Insecure configurations expose GE Healthcare devices to attacks

Researchers have found insecure configurations of the remote access and administration features present in several patient monitoring devices and servers made by GE Healthcare that are used in clinics and hospitals around the world. The identified issues involve the use of shared hard-coded credentials or no credentials at all for remote management features, as well as the use of outdated applications with known vulnerabilities.

These types of issues have plagued embedded devices for many years and are the result of old product design practices that focused more on usability and ease of remote support than security.

To read this article in full, please click here