Researchers Found Hidden Accounts in GE Healthcare Medical Devices

Hidden accounts in GE Healthcare
Written by Emma Davis

CyberMDX has found that over 100 GE Healthcare medical device models come with hidden accounts that have the same default credentials and can be used by outsiders.

Among the devices affected by the problem: computed tomographs, X-ray machines and specialized MRI systems.

Accounts that are “invisible” to users are included in device firmware and are used by General Electric Healthcare servers to connect to local devices and maintain them, run system health checks, obtain logs, download updates, and so on.

The credentials can only be updated by the GE Healthcare Support team. If not updated through a customer request – credentials are left default. Having HDOs not aware of the existence of those credentials or the nature of the maintenance mechanism, we found those modalities to lack restrictions on maintenance communication with entities other than GE servers.say CyberMDX researchers.

So, according to CyberMDX, hidden accounts provide access to the following services and functions:

  • FTP (port 21): used to receive executable files from the service server;
  • SSH (port 22);
  • Telnet (port 23): used by the service server to execute shell commands;
  • REXEC (port 512): Used by the service server to execute shell commands.

A list of affected devices can be seen here.

The problem is that all of these accounts use the same default credentials, which can be easily found and abused on the Internet by accessing systems while collecting patients’ personal data.

It is not yet known about any abuse of this problem, but this does not mean that there were none.say CyberMDX experts.

GE Healthcare engineers are currently trying to help hospitals and other healthcare providers reconfigure any problematic devices that have such accounts. The company advises customers to contact their support team to change passwords for these hard-coded accounts (unfortunately only GE Healthcare employees can do this).

The only good news is that, according to CyberMDX, in order to use these accounts and gain access to the device, an attacker must have access to the hospital’s internal network. The experts stressed that they did not find any cases where problem devices would be accessible via the Internet.

Let me remind you that we also talked about the fact that Information security specialists found a hidden backdoor in HP Device Manager.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply