this post was submitted on 02 Feb 2025
142 points (96.1% liked)

Technology

72356 readers
3005 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.

top 16 comments
sorted by: hot top controversial new old
[–] thebestaquaman@lemmy.world 50 points 5 months ago (1 children)

At this point I have a hard time believing that anyone can buy a Chinese product and then talk about there being a "secret backdoor" in seriousness.

Come on: We all should know by now that if it's Chinese, there is more likely than not some way for Xi to use it for something other than what you want the product to do. There's nothing "secret" or "back" about this door. It's more like an open front gate with landing strips and a "welcome home Pooh bear" sign.

[–] Roflmasterbigpimp@lemmy.world 3 points 5 months ago

something something CIA something something USA WORSE!

[–] tal@lemmy.today 44 points 5 months ago

Frankly, I'm not sure that it's a good idea to have life-critical systems on the Internet in the first place, issues with backdoors aside.

[–] Hobbes_Dent@lemmy.world 19 points 5 months ago

It’s ok, surely our governments will keep us safe with their cutting edge cybersecurity practices and Microsoft.

Even a movie with Brad Pitt couldn’t convince that Trojan horses are a winning play. Too busy learning presidential birthplaces and stuff.

[–] AceFuzzLord@lemm.ee 7 points 5 months ago

Anybody surprised to this must clearly have never looked up any news whatsoever about Communist China once in their life. This kinda stuff is probably common enough that it makes American 3 letter agencies wanna end their lives in embarrassment.

[–] 1984@lemmy.today 6 points 5 months ago

That ip address at a university is probably forwarding everything to some Chinese government agency. Now they can just blame the university and remove any trace of the real guys.

[–] sunzu2@thebrainbin.org -3 points 5 months ago (1 children)

everything has a backdoor... can we quit pretending that these zero day CVE are not back doors?

or we can't start naming them unless it is Chinese doing it?

[–] Deceptichum@quokk.au 20 points 5 months ago* (last edited 5 months ago) (2 children)

Knock it off with the propaganda.

This is literally a deliberate back door.

And no, we can’t call zero days backdoors because they are not same thing.

The equipment, from China-based Contec Medical Systems, was mysteriously configured to connect to an IP address for a third-party university with no connection to the manufacturer. 

The backdoor enables the IP address at the unnamed university to remotely download and execute unverified files on the patient monitor, CISA’s report says. In addition, the same backdoor automatically sends patient data to the IP address.

[–] HakFoo@lemmy.sdf.org -4 points 5 months ago (1 children)

There are valid questions, many of which revolve around how and why it's used.

Some systems have brain damaged approaches to diagnostics/logging, license enforcement, or remote service/update systems that create security holes but are not intentionally malicious.

Security is hard and we should remember Hanlon's Razor.

[–] Benjaben@lemmy.world 7 points 5 months ago (1 children)

I get lots of mileage out of Hanlon's Razor, and I acknowledge the rampant incompetence that suggests its applicability, but digital security seems like about the least appropriate place to apply this rule of thumb.

[–] HakFoo@lemmy.sdf.org 5 points 5 months ago (1 children)

As someone who has to deal with PCI compliance issues, there's plenty of noob mistakes, out-of-date thinking and outright "let's log this data for debugging purposes even though if any regulator found out they'd nuke us from orbit."

[–] Benjaben@lemmy.world 3 points 5 months ago

Fair enough, I can imagine that pretty easily.

[–] sunzu2@thebrainbin.org -5 points 5 months ago (1 children)

Knock it off with the propaganda.

Please clarify this statement.

[–] Llewellyn@lemm.ee -1 points 5 months ago (1 children)

What happened at Tiananmen square?

[–] sunzu2@thebrainbin.org 2 points 5 months ago (1 children)

People protested the chinaman regime, some people got killed but not on the actual square tho?

There is a famous picture of a man protesting in front of a tank.

If you think I am a tankie, just check my body of work on here lol

Y'all cant see past these basic concepts... Much more work to be done.

[–] Llewellyn@lemm.ee 1 points 4 months ago* (last edited 4 months ago)

It was easy litmus for bots, nothing more.