Hackers "own" Philips XPER medical management system

January 18, 2013 by Arezu Sarvestani

Security experts hack a Philips XPER medical management system, finding vulnerabilities that would allow them to "own" the machine and control any other medical systems connected to it.

hacking illustration

Researchers at security services firm Cylance Inc. uncovered a vulnerability in a Philips (NYSE:PHG) XPER medical management system, exploiting a security flaw to "own" the machine.

The weakness gave the hackers complete control of the machine, one which they had purchased for testing purposes, and gave them access to any devices subsequently connected to it, which may include patient data, they told reporters.

"Anything on it or what's connected to it was owned, too," Cylance's Billy Rios told tech security news site Dark Reading. "By design, these things connect to a database."

Sign up to get our free newsletters delivered right to your inbox.

Philips' XPER system "manages other devices," Rios added, which means that a hole in its security compromises other technologies that deliver information to or take orders from the system.

Once hacked, "you can do anything you want to it," he said.

Rios and fellow researcher/hacker Terry McCorkle attempted to contact Philips with their findings, but turned instead to regulators when the company ignored their warnings.