{"id":2979,"date":"2015-05-12T10:05:45","date_gmt":"2015-05-12T10:05:45","guid":{"rendered":"http:\/\/www.kaspersky.com.cn\/blog\/?p=2979"},"modified":"2020-02-27T00:17:33","modified_gmt":"2020-02-26T16:17:33","slug":"previous-next-critical-security-vulnerabilities-in-drug-injection-pumps","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.cn\/blog\/previous-next-critical-security-vulnerabilities-in-drug-injection-pumps\/2979\/","title":{"rendered":"\u8f93\u6db2\u6cf5\u5185\u7684\u5173\u952e\u5b89\u5168\u6f0f\u6d1e"},"content":{"rendered":"<p><a href=\"https:\/\/www.kaspersky.com.cn\/blog\/hacking-the-robotic-surgeons-hands-and-eyes\/2931\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u53c8\u4e00\u4e2a\u667a\u80fd\u533b\u7597\u8bbe\u5907\u5185\u5b58\u5728\u5b89\u5168\u9690\u60a3\u7684\u6848\u4f8b<\/a>\uff1a\u6700\u8fd1\u5a92\u4f53\u66dd\u5149\u4e86\u4e00\u6279Hospira\u751f\u4ea7\u7684\u8f93\u6db2\u6cf5\u5185\u5b58\u5728\u4e00\u7cfb\u5217\u8fdc\u7a0b\u53ef\u5229\u7528\u6f0f\u6d1e\uff0c\u4f7f\u5f97\u7f51\u7edc\u653b\u51fb\u8005\u80fd\u5bf9\u53d7\u5f71\u54cd\u6ce8\u5c04\u6cf5\u8fdb\u884c\u5168\u9762\u64cd\u63a7\u6216\u7b80\u5355\u5730\u8ba9\u8bbe\u5907\u9677\u5165\u762b\u75ea\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/05\/06152056\/med-1.png\" alt=\"\" width=\"1067\" height=\"800\"><\/p>\n<p>\u8fd9\u4e9b\u8f93\u6db2\u6cf5\u662f\u667a\u80fd\u548c\u8054\u7f51\u533b\u7597\u8bbe\u5907\u65b0\u6d6a\u6f6e\u7684\u4ee3\u8868\u4ea7\u54c1\u3002\u6b63\u5982\u6211\u4eec\u4e4b\u524d\u6240\u5199\u5230\u7684\uff0c\u667a\u80fd\u533b\u7597\u8bbe\u5907\uff08<a href=\"https:\/\/www.kaspersky.com\/blog\/hacking-humans\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">\u5c24\u5176\u662f\u9ad8\u79d1\u6280\u80f0\u5c9b\u7d20\u6cf5<\/a>\uff09\u80fd\u4ece\u6839\u672c\u4e0a\u6d88\u9664\u9700\u8981\u6162\u6027\u7ed9\u836f\u4eba\u4e3a\u5931\u8bef\u65b9\u9762\u7684\u98ce\u9669\u3002\u4e0d\u5e78\u7684\u662f\uff0c\u8bb8\u591a\u5f00\u53d1\u8fd9\u4e9b\u667a\u80fd\u533b\u7597\u8bbe\u5907\u7684\u516c\u53f8\u4f9d\u7136\u5bf9\u7f51\u7edc\u5b89\u5168\u6027\u95ee\u9898\u719f\u89c6\u65e0\u7779\u3002<\/p>\n<div class=\"pullquote\">\u9664\u4e86\u6613\u906d\u7f51\u7edc\u653b\u51fb\u4ee5\u5916\uff0c\u5176\u7cdf\u7cd5\u7684\u7f16\u7a0b\u4f7f\u5f97\u53ea\u8981\u8f93\u9519\u4e00\u6b21\u5c31\u4f1a\u8ba9\u8bbe\u5907\u9677\u5165\u762b\u75ea<\/div>\n<p>Hospira\u751f\u4ea7\u7684Lifecare PCA\u8f93\u6db2\u6cf5\u7684\u6f0f\u6d1e\u4e4b\u591a\uff0c\u8fde\u5b89\u5168\u7814\u7a76\u4eba\u5458Jeremy Richards\u90fd\u8868\u793a\u8fd9\u662f\u4ed6\u6709\u53f2\u4ee5\u6765\u770b\u5230\u8fc7\u7684\u5b89\u5168\u6027\u6700\u4f4e\u7684PI\u542f\u7528\u8bbe\u5907\u3002Richards\u8868\u793a\u8fdc\u7a0b\u653b\u51fb\u8005\u80fd\u591f\u8ba9\u53d7\u5f71\u54cd\u8bbe\u5907\u5b8c\u5168\u9677\u5165\u762b\u75ea\uff0c\u800c\u4e14\u6240\u91c7\u7528\u7684\u7a0b\u5e8f\u51e0\u4e4e\u4eba\u4eba\u7686\u77e5\u3002<\/p>\n<p>\u201c\u9664\u4e86\u6613\u906d\u7f51\u7edc\u653b\u51fb\u4ee5\u5916\uff0c\u201d