Oct 24, 2017 SOURCE: PR NewsWire

ICS-CERT Advisory Updated to Include ZingBox Discovery of Vulnerability in BD Alaris Infusion Pumps

MOUNTAIN VIEW, Calif., Oct. 24, 2017 /PRNewswire/ -- ZingBox, leading a new generation of IoT security solutions focused on IoT service protection, today announced that findings from its recent demonstration of BD Alaris infusion pump vulnerabilities have been included in an updated advisory from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Made available by the United States Department for Homeland Security (DHS), the ICS-CERT works to reduce risks within and across all critical infrastructure sectors such as healthcare.

As part of an ongoing research effort to secure connected medical devices, Daniel Regalado, ZingBox's Principal Security Researcher, discovered that an attacker can gain access to and compromise the integrity of the infusion pump's system. A hacker would not only have access to the functionality of the pump, but perhaps more importantly, gain access to the hospital network where hundreds or even thousands of other connected medical devices can be targeted. On stage at DEF CON 2017, Regalado demonstrated how a hacker could gain initial access to a pump, inject rogue code into the device, steal critical credentials, and use it to access other devices or steal Protected Health Information (PHI).

"These findings are a fitting example of how ZingBox is working with device manufacturers as well as the Food and Drug Administration and DHS to improve security of IoT devices," said Xu Zou, CEO and co-founder of ZingBox. "We are glad that BD has been able to leverage our ongoing research to better understand the security needs of their connected medical devices."

ZingBox's illustrative discoveries highlight the importance of identifying these vulnerabilities before they become a serious threat, allowing for collaboration with device manufacturers and various government agencies to protect at-risk connected medical devices from future attacks.

To view the updated ICS-CERT report, please visit: https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02A.

For more details on the vulnerability from the hacker himself, visit: https://www.zingbox.com/blog/my-research-on-vulnerability-of-iv-pumps.

About ZingBox
Enabling the Internet of Trusted Things, ZingBox provides hospitals, companies and manufacturing facilities with Internet of Things (IoT) security software that helps ensure service delivery. ZingBox's new approach is based on deep learning and enforcement of trusted behavior. Founded by Silicon Valley veterans with expertise in cybersecurity, IoT, deep learning and networking, ZingBox was selected by the Stanford StartX program, was named one of NetworkWorld's hottest security startups, and was most recently named a "Cool Vendor in IoT Security, 2017" by Gartner. For more information, visit www.zingbox.com.

Media Contact:
Jacqueline Velasco
ZingBox
(408) 680-0564
zingbox@luminapr.com

View original content:http://www.prnewswire.com/news-releases/ics-cert-advisory-updated-to-include-zingbox-discovery-of-vulnerability-in-bd-alaris-infusion-pumps-300541939.html

SOURCE ZingBox

Related News

Ready Computing Introduces Wellbase Coordinator

Georgia State University, Comcast and CodePath Announce Launch of New Computer Science Education and Career Readiness Program

Ready Computing Becomes a Benefactor Member of HL7 International

Ready Computing Poised to Deliver Expanded Services to International Clients in 2021

NetFoundry Simplifies IoT Edge Compute and Private 5G

Pratexo Wins Edge Startup of the Year at Edge Computing World 2021

Scale Computing Continues to Deliver High-Performing, Scalable Edge Computing and IT Infrastructure to Manufacturing Industry

NPL and Cambridge Quantum Computing (CQC) collaborate in quantum computing

View all News

Latest Procurements

Herbicide resistance status of grain and cotton cropping regions - strategic insights for RDE

Photo Award Submission Management System

Provision for a SaaS Photo Management System

Employee Assistance Program (EAP)

The procurement project NS1230 for the Employee Assistance Program (EAP) underscores ABC's unwavering commitment to employee well-being and organisational resilience. The main purpose of this project is to secure a...

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Dviation Group

Mifram Ltd.

GENERAL DYNAMICS - Mission Systems, Canada

View All Companies