How Infusion Pump Security Flaws Can Mess with Drug Dosing

Databreach Today -

Five security vulnerabilities in commonly used infusion pump products from B. Braun Medical Inc. could collectively allow malicious actors to dangerously modify the dose of medicines delivered to patients, says Douglas McKee, a security researcher on a team at security vendor McAfee, which recently discovered the flaws.

The vulnerabilities exist in both the B. Braun Infusomat Space large volume pump and the company’s SpaceStation docking station, which are network-connected devices used in hospitals worldwide, McKee says in an interview with Information Security Media Group about his team’s Aug. 24 research report.

The vulnerabilities include:

Use of externally controlled format string; Insufficient verification of data authenticity; Missing authentication for critical function; Cleartext transmission of sensitive information; Unrestricted upload of file with dangerous type.

“The crux of the vulnerabilities … is what can be done when those [flaws are] combined,” he says.

“Each vulnerability separately is not super interesting. But together,

Read More.....