CyberMDX has found that over 100 GE Healthcare medical device models come with hidden accounts that have the same default credentials and can be used by outsiders.
Among the devices affected by the problem: computed tomographs, X-ray machines and specialized MRI systems.Accounts that are “invisible” to users are included in device firmware and are used by General Electric Healthcare servers to connect to local devices and maintain them, run system health checks, obtain logs, download updates, and so on.
So, according to CyberMDX, hidden accounts provide access to the following services and functions:
- FTP (port 21): used to receive executable files from the service server;
- SSH (port 22);
- Telnet (port 23): used by the service server to execute shell commands;
- REXEC (port 512): Used by the service server to execute shell commands.
A list of affected devices can be seen here.
The problem is that all of these accounts use the same default credentials, which can be easily found and abused on the Internet by accessing systems while collecting patients’ personal data.
GE Healthcare engineers are currently trying to help hospitals and other healthcare providers reconfigure any problematic devices that have such accounts. The company advises customers to contact their support team to change passwords for these hard-coded accounts (unfortunately only GE Healthcare employees can do this).
The only good news is that, according to CyberMDX, in order to use these accounts and gain access to the device, an attacker must have access to the hospital’s internal network. The experts stressed that they did not find any cases where problem devices would be accessible via the Internet.
Let me remind you that we also talked about the fact that Information security specialists found a hidden backdoor in HP Device Manager.
