A full week before the Food and Drug Administration issued an alert warning that Hospira’s Symbiq Infusion System smart pumps could be vulnerable to hackers, two BlackBerry officials were demonstrating how easy it is to hack an infusion pump.
Yes, BlackBerry, formerly known as Research in Motion, somehow is still making a go of it as an independent business, despite never really recovering from losing most of its smartphone market to Apple iOS and Google’s Android. And this time, BlackBerry actually was prescient.
In the video below, BlackBerry Chief Security Officer David Kleidermacher and company security expert Graham Murphy show a live audience at the BlackBerry Security Summit 2015 in New York how to hack a pump. BlackBerry covered up brand names and logos on the device it used in the demo, but the FCC ID on the back that Murphy had the camera zoom in on suggested that it was another Hospira product, the LifeCare PCA infusion system.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
The manual linked to the model lists a specific, fixed IP address for an Ethernet port. While security prevented Murphy from controlling the device via the Web, he was able to get in through a Telnet port and other protocols. Murphy also showed how to get in and control the pump through Wi-Fi.
Murphy then uploaded malware into the device’s firmware in a matter of seconds. “The only way to save the patient is to physically disconnect,” he said.
[youtube http://www.youtube.com/watch?v=htqOu846ycw]
This video was recorded July 23. The FDA’s alert came out July 30.
