Security Testers Managed to Hack Hospital Patient Monitors and Drug Dispensers
安保测试人员尝试骇进医院病患监视以及药物分发系统
As part of a wide-ranging, two-year-long attack, hackers managed to breach the systems of a number of hospitals, exposing critical patient systems to wide-ranging attacks. Luckily, the hacks were just a drill, but the flaws exposed are scary as hell.
作为长达两年的大范围进攻的一部分,黑客们试着去攻破大部分医院系统的漏洞,使病患鉴定系统被暴露在骇客更广泛的攻击之内。幸运的是,这次测试人员只是在试水,但暴露出来的瑕疵已经是一石惊起千层浪了。(直译:信息漏洞的暴露犹如置身地狱般令人恐惧)
In a paper published by Independent Security Evaluators, white-hat penetration testers examined the systems of 12 hospitals, two data centers, and some specific medical hardware. Using a variety of classic techniques—dropping infected USB drives next to computer terminals, or just plugging into publicly-accessible ports—the researchers gained control over some critical systems.
在《独立安保评估》上发布的一篇文章显示,白帽黑客(white hat好人(美国西部片中好人戴白帽子,坏人戴黑帽子。白帽黑客指的是合法黑客,工作时寻找、测试和修补威胁计算机的漏洞)非常大量的使用了传统黑客技术,如在电脑终端旁植入带有病毒的的U盘数据或者仅是阻断公众接入端口,以此方法调查员便获得了一些病患系统的操作权限,检测了12家医院的系统和2个数据中心,以及一部分特效药物物的管理系统硬件是否能终止黑客行为。
Most scarily, they found a way into patient monitors, which they could force to change at will—displaying false alarms or incorrect readings, which could easily lead to fatal treatment being given to patients. The team also found a way into the drug dispensary system, which could give the wrong medication to patients.
更骇人的是,测试者们已经找到某种黑进病患监视系统的方法,而且能随心所欲的去改变里面的内容,如发出错误的警告或者录入不正确的病患档案,很容易会误导医生给病患带来致命的的诊疗。该测试团队也发现了黑进药物分发体系方法,那可能也会导致把错误的药物分发给病患。
The prospect of a hack simply shutting down hospitals is scary enough on its own, but the paper demonstrates a malicious hacker could actively toy with equipment to kill patients.
对黑客行为的预期,仅仅是让医院系统瘫痪已经是足够让人发毛了,但在文章中所揭露的是恶意黑客主动的黑入设备去杀死病患,像玩耍玩具一样简单。
Equally bad are the flaws that enabled the hack: it’s not one specific problem, but rather a systematic lack of good software and security policy that leave innumerable gaping holes.
同样糟糕的是那些能让黑客侵入的漏洞,那并不是一个特别的难题,但确实是一个缺乏好的防卫软件以及安保措施的系统导致的,以至于留下了无数的漏洞。
Hospital hacking isn’t new, but until we’ve mostly been lucky enough that hackers go after data—there’s not much money to be made (yet) in killing patients. But with hospitals so easy to attack, and the stakes so high, it’s probably just a matter of time.
对医院系统的骇入已然不是什么新鲜的事情了,我们大部分人都是足够幸运的,因为对黑客而言,骇入医患系统致病患死亡(仍)没有太大的收益,他们只是拿到数据就撤了。但是骇入医院系统是如此的容易,风险也是如此之大,一切可能只是时间问题罢了。
安保测试人员尝试骇进医院病患监视以及药物分发系统
As part of a wide-ranging, two-year-long attack, hackers managed to breach the systems of a number of hospitals, exposing critical patient systems to wide-ranging attacks. Luckily, the hacks were just a drill, but the flaws exposed are scary as hell.
作为长达两年的大范围进攻的一部分,黑客们试着去攻破大部分医院系统的漏洞,使病患鉴定系统被暴露在骇客更广泛的攻击之内。幸运的是,这次测试人员只是在试水,但暴露出来的瑕疵已经是一石惊起千层浪了。(直译:信息漏洞的暴露犹如置身地狱般令人恐惧)
In a paper published by Independent Security Evaluators, white-hat penetration testers examined the systems of 12 hospitals, two data centers, and some specific medical hardware. Using a variety of classic techniques—dropping infected USB drives next to computer terminals, or just plugging into publicly-accessible ports—the researchers gained control over some critical systems.
在《独立安保评估》上发布的一篇文章显示,白帽黑客(white hat好人(美国西部片中好人戴白帽子,坏人戴黑帽子。白帽黑客指的是合法黑客,工作时寻找、测试和修补威胁计算机的漏洞)非常大量的使用了传统黑客技术,如在电脑终端旁植入带有病毒的的U盘数据或者仅是阻断公众接入端口,以此方法调查员便获得了一些病患系统的操作权限,检测了12家医院的系统和2个数据中心,以及一部分特效药物物的管理系统硬件是否能终止黑客行为。
Most scarily, they found a way into patient monitors, which they could force to change at will—displaying false alarms or incorrect readings, which could easily lead to fatal treatment being given to patients. The team also found a way into the drug dispensary system, which could give the wrong medication to patients.
更骇人的是,测试者们已经找到某种黑进病患监视系统的方法,而且能随心所欲的去改变里面的内容,如发出错误的警告或者录入不正确的病患档案,很容易会误导医生给病患带来致命的的诊疗。该测试团队也发现了黑进药物分发体系方法,那可能也会导致把错误的药物分发给病患。
The prospect of a hack simply shutting down hospitals is scary enough on its own, but the paper demonstrates a malicious hacker could actively toy with equipment to kill patients.
对黑客行为的预期,仅仅是让医院系统瘫痪已经是足够让人发毛了,但在文章中所揭露的是恶意黑客主动的黑入设备去杀死病患,像玩耍玩具一样简单。
Equally bad are the flaws that enabled the hack: it’s not one specific problem, but rather a systematic lack of good software and security policy that leave innumerable gaping holes.
同样糟糕的是那些能让黑客侵入的漏洞,那并不是一个特别的难题,但确实是一个缺乏好的防卫软件以及安保措施的系统导致的,以至于留下了无数的漏洞。
Hospital hacking isn’t new, but until we’ve mostly been lucky enough that hackers go after data—there’s not much money to be made (yet) in killing patients. But with hospitals so easy to attack, and the stakes so high, it’s probably just a matter of time.
对医院系统的骇入已然不是什么新鲜的事情了,我们大部分人都是足够幸运的,因为对黑客而言,骇入医患系统致病患死亡(仍)没有太大的收益,他们只是拿到数据就撤了。但是骇入医院系统是如此的容易,风险也是如此之大,一切可能只是时间问题罢了。
