher, Jose Carlos Norte, who used widely available scanning software:

He found that one TGU in particular, the C4Max sold by the French firm Mobile Devices, had no password protection, leaving the devices accessible to any hacker who scanned for them.

That allowed Norte, the chief technology officer for the security firm EyeOS owned by the Spanish telecom Telefonica, to easily look up the location of any of hundreds or thousands of vehicles at any given moment. And Norte believes he could have gone further, though he didn’t for fear of violating the law; with a few more steps, he says, an intruder could send commands over the vehicle’s internal network, known as its CAN bus, to affect its steering, brakes or transmission.

Norte didn’t go further, but a team at the University of California, San Diego, did last year. That group hacked a Mobile Devices CAN bus in a controlled environment to disable the brakes and windshield wipers of a Corvette, according to Wired.

A hack on patient data would expose the ambulance operator to HIPAA problems, which is bad enough. An attack that takes control of the vehicle could lead to injury or death.

The French company told Wired, that only devices in “development” mode, rather than “deployment” mode, could be taken over by a remote hacker. But CEO Aaron Solomon said that Mobile Devices was still investigating the findings of both Norte and UCSD.

In any case, Norte was able to track as many as 3,000 vehicles at once.

“You could track trucks and watch them and steal their contents,” he was quoted as saying. “There are a lot of operations that bad guys could use this for.”

MedCityNews: http://bit.ly/1RNsOUe

« A Cashless Society Can’t Fix Our Money Worries
ISIS Hackers Publish US Police Officers’ Private Details »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.