Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as “PwnedPiper” that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover.
The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and in no fewer than 3,000 hospitals worldwide.
“These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital,” Armis researchers Ben Seri and Barak Hadad said. “This type of control could enable sophisticated and worrisome ransomware attacks, as well as allow attackers to leak sensitive hospital information.”
Pneumatic tube systems are internal logistics and transport solutions that are used to transport blood samples in hospital settings to diagnostic laboratories securely.
Successful exploitation of the issues, therefore, could result in leakage of sensitive information, enable an adversary to manipulate data, and even compromise the…