Security Flaws Affect Hospital Pneumatic Tube SystemsResearcher Ben Seri of Armis Describes the Risks of Flaws, Which Have Been Patched
Several critical security vulnerabilities in the firmware of control panels powering current models of pneumatic tube system stations made by Swisslog Healthcare could allow attackers to gain control of targeted hospitals' tube networks, says Ben Seri, lead researcher at the security firm Armis, which discovered the flaws.
The Swisslog pneumatic tube systems are used within 80% of major hospitals in North America, Seri says. "Pneumatic tube systems are buried into the walls of hospitals, and most of us are unaware of them. But they are critical for hospitals to deliver all kinds of items," he says in an interview with Information Security Media Group.
The tubes are used, for example, to transport bio-specimens for lab testing, medicines and blood. They serve as "a highway between departments and an essential piece for how patient care is delivered today … all day, and all hours of the day. It is critical infrastructure within the hospital." he explains.
Remote Attacks Possible
The vulnerabilities, dubbed PwnedPiper by Armis, were found in the Swisslog Translogic Nexus control panel, he notes. If exploited, the flaws could allow an attacker to take over the Translogic PTS station endpoints and gain control over the pneumatic tube network of a targeted hospital, he says.
This kind of control could enable an attacker to change the destinations of where items go, shut down the tube system completely or launch ransomware, denial-of-service and other attacks, disrupting the workings of a hospital, he says.
Swisslog on Monday issued an advisory about the Armis findings and mitigation steps. It has issued a patch that resolves the flaws, the company says.
In the interview (see audio link below photo), Seri also discusses:
- Details of the vulnerabilities identified by Armis researchers;
- The risks posed to hospitals and patients by the vulnerabilities, if they're exploited;
- Security trends involving other healthcare infrastructure and IoT gear.
As head of research at security firm Armis, Seri is responsible for vulnerability research and reverse engineering. His main interest is exploring the uncharted territories of a variety of wireless protocols to detect unknown anomalies. Previously, Seri spent almost a decade in Israel's IDF Intelligence Corps as a researcher and security engineer.