Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download and execute unverified files, the US Cybersecurity and Information Security Agency confirmed. “CISA assesses the inclusion of this backdoor in the firmware of the monitor can create conditions which may allow remote code execution and device modification … More
The post Patient monitors with backdoor are sending info to China, CISA warns appeared first on Help Net Security.
