THE ICS-CERT, one of those organisations that lights a fire under security threats, has put one out about a certain kind of hospital syringe which could be hacked and made to turn off or something.
The warning concerns the Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, but as CERT says, the Department of Homeland Security (DHS) is not guaranteeing that this is a threat,
The problematic heart of the aforementioned wireless medicine pump was discovered by a security researcher called Scott Gayou who identified eight vulnerabilities in Smiths Medical's Medfusion 4000 Wireless Syringe, according to the CERT.
The CERT statement says that the vulnerabilities in the devices are real, but that there are no known exploits in the wild.
"Smiths Medical is planning to release a new product version to address these vulnerabilities in January, 2018," it added in perhaps the least sensationalist threat warning ever seen. "In the interim, NCCIC/ICS-CERT is recommending that users apply the identified compensating controls until the new version can be applied."
Smiths Medical has already posted up a response to the low level panic and communicated its apologies to its customers along with its belief that this is a non-threat.
"The possibility of this exploit taking place in a clinical setting is highly unlikely, as it requires a complex and an unlikely series of conditions," it said.
"We have been engaged with the FDA Center for Devices and Radiological Health and the U.S. Department of Homeland Security's Industrial Control System - Computer Emergency Response Team (ICS-CERT) to resolve this issue."
If you work in hospital IT and want to know more you can get all the details on the ICS Cert page. Or you can wait until January 2018 when Smiths Medical will release a patch. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither