In a stunning display of how cyber threats represent threats in the real world, researchers from Ben Gurion University infiltrated and altered medical scans used to detect cancer in patients. They managed to change the diagnosis in the majority of the scans, which would lead to doctors prescribing incorrect treatments for patients. Researches noted that while the virus was tuned to create faux cancerous growths that it could be tuned to produce blood clots, scars, and other traumas appear. The issue the researchers were highlighting is that while the transmission of the scans may be secure, the files themselves aren’t encrypted and anyone who gains access to them can easily alter them. In many cases, the encryption methods used by medical facilities are substandard or out-of-date which may be worse than having no encryption at all due to the sense of false security that it creates. Medical facilities are careful with external sharing due to regulations that impose strict penalties on noncompliance and data breaches, but internally there is little concern. Internal attacks are uncommon in hospitals, and protocols against them are not strictly enforced. This may be due to the fact that effective medical care relies on a timely and free-flowing information environment so that any involved individuals are aware of the necessary facts. This sharing creates a vulnerability that any malicious actor may exploit by inserting themselves into the loop. The ability to alter medical data in real-time creates a threat to the perceived health of public officials, imagine if someone altered the data so that the leader of a country had a mental illness and the diagnostics backed it up.
Source: Computer virus alters cancer scan images
Xiaomi, another Chinese electronics provider that is banned in the United States like Huawei is, has been notified of an issue with its pre-installed anti-malware software “Guard Provider.” The anti-malware software failed to encrypt data while it was in-transit to a network access point, such as a router. This meant that it was possible to intercept information after it had left the device by performing a man-in-the-middle attack (MITMA) against the device. MITMAs are useful because they don’t require you to decrypt or otherwise trick your target, as they believe they’re communicating with the person they’re supposed to be. MITMAs also allow for a malicious actor to trick two parties at once, since they’re intercepting communications going between the two parties and allowing them to pass through after they’ve seen and altered them. MITMAs can be detected by the communications lag that it can cause, as the attacker must physically read and create a response or allow their device to do so. In systems where communication times are stable, a spike in turn-around time can denote that a MITMA is ongoing. Alternatively, the two users may establish some other form of communication and test what the suspect line of communication is delivering vs what was actually sent. MITMAs are valuable and powerful tools, but they are easier to detect than other forms of attack due to the inherent tells they leave.
Source: Xiaomi’s pre-installed security app Guard Provider exposes users to MitM attacks
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.