this post was submitted on 02 Feb 2025
142 points (96.1% liked)

Technology

62936 readers
3527 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
142
Chinese-Made Patient Monitor Contains a Secret Backdoor (www.pcmag.com)
submitted 2 weeks ago by FundMECFSResearch@lemmy.blahaj.zone to c/technology@lemmy.world
16 comments fedilink hide all child comments
 

The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.

you are viewing a single comment's thread
view the rest of the comments
[–] Deceptichum@quokk.au 20 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Knock it off with the propaganda.

This is literally a deliberate back door.

And no, we can’t call zero days backdoors because they are not same thing.

The equipment, from China-based Contec Medical Systems, was mysteriously configured to connect to an IP address for a third-party university with no connection to the manufacturer. 

The backdoor enables the IP address at the unnamed university to remotely download and execute unverified files on the patient monitor, CISA’s report says. In addition, the same backdoor automatically sends patient data to the IP address.

[–] HakFoo@lemmy.sdf.org -4 points 2 weeks ago (1 children)

There are valid questions, many of which revolve around how and why it's used.

Some systems have brain damaged approaches to diagnostics/logging, license enforcement, or remote service/update systems that create security holes but are not intentionally malicious.

Security is hard and we should remember Hanlon's Razor.

[–] Benjaben@lemmy.world 7 points 2 weeks ago (1 children)

I get lots of mileage out of Hanlon's Razor, and I acknowledge the rampant incompetence that suggests its applicability, but digital security seems like about the least appropriate place to apply this rule of thumb.

[–] HakFoo@lemmy.sdf.org 5 points 2 weeks ago (1 children)

As someone who has to deal with PCI compliance issues, there's plenty of noob mistakes, out-of-date thinking and outright "let's log this data for debugging purposes even though if any regulator found out they'd nuke us from orbit."

[–] Benjaben@lemmy.world 3 points 2 weeks ago

Fair enough, I can imagine that pretty easily.

[–] sunzu2@thebrainbin.org -5 points 2 weeks ago (1 children)

Knock it off with the propaganda.

Please clarify this statement.

[–] Llewellyn@lemm.ee -1 points 2 weeks ago (1 children)

What happened at Tiananmen square?

[–] sunzu2@thebrainbin.org 2 points 2 weeks ago (1 children)

People protested the chinaman regime, some people got killed but not on the actual square tho?

There is a famous picture of a man protesting in front of a tank.

If you think I am a tankie, just check my body of work on here lol

Y'all cant see past these basic concepts... Much more work to be done.

[–] Llewellyn@lemm.ee 1 points 2 weeks ago* (last edited 2 weeks ago)

It was easy litmus for bots, nothing more.