Richards\u5199\u9053\uff0c\u201d\u5176\u7cdf\u7cd5\u7684\u7f16\u7a0b\u4f7f\u5f97\u53ea\u8981\u8f93\u9519\u4e00\u6b21\u5c31\u4f1a\u8ba9\u8bbe\u5907\u9677\u5165\u762b\u75ea\u3002\u201d<\/p>\n<p>\u4ed6\u5ba3\u79f0\u4e00\u4e9b\u6f5c\u5728\u7684\u7f51\u7edc\u653b\u51fb\u8005\u8fd8\u53ef\u80fd\u4f1a\u66f4\u65b0\u8bbe\u5907\u8f6f\u4ef6\u3001\u8fd0\u884c\u547d\u4ee4\u751a\u81f3\u7be1\u6539\u7279\u5b9a\u836f\u7269\u6570\u636e\u5e93\uff0c\u800c\u5370\u5728\u836f\u74f6\u4e0a\u542b\u6709\u5242\u91cf\u548c\u5176\u5b83\u4fe1\u606f\u7684\u6761\u5f62\u7801\u59cb\u7ec8\u4e0e\u6570\u636e\u5e93\u6570\u636e\u4fdd\u6301\u540c\u6b65\u3002<\/p>\n<p>\u6709\u8da3\u7684\u662f\uff0c\u6709\u4e24\u540d\u7814\u7a76\u4eba\u5458\u5404\u81ea\u53d1\u73b0\u4e86\u8f93\u6db2\u6cf5\u4e2d\u5b58\u5728bug\u3002\u9996\u5148\u662fBilly Rios\uff0c\u4ed6\u66fe\u56e0<a href=\"https:\/\/www.kaspersky.com\/blog\/hacking-the-airport-security-scanner\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">\u6210\u529f\u9ed1\u5ba2\u5165\u4fb5\u673a\u573a\u5b89\u5168\u7cfb\u7edf\u3001\u6d17\u8f66\u573a<\/a>\u4ee5\u53ca<a href=\"https:\/\/www.kaspersky.com.cn\/blog\/previous-next-internet-of-crappy-things-part-2-rsa-conference-edition\/2907\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u667a\u80fd\u5bb6\u5c45\u7cfb\u7edf<\/a>\u800c\u4e3a\u4eba\u6240\u77e5\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">A security flaw in a widely used IV pump lets hackers raise drug-dosage limits <a href=\"http:\/\/t.co\/8FuMz23ngG\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/8FuMz23ngG<\/a><\/p>\n<p>\u2014 WIRED (@WIRED) <a href=\"https:\/\/twitter.com\/WIRED\/status\/586337339867320320?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 10, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u5c3d\u7ba1\u65e9\u5728\u4e00\u5e74\u4ee5\u524dRios\u5c31\u5411ICS-CERT\uff08\u8d5b\u535a\u5e94\u6025\u54cd\u5e94\u5c0f\u7ec4\uff09\u900f\u9732\u4e86\u4ed6\u7684\u7814\u7a76\uff0c\u4f46\u4ece\u672a\u5411\u516c\u4f17\u516c\u5f00\uff0cRichards\u5219\u5728\u4e0a\u5468\u516c\u5f00\u8fd9\u4e00\u7814\u7a76\u3002Rios\u56e0 Richards\u516c\u5f00\u4e86\u4ed6\u7684\u7814\u7a76\u53d1\u73b0\u800c\u7279\u5730\u5728\u7279\u5730\u5411\u4ed6\u8868\u793a\u4e86\u611f\u8c22\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/dyngnosis?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@dyngnosis<\/a> submitted to ICS-CERT a year ago, but feel free to publish!<\/p>\n<p>\u2014 Billy Rios (@XSSniper) <a href=\"https:\/\/twitter.com\/XSSniper\/status\/593245276766273536?