Thursday, 11 February 2016

Russian Hospital Hacked Via Wifi And Old XP Flaw

A researcher has managed to hack a Russian hospital by a weak wifi password and a nearly 8-year-old vulnerability in Windows XP. The hack took place with the permission of the hospital in Moscow, let researcher Sergey Lozhkin know anti-virus company Kaspersky Lab.

He was using the Shodan search engine discovers a login portal of a CT scan machine hospital, which was only secured with a default password. Lozhkin had a friend who controlled the hospital and warned him. The hospital then agreed to an informal penetration test. The researcher decided to attack the hospital could do as a real attacker and began the Wi-Fi network of the hospital. He managed to retrieve the password through a brute force attack, let it faces Threat Post know.

After he had gained access to the wireless network he found a Windows XP machine that contained a vulnerability that Microsoft on October 23, 2008 had been patched. However, the update was not rolled out by the hospital. It was the vulnerability that also used the infamous Confickerworm to spread. Lozhkin then managed on the network to find the administrator panel of an MRI machine that was not password protected. Through the panel he had access to patient data and diagnoses were performed by the machine. According to the researcher shows his work that IT security too often forgotten by software developers, both in the medical industry and in other sectors.

No comments:

Post a Comment