Vulnerabilities in Philips XPER medical management system uncovered
Researchers at security services firm Cylance Inc. uncovered a vulnerability in a Philips (NYSE:PHG) XPER medical management system, exploiting a security flaw to "own" the machine.
The weakness gave the hackers complete control of the machine, one which they had purchased for testing purposes, and gave them access to any devices subsequently connected to it, which may include patient data, they told reporters.
"Anything on it or what's connected to it was owned, too," Cylance's Billy Rios told tech security news site Dark Reading. "By design, these things connect to a database." Philips' XPER system "manages other devices," Rios added, which means that a hole in its security compromises other technologies that deliver information to or take orders from the system.