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 29, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u66f4\u4ee4\u4eba\u62c5\u5fe7\u7684\u662f\uff0c\u8fd9\u4e9bHospira\u751f\u4ea7\u7684\u667a\u80fd\u533b\u7597\u8bbe\u5907\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u4fdd\u5b58\u7f51\u7edcWi-Fi\u4fdd\u62a4\u8bbf\u95ee\uff08WPA\uff09\u5bc6\u94a5\u3002\u4e00\u65e6\u7f51\u7edc\u653b\u51fb\u8005\u80fd\u591f\u7a83\u53d6\u5176\u4e2d\u4e00\u4e2aWPA\u5bc6\u94a5\uff0c\u8fd9\u5c06\u9020\u6210\u540c\u4e00\u7f51\u7edc\u5185\u7684\u6240\u6709\u5176\u5b83\u8bbe\u5907\u906d\u53d7\u76d1\u89c6\u5e76\u53ef\u80fd\u53d1\u751f\u5927\u91cf\u5176\u4ed6\u7f51\u7edc\u653b\u51fb\u3002\u800c\u4e00\u65e6\u533b\u9662\u6ca1\u6709\u5728\u5c06\u8fd9\u4e9b\u505c\u7528\u8bbe\u5907\u62a5\u5e9f\u6216\u91cd\u65b0\u51fa\u552e\u4e4b\u524d\u6e05\u9664\u7f51\u7edc\u5bc6\u94a5\u7684\u8bdd\uff0c\u8fd9\u4e9b\u5bc6\u94a5\u5f88\u53ef\u80fd\u5c06\u843d\u5165\u4e0d\u6cd5\u5206\u5b50\u624b\u4e2d\u3002\u66f4\u7b80\u5355\u5730\u8bf4\uff0c\u8fd9\u4e9b\u8bbe\u5907\u542b\u6709\u4e00\u4e2a\u66b4\u9732\u7684\u4ee5\u592a\u7f51\u7aef\u53e3\uff0c\u53ea\u9700\u4f7f\u7528\u81ea\u52a8\u9ed1\u5ba2\u5de5\u5177\u5c31\u80fd\u7b80\u5355\u548c\u5feb\u901f\u5730\u5b9e\u65bd\u672c\u5730\u653b\u51fb\u3002<\/p>\n<p>\u76ee\u524d\u8fd8\u4e0d\u6e05\u695aHospra\u662f\u5426\u6253\u7b97\u4fee\u590d\u8fd9\u4e9b\u6f0f\u6d1e\u3002Richards\u5ba3\u79f0\u8be5\u516c\u53f8\u6b63\u5728\u8ba1\u5212\u8fdb\u884c\u4fee\u590d\uff0c\u4f46\u516c\u53f8\u7684\u58f0\u660e\u4f3c\u4e4e\u53c8\u4e0e\u8fd9\u4e00\u4e8b\u5b9e\u76f8\u4e92\u77db\u76fe\u3002<\/p>\n<blockquote class=\"twitter-pullquote\"><p>\u67d0\u4e9b#Hospira#\u8f93\u6db2\u6cf5\u542b\u6709\u5371\u9669\u548c\u80fd\u8f7b\u6613\u5229\u7528\u7684#\u5b89\u5168\u6f0f\u6d1e<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F7ofq&amp;text=%E6%9F%90%E4%BA%9B%23Hospira%23%E8%BE%93%E6%B6%B2%E6%B3%B5%E5%90%AB%E6%9C%89%E5%8D%B1%E9%99%A9%E5%92%8C%E8%83%BD%E8%BD%BB%E6%98%93%E5%88%A9%E7%94%A8%E7%9A%84%23%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>\u5728\u56de\u590d\u6211\u4eec<a href=\"https:\/\/threatpost.com\/vulnerability-riddled-drug-pumps-open-to-takeover\/112629\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Threatpost\u540c\u4e8bChris Brook<\/a>\u7684\u4e00\u5c01\u7535\u90ae\u4e2d\uff0cHospira\u8fd9\u6837\u8bf4\u9053\uff1a\u201d\u5728\u4e34\u5e8a\u5e94\u7528\u4e2d\u8fd8\u6ca1\u6709\u51fa\u73b0\u4e00\u4f8bHospira\u533b\u7597\u8bbe\u5907\u88ab\u9ed1\u5ba2\u653b\u7834\u7684\u6848\u4f8b\uff0cHospira\u5df2\u91c7\u53d6\u4e86\u5177\u6709\u524d\u77bb\u6027\u7684\u65b9\u6cd5\u6765\u89e3\u51b3\u6f5c\u5728\u7684\u7f51\u7edc\u5b89\u5168\u6f0f\u6d1e\u3002\u201d<\/p>\n<p>\u8be5\u516c\u53f8\u5ba3\u79f0\u5df2\u5411\u73b0\u6709\u5ba2\u6237\u4f20\u8fbe\u4e86\u5982\u4f55\u89e3\u51b3\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u65b9\u6cd5\u3002\u7136\u800c\uff0c\u516c\u53f8\u5374\u6ca1\u6709\u660e\u786e\u8868\u793a\u662f\u5426\u5c06\u89e3\u51b3\u5b58\u5728\u4e8e\u76ee\u524d\u6240\u6709\u4ea7\u54c1\u4e2d\u7684\u6f0f\u6d1e\u3002Hospira\u53ea\u662f\u8bf4\u5c06\u8ba1\u5212\u5728\u672a\u6765\u7684\u4ea7\u54c1\u4e2d\u5c3d\u91cf\u51cf\u5c11\u8fd9\u4e9b\u95ee\u9898\u3002