Fancy a hack attack with your heart attack? Security researchers who set up ‘honeypots’ to test whether sensitive medical devices like defibrillators and MRI machines are being hacked have found these systems are “getting owned repeatedly” by botnet operators.
Researchers Scott Erven, an associate director at Protiviti, and pen tester Mark Collao, from Cisco subsidiary Neohapsis, set up 10 fake medical devices online which attracted over 55,000 logins from potentially malicious actors.
These logins resulted in almost 300 pieces of malware being loaded onto the devices, along with 24 successful remote code execution exploits.
The researchers concluded that the devices are being ‘pwned’ by botnet operators, with most of the attacks coming from The Netherlands, China and Korea.