Hundreds of thousands of medical devices are vulnerable to exploitation, arising from many security vulnerabilities spotted by CyberMDX researchers.
As per them, a set of seven vulnerabilities dubbed Access:7 are found in PTC Axeda, an IoT remote access tool available in popular medical devices and ATMs.
If exploiting any of those, hackers can have access to patient data, modify it, and even make equipment inaccessible to doctors when needed. A patch for this was made available by PTC to fix the issues.
Access:7 Vulnerabilities in IoT
Internet of Things is a big world in technology, having petty to big interconnected embedded systems processing all types of tasks. Though they’re mostly seen in small devices, any issue found in them can significantly impact our daily routines. And Access:7 is a recently found security incident that can significantly impact the medical industry.
The researchers at health care security firm CyberMDX spotted a bunch of seven security vulnerabilities in PTC Axeda – an IoT remote access tool affecting hundreds of thousands of medical equipment in the wild. They named this bunch as Access:7 and said things like ATMs, vending machines, barcode scanning systems, and some industrial manufacturing equipment too are part of this!
Few vulnerabilities in overall seven issues spotted are related to how Axeda processes unauthenticated and undocumented commands, allowing an attacker to manipulate Axeda. Others relate to issues of default configuration like hard-coded, guessable system passwords shared by multiple Axeda users.
Four bugs are rated medium to high on the severity scale, while the other three are given critical severity status. Researchers said attackers can tamper the patient data in affected systems, steal them, and launch DDoS attacks to make them inoperable.
The maker of Axeda, PTC, has released fixes to all these bugs in a coordinated action with US Cybersecurity and Infrastructure Security Agency, H-ISAC, and the Food and Drug Administration. However, owners of PTC Axeda are advised to apply those fixes immediately or block specific network ports and adjust configurations as PTC noted.