Medical device vulnerability could let hackers steal Wi-Fi credentials

Medical device vulnerability could let hackers steal Wi-Fi credentials

Vulnerabilities on battery units for medical infusion pump devices made by Baxter could allow for network access, DoS and man-in-the-middle attacks.

Credit: Dreamstime

A vulnerability found in an interaction between a Wi-Fi-enabled battery system and an infusion pump for the delivery of medication could provide bad actors with a method for stealing access to Wi-Fi networks used by healthcare organisations, according to security firm Rapid7.

The most serious issue involves Baxter International’s SIGMA Spectrum infusion pump and its associated Wi-Fi battery system, Rapid7 reported this week. The attack requires physical access to the infusion pump.

The root of the problem is that the Spectrum battery units store Wi-Fi credential information on the device in non-volatile memory, which means that a bad actor could simply purchase a battery unit, connect it to the infusion pump, and quickly turn it on and off again to force the infusion pump to write Wi-Fi credentials to the battery’s memory.

Batteries can contain Wi-Fi credentials

Rapid7 added that the vulnerability carries the additional risk that discarded or resold batteries could also be acquired in order to harvest Wi-Fi credentials from the original organisation, if that organisation hadn’t been careful about wiping the batteries down before getting rid of them.

The security firm also warned of additional vulnerabilities, including a telnet issue involving the “hostmessage” command which could be exploited to view data from the connected device’s process stack, and a similar format string vulnerability that could be used to read or write to memory on the device, or create a denial-of-service (DoS) attack.

Finally, Rapid7 said, the battery units tested were also vulnerable to unauthenticated network reconfiguration attacks using TCP/UDP protocols. An attacker sending a specific XML command to a specific port on the device could change that device’s IP address, creating the possibility of man-in-the-middle attacks.

The remediation for the first vulnerability, according to the security company, is simply to control physical access to the devices more carefully, since it cannot be exploited without manually connecting the battery to the infusion pump, and to carefully purge Wi-Fi information—by connecting the vulnerable batteries to a unit with invalid or blank—before reselling or otherwise disposing of the devices.

For the telnet and TCP/UDP vulnerabilities, the solution is careful monitoring of network traffic for any unusual hosts connecting to the vulnerable port—51243—on the devices, and restricting access to network segments containing the infusion pumps. Baxter has also issued new software updates, which disable Telnet and FTP for the vulnerable devices.

Proper decommissioning is key to security

Tod Beardsley, Rapid7's director of research, said that the finding emphasises the importance of properly decomissioning equipment that could hold sensitive data, and that network managers have to be aware of the potential threat posed by vulnerable Internet of Things (IoT) devices.

"Due diligence is necessary to ensure that IoT devices do not contain extractable sensitive information when they are discontinued within a particular organisation," he said. "Furthermore, network segmentation must be improved upon to collectively address IoT security disconnects."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Wi-Ficyber security



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments