Reply to post: Re: Manufacturer's T's&C's...

Medical device vuln allows hackers to falsify patients' vitals

eldakka Silver badge

Re: Manufacturer's T's&C's...

Just need to point out that their kit is for private LAN use only. The equipment is not to be used on LAN's connected to a WAN.

I was thinking this, so this isn't IoT kit, as the I stands for Internet.

I would expect that the manufacturers expect these devices to be placed on secure, segmented, access controlled (i.e. no open RJ45 ports for anyone walking past to just hook something into) networks.

But even saying that, in this day and age implementing reasonable security precautions should be a no-brainer automatic development process. Basic security is available from standard libraries, it's not like they'd have to roll their own, they'd just have to use whats already out there.

Even tho these are 14 year-old devices, I bet they were at the time (and probably still are) quite expensive as all medical equipment seems to be, therefore it would be standard practice that such devices are used for at least a decade, probably two to three decades in smaller regional hospitals or hand-me-downs to poorer regions of the world. Therefore manufacturers should still be supporting them with the occasional firmware updates (even if just every 3-4 years) to implement newer security practices in them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon