Cybersecurity

6334 readers

358 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

-7

Tankies of Lemmy how do you explain a Heart Monitor having a reverse backdoor with the IP of a university in China? (www.cisa.gov)

submitted 1 week ago by [email protected] to c/cybersecurity

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] deranger 13 points 1 week ago* (last edited 1 week ago) (6 children)

Through Team82’s analysis, we have come to the conclusion that this alert is not a hidden backdoor as suggested by CISA and the FDA, but instead an insecure design issue, creating potential security risks to patient data. The CONTEC Operator Manual specifically mentions this “hard-coded” IP address as the Central Management System (CMS) IP address that organizations should use, so it is not hidden functionally as stated by CISA.

Absent additional threat intelligence, this nuance is important because it demonstrates a lack of malicious intent, and therefore changes the prioritization of remediation activities. Said differently, this is not likely to be a campaign to harvest patient data and more likely to be an inadvertent exposure that could be leveraged to collect information or perform insecure firmware updates. Regardless, because an exposure exists that is likely leaking PHI randomly or could be used in some scenarios for malicious updates, the exposure should be remediated as a priority (see recommendations below).

https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated

[–] Shiggles 7 points 1 week ago (2 children)

That’s an awful lot of words to say it’s a backdoor that could, plausibly, have been installed unintentionally, but is still very much a backdoor.

[–] [email protected] 11 points 1 week ago (1 children)

The point is that the intent is not clearly malicious. It could be, if we get further evidence that points in that direction, but you can't say the evidence we have means it was a malicious act.

People should always be skeptical, but that doesn't mean we get to deny the facts just because we don't like them.

[–] [email protected] 3 points 1 week ago (2 children)

Everything made and done by China is for the CCP. That's how we know it's malicious. Xi has clearly stated that.

[–] [email protected] 2 points 1 week ago

And did Xi use these backdoors? Were they exploited in the wild?

That anything can be used for the CCP doesn't mean everything is. That's an appeal to probability fallacy. Just because the Chinese government has a vested interest in seeing the US fall doesn't mean every flawed piece of software or hardware was put there at Xi's behest or that he even knows about them.

Again, just because we would rather see a malicious actor doesn't mean one is there. Sometimes, life is just a bunch of mundane mistakes.

[–] liyunxiao 1 points 1 week ago

Source?

[–] [email protected] 5 points 1 week ago

A backdoor plainly and openly described in the manual is an oxymoron.

load more comments (3 replies)