Search for:
Asia-Pacific

Singapore: Vulnerabilities found in over 100 million internet-connected devices, including medical equipment

By and 2 Mins Read

In brief

On 15 April 2021, the Cyber Security Agency of the Singapore Computer Emergency Response Team (“SingCert“) issued an alert urging administrators of internet-connected devices to patch their systems immediately.

Key takeaways

Given the increasing number of cyberattack cases in past months, organizations would do well to check that all internal systems have been patched and up to date. In line with SingCert’s recommendations, organizations should also continue to monitor all patches released closely, as well as any malicious activity on all network traffic, and configure systems to rely on internal domain name system servers.

In more detail

On 15 April 2021, SingCert issued an alert urging administrators of internet-connected devices to patch their systems immediately. The urgent announcement was prompted by its discovery of vulnerabilities in over 100 million internet-connected devices, which included fitness wearables and medical equipment.

According to cyber-security company Forescout Research Labs, the vulnerabilities in question are known as “Name:Wreck”. These could potentially compromise four popular sets of rules, or “stacks,” which dictate how devices communicate with one another over the internet.

Primary organizations affected were those in the government and healthcare sectors, while others implicated included retail, entertainment and technology firms. Amongst the potentially affected equipment are ultrasound machines, patient monitors, medical imaging equipment and even defibrillators.

According to Forescout, once the vulnerabilities are exploited, it could result in major government data hacks, amongst others. In the healthcare setting, a cyber-attacker may reportedly exploit the Name:Wreck bug to compromise ultrasound machines that utilize connections to a website to obtain firmware updates. The attacker could then use the bug to re-channel the machines to his own website to download a malicious firmware, and thereafter direct the malware to upload all medical records to his site.

SingCert has advised that if patching is unavailable, administrators should try to enhance segmentation controls and undertake network hygiene measures, which include the isolation of vulnerable devices.

Categories:
Author

Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.

Author

Ren Jun is an associate principal of Baker & McKenzie.Wong & Leow. Ren Jun extensively represents local and international intellectual property-intensive clients in both contentious and non-contentious IP matters, such as anti-counterfeiting; civil and criminal litigation; commercial issues; regulatory clearance; and advertising laws. Ren Jun also advises on a wide range of issues relating to the healthcare industries. These include regulatory compliance in respect of drugs, medical devices, clinical trials, health supplements and cosmetics; product liability and recall; and anti-corruption. Ren Jun is currently a member of the Firm's Asia Pacific Healthcare ASEAN Economic Community; Product Liability and Regulatory Sub-Committees.

Related Posts

Write A Comment