Philips Ultrasound flaw allows modifying any ultrasound in real-time remotely

A group of specialists from a malware analysis course reports the finding of a vulnerability in multiple ultrasound systems developed by technology firm Philips. According to the report, the successful exploitation of this flaw would allow threat actors to alter the operation of these devices.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es philips26062020.jpg

The vulnerability, tracked as CVE-2020-14477, would allow threat actors to use an alternate path or channel to bypass the login mechanism of the affected system. Once inside the system, malicious hackers could view or modify the stored information. Since these systems are widely used by the hospital services industry around the world, this is a considerable risk.

This flaw received a score of 3.6/10 according to the Common Vulnerability Scoring System (CVSS), so it is considered a low-gravity error, mentioned by malware analysis course experts.

The vulnerability was identified in the following Philips ultrasound systems:

  • Ultrasound ClearVue, versions 3.2 and earlier
  • Ultrasound CX, versions 5.0.2 and earlier
  • Ultrasound EPIQ/Affiniti versions VM5.0 and earlier
  • Ultrasound Sparq, version 3.0.2 and earlier
  • Ultrasound Xperius, all versions

To mitigate the risk of exploitation on an interim basis, malware analysis course experts recommend users employ systems whose integrity is guaranteed by the manufacturer or service providers. Vulnerable system administrators with doubts about the ways in which these flaws are mitigated can consult the company directly.

In addition, the International Institute of Cyber Security (IICS) recommends that users implement some additional measures while the company releases the corresponding updates. Recommendations include:

  • Implement physical security measures to limit or control access to critical systems
  • Restrict access to the system only to authorized personnel and adapt to a minimum privilege approach
  • Apply defense strategies in depth
  • Disable unnecessary accounts and services.
  • When additional information is required, consult cybersecurity guidelines issued by authorities such as the FDA

So far no attempts to exploit in real-world scenarios have been detected, or the existence of some malware variant to trigger the attack, although this could change in the coming weeks if the manufacturer does not release the required updates.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.