1/31/2025, 10:36:32 PM · by hardspunned · 10 replies
LA Times ^ | 1/31/25 | Ian James and Jessica Garrison
Backdoor found in two healthcare patient monitors, linked to IP in China
BleepingComputer ^ | 1/30/2025 | Lawrence AbramsPosted on 1/31/2025, 10:49:05 PM by Pete from Shawnee Mission
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.
Contec is a China-based company that specializes in healthcare technology, offering a range of medical devices including patient monitoring systems, diagnostic equipment, and laboratory instruments.
CISA learned of the malicious behavior from an external researcher who disclosed the vulnerability to the agency. When CISA tested three Contec CMS8000 firmware packages, the researchers discovered anomalous network traffic to a hard-coded external IP address, which is not associated with the company but rather a university.
This led to the discovery of a backdoor in the company's firmware that would quietly download and execute files on the device, allowing for remote execution and the complete takeover of the patient monitors. It was also discovered that the device would quietly send patient data to the same hard-coded address when devices were started. (additional info at link.)