Recently Cisco Talos revealed that it has discovered 5 vulnerabilities in software that is available in several systems for the realization of electroencephalograms and that is sold by Natus. The electroencephalogram (EEG) is a non-invasive monitoring exam that records the electrical activity of the brain. The electroencephalogram has the ability to detect changes in brain electrical activity with a temporal resolution of milliseconds. This is a simple, risk-free and very informative exam. It’s called NeuroWorks, it’s sold by the Natus company and used in thousands of hospitals around the world to capture and analyze data from electroencephalograms. According to Cisco, the examination information for analysis by the software is obtained via the network where flaws have been detected. According to the information, the platform is vulnerable to local and remote attacks, and malicious code can be injected and thus the attacker could easily obtain and manipulate private data. In addition, these platforms are also vulnerable to the denial of service attacks. Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisition and connection to networks. “We identified a number of vulnerabilities falling into two classes:-
Four code execution vulnerabilities One denial of service vulnerability.
The first category allows code execution on the medical device through a specially crafted network packet. The second category can cause the vulnerable service to crash. The vulnerabilities can be triggered remotely without authentication.” However, the software company, Natus released a patch to correct these vulnerabilities. Unfortunately, based on what normally happens at the level of vulnerable medical devices, it is likely that these systems will remain in use – uncorrected – by hundreds of hospitals. So, what do you think about this? Simply share all your views and thoughts in the comment section below.