Assessing medical device vulnerabilities on the Internet of Things

Emma McMahon; Ryan Williams; Malaka El; Sagar Samtani; Mark Patton; Hsinchun Chen

doi:10.1109/ISI.2017.8004903

Assessing medical device vulnerabilities on the Internet of Things

Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

34 Scopus citations

Abstract

Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

Original language	English (US)
Title of host publication	2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publication	Security and Big Data, ISI 2017
Editors	Lina Zhou, G. Alan Wang, Chunxiao Xing, Bo Luo, Xiaolong Zheng, Hui Zhang
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	176-178
Number of pages	3
ISBN (Electronic)	9781509067275
DOIs	https://doi.org/10.1109/ISI.2017.8004903
State	Published - Aug 8 2017
Event	15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China Duration: Jul 22 2017 → Jul 24 2017

Publication series

Name	2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017

Other

Other	15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
Country/Territory	China
City	Beijing
Period	7/22/17 → 7/24/17

Keywords

IoT
Nessus
Shodan
health
medical devices
vulnerability assessment

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Information Systems
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ISI.2017.8004903

Cite this

McMahon, E., Williams, R., El, M., Samtani, S., Patton, M., & Chen, H. (2017). Assessing medical device vulnerabilities on the Internet of Things. In L. Zhou, G. A. Wang, C. Xing, B. Luo, X. Zheng, & H. Zhang (Eds.), 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017 (pp. 176-178). [8004903] (2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2017.8004903

Assessing medical device vulnerabilities on the Internet of Things. / McMahon, Emma; Williams, Ryan; El, Malaka et al.

2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. ed. / Lina Zhou; G. Alan Wang; Chunxiao Xing; Bo Luo; Xiaolong Zheng; Hui Zhang. Institute of Electrical and Electronics Engineers Inc., 2017. p. 176-178 8004903 (2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

McMahon, E, Williams, R, El, M, Samtani, S, Patton, M & Chen, H 2017, Assessing medical device vulnerabilities on the Internet of Things. in L Zhou, GA Wang, C Xing, B Luo, X Zheng & H Zhang (eds), 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017., 8004903, 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017, Institute of Electrical and Electronics Engineers Inc., pp. 176-178, 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017, Beijing, China, 7/22/17. https://doi.org/10.1109/ISI.2017.8004903

McMahon E, Williams R, El M, Samtani S, Patton M, Chen H. Assessing medical device vulnerabilities on the Internet of Things. In Zhou L, Wang GA, Xing C, Luo B, Zheng X, Zhang H, editors, 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 176-178. 8004903. (2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017). doi: 10.1109/ISI.2017.8004903

McMahon, Emma ; Williams, Ryan ; El, Malaka et al. / Assessing medical device vulnerabilities on the Internet of Things. 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. editor / Lina Zhou ; G. Alan Wang ; Chunxiao Xing ; Bo Luo ; Xiaolong Zheng ; Hui Zhang. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 176-178 (2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017).

@inproceedings{34dbd6a376314fb1973e3e606ae1247f,

title = "Assessing medical device vulnerabilities on the Internet of Things",

abstract = "Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.",

keywords = "IoT, Nessus, Shodan, health, medical devices, vulnerability assessment",

author = "Emma McMahon and Ryan Williams and Malaka El and Sagar Samtani and Mark Patton and Hsinchun Chen",

note = "Funding Information: ACKNOWLEDGMENTS This material is based upon work supported by the National Science Foundation under Grant No. NSF DUE-1303362 (SFS). Publisher Copyright: {\textcopyright} 2017 IEEE.; 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 ; Conference date: 22-07-2017 Through 24-07-2017",

year = "2017",

month = aug,

day = "8",

doi = "10.1109/ISI.2017.8004903",

language = "English (US)",

series = "2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "176--178",

editor = "Lina Zhou and Wang, {G. Alan} and Chunxiao Xing and Bo Luo and Xiaolong Zheng and Hui Zhang",

booktitle = "2017 IEEE International Conference on Intelligence and Security Informatics",

}

TY - GEN

T1 - Assessing medical device vulnerabilities on the Internet of Things

AU - McMahon, Emma

AU - Williams, Ryan

AU - El, Malaka

AU - Samtani, Sagar

AU - Patton, Mark

AU - Chen, Hsinchun

PY - 2017/8/8

Y1 - 2017/8/8

N2 - Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

AB - Internet enabled medical devices offer patients with a level of convenience. In recent years, the healthcare industry has seen a surge in the number of cyber-Attacks. Given the potentially fatal impact of a compromised medical device, this study aims to identify vulnerabilities of medical devices. Our approach uses Shodan to obtain a large collection of IP addresses that will be passed through Nessus to verify if any vulnerabilities exist. We determined some devices manufactured by primary vendors such as Omron Corporation, FORA, Roche, and Bionet contain serious vulnerabilities such as Dropbear SSH Server and MS17-010. These allow remote execution of code and authentication bypassing potentially giving attackers control of their systems.

KW - IoT

KW - Nessus

KW - Shodan

KW - health

KW - medical devices

KW - vulnerability assessment

UR - http://www.scopus.com/inward/record.url?scp=85030266409&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030266409&partnerID=8YFLogxK

U2 - 10.1109/ISI.2017.8004903

DO - 10.1109/ISI.2017.8004903

M3 - Conference contribution

AN - SCOPUS:85030266409

T3 - 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017

SP - 176

EP - 178

BT - 2017 IEEE International Conference on Intelligence and Security Informatics

A2 - Zhou, Lina

A2 - Wang, G. Alan

A2 - Xing, Chunxiao

A2 - Luo, Bo

A2 - Zheng, Xiaolong

A2 - Zhang, Hui

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017

Y2 - 22 July 2017 through 24 July 2017

ER -

Assessing medical device vulnerabilities on the Internet of Things

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this