Philips and Medigate worked together to disclose and mitigate three vulnerabilities potentially putting Philips IntelliVue Patient Monitors, and Avalon Fetal/Maternal Monitors at risk of improper authentication, information exposure and stack-based buffer overflow.
Philips, with the assistance of Medigate, discloses IntelliVue Patient Monitors, and Avalon Fetal/Maternal Monitors Vulnerabilities
The vulnerabilities allow a remote unauthenticated attacker to write memory on the device, which may allow remote code execution. Successful exploitation could open up a window for an attacker to read and/or write to the memory, which in turn could lead to a denial of service to the monitor, a breach of patient health information (PHI), as well as harm the integrity of the patient data.Download Coordinated Disclosure Whitepaper
Protect your enterprise
Secure your data and safeguard patient safety and privacy from malware, ransomware and other advanced cyberattacks targeting networked medical devices with Medigate. It provides the three capabilities essential for effective IT security: visibility into all network connected devices, detection of potential threats, and automated prevention of attacks. And it’s the only medical device security solution on the market created specifically for the IoMT.Medigate Whitepaper
Because both companies are committed to providing the highest levels of security and privacy, Philips worked quickly to validate, respond and provide mitigating controls, which are available on Philips InCenter. Philips is also developing a patch, with the assistance of Medigate, that ensures a complete and thorough solution to the vulnerabilities. Philips will communicate service options to all affected install-base users. Philips recommends users obtain associated field change and service bulletin information from Philips by accessing their InCenter account.
Just as important as identifying security flaws, is reporting the findings. It is our policy to quickly and discreetly work and coordinate with vendors when we discover vulnerabilities with the goal of keeping medical devices and users safe. Once Medigate identified and informed Philips of the vulnerabilities by way of Philips’ coordinated vulnerability disclosure process, Philips quickly reviewed and verified the vulnerabilities and acted swiftly to resolve the vulnerabilities on the identified devices, as well as test additional products. As a result, the complete disclosure was made in compliance with Philips Coordinated Vulnerability Disclosure Policy.
About the Vulnerabilities
The vulnerabilities lie deep within a debug interface inside the device's firmware.
- Vulnerability 1: The vulnerability allows a remote unauthenticated attacker to write memory on the device (“write-what-where”).
- Vulnerability 2: The vulnerability allows a remote unauthenticated attacker to read memory from the device.
- Vulnerability 3: The vulnerability exposes an “echo” service, in which a buffer is copied to the stack with no boundary checks, which may allow remote code execution.
Medigate and Philips thank Oran Avraham, Security Researcher at Medigate, who identified the security vulnerabilities.