<\/p>\n<p>\u201c\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u9700\u8981\u653b\u7834\u7531\u533b\u9662\u4fe1\u606f\u7cfb\u7edf\u8bbe\u7f6e\u7684\u591a\u5c42\u7f51\u7edc\u5b89\u5168\u9632\u7ebf\uff0c\u5176\u4e2d\u8fd8\u5305\u62ec\u591a\u5c42\u5b89\u5168\u9632\u706b\u5899\u3002\u201d\u516c\u53f8\u5728\u5176\u4e00\u9879\u58f0\u660e\u4e2d\u8868\u793a\u3002\u201d\u8fd9\u4e9b\u7f51\u7edc\u5b89\u5168\u63aa\u65bd\u4f5c\u4e3a\u9996\u6761\u4e5f\u662f\u6700\u5f3a\u5927\u7684\u5b89\u5168\u9632\u7ebf\uff0c\u80fd\u6709\u6548\u9632\u6b62\u6570\u636e\u7be1\u6539\uff0c\u540c\u65f6\u8f93\u6db2\u6cf5\u548c\u8f6f\u4ef6\u672c\u8eab\u4e5f\u63d0\u4f9b\u989d\u5916\u7684\u4e00\u5c42\u5b89\u5168\u9632\u5fa1\u3002\u201d<\/p>\n<p>\u4e0e\u6b64\u540c\u65f6\uff0c\u4e0e\u60a8\u5206\u4eab\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Don't buy a Hospira PCA drug  pump to do security stuff.  Busybx no passwd shell on 23, no-auth CGIs, also never hook it up to a human being<\/p>\n<p>\u2014 dyngnosis (@dyngnosis) <a href=\"https:\/\/twitter.com\/dyngnosis\/status\/592671049487142913?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 27, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u53c8\u4e00\u4e2a\u667a\u80fd\u533b\u7597\u8bbe\u5907\u5185\u5b58\u5728\u5b89\u5168\u9690\u60a3\u7684\u6848\u4f8b\uff1a\u6700\u8fd1\u5a92\u4f53\u66dd\u5149\u4e86\u4e00\u6279Hospira\u751f\u4ea7\u7684\u8f93\u6db2\u6cf5\u5185\u5b58\u5728\u4e00\u7cfb\u5217\u8fdc\u7a0b\u53ef\u5229\u7528\u6f0f\u6d1e\uff0c\u4f7f\u5f97\u7f51\u7edc\u653b\u51fb\u8005\u80fd\u5bf9\u53d7\u5f71\u54cd\u6ce8\u5c04\u6cf5\u8fdb\u884c\u5168\u9762\u64cd\u63a7\u6216\u7b80\u5355\u5730\u8ba9\u8bbe\u5907\u9677\u5165\u762b\u75ea\u3002<\/p>\n","protected":false},"author":42,"featured_media":2987,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1450,1308],"tags":[84,680,860,679,681],"class_list":{"0":"post-2979","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-privacy","9":"tag-bitguard","10":"tag-it","11":"tag-860","12":"tag-679","13":"tag-681"},"hreflang":[{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/previous-next-critical-security-vulnerabilities-in-drug-injection-pumps\/2979\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.cn\/blog\/tag\/bitguard\/","name":"Bitguard"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/2979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/comments?post=2979"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/2979\/revisions"}],"predecessor-version":[{"id":11032,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/2979\/revisions\/11032"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media\/2987"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media?parent=2979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/categories?post=2979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/tags?post=2979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}