Hackable flaws are common in medical devices. These include mammography machines, CT scanners, pacemakers, insulin pumps, and pacemakers. It turns out, the risk extends beyond the walls. Researchers discovered nearly a dozen vulnerabilities within a popular pneumatic tube delivery system used by hospitals to transport and distribute critical cargo such as medicine and lab samples.Although pneumatic tubes might seem like a quaint and outdated office tech, they are more at home in The Hudsucker Proxy rather than in modern-day healthcare. They are actually quite common. Swisslog Healthcare, a well-known manufacturer of medical-focused pneumatic tube systems, claims that TransLogic PTS is used by more than 2,300 hospitals in North America. 700 other countries also use the platform. Researchers from embedded device security firm Armis discovered nine vulnerabilities in Swisslog's Translogic Nexus Control Panels that could allow hackers to take control of a system, route deliveries or reroute data.One of these pneumatic tube systems is connected to the internet. You think, "What could go wrong?" Ben Seri is Armis' vice president for research. You can see that everything is delicately balanced, so if one thing goes out of balance it could make it vulnerable to attacks. These systems are vital to the hospital's survival. This allows medicine and specimens to move more quickly from one place to another, which leads to better health care.As part of ransomware attacks, hackers could target a pneumatic tube systems. This would significantly slow down laboratory testing and the distribution medicine. Hackers could also monitor delivery data to spy on it. Hackers could also disrupt delivery routes or cause damage to samples by manipulating motors, blowers and robotic arms. These industrial components are usually programmed to complete deliveries in carefully planned sequences.TransLogic PTS products are not vulnerable to hacking by the public internet. These flaws are easy to exploit, with a few hardcoded passwords and buffer overflows as well as memory corruption bugs. Multiple ways for an attacker to manipulate the system would be possible if they were connected to the network of control panels and pneumatic tubes. They could also install their own firmware onto a Translogic Nexus Control Panel by taking advantage of certain weaknesses. This would allow attackers to establish deep, lasting control hospitals. They would then need to update their curative firmware to eliminate the intruders.Researchers from the University of California, Berkeley, will present their findings on Wednesday at Black Hat Security Conference in Las Vegas. Swisslog was notified about the flaws by the researchers on May 1. The security advisory was issued by the healthcare company after it collaborated with Armis to address the problems. Armis claims there are nine vulnerabilities, while Swisslog says there are eight. This is because Swisslog considers two hard-coded password problems as one vulnerability and Armis researchers claim they are two distinct flaws.Swisslog has begun to distribute patches for all but one vulnerability. One flaw remains: the firmware verification problem. The company is still working on validation checks but has said it will release other mitigations to customers. Swisslog doesn't have a single platform or update mechanism through which it distributes patches. According to Swisslog, different customers have different settings and preferences. In practice, it might be difficult for hospitals to obtain and apply patches.
