PwnedPiper flaws threaten infrastructure of 80% of US hospitals

Pneumatic tube systems could be hacked, putting patients at risk

female nurse looking after a male patient in bed

Nine critical vulnerabilities in a popular hospital pneumatic tube software could enable hackers to take control of systems and launch a range of attacks.

Researchers at security platform provider Armis unearthed the flaws and dubbed them PwnedPiper. They found the vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare. 

This technology is a critical piece of health care infrastructure used in more than 3,000 hospitals worldwide. The tubes deliver medication, blood, and lab samples across multiple departments of a hospital. 

Researchers noted the tube systems are connected to the internet but "despite the prevalence of these systems, and the reliance of hospitals on their availability to deliver care, the security of these systems has never been thoroughly analyzed or researched." 

According to researchers, these flaws could let hackers take over PTS stations and gain full control over the target hospital’s tube network. In turn, an attacker could launch a denial-of-service on critical infrastructure or man-in-the-middle attacks, resulting in deliberate sabotage of the hospital’s workings.

"Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments," said Nadir Izrael, co-founder and CTO at Armis.

Five of the vulnerabilities in PwnedPiper allow remote code execution, which hackers could use to access a hospital network and then take over Nexus stations. 

Related Resource

X-Force Threat Intelligence Index

Top security threats and recommendations for resilience

Transparent cube against a black background - whitepaper from IBMFree download

By compromising a Nexus station, an attacker can carry out reconnaissance, including harvesting data from the station, such as RFID credentials of any employee who uses the PTS system, details about each station’s functions or location, and the physical layout of the PTS network.

From there, hackers can take over all Nexus stations in the tube network and possibly launch a ransomware attack.

Armis said it disclosed the vulnerabilities to Swisslog in early May and has been working with the manufacturer to test the available patch and ensure proper security measures will be provided to customers. Swisslog Healthcare has released a security advisory today.

Researchers said while such an attack may ultimately be remediated with manual firmware upgrades of all compromised stations, such a process will take considerable time and effort. 

“Hospitals don’t necessarily have any contingency in place to handle a prolonged shutdown of the PTS system, which ultimately may translate to harm to patient care,” said researchers.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022