Vivid T9 (ultrasound scanner)

2024: Recognition of the existence of holes

In mid-May 2024, GE Healthcare reported vulnerabilities in Vivid T9 ultrasound scanners. Exploitation of holes can lead to a variety of negative consequences - from the introduction of ransomware to the failure of devices.

The vulnerabilities were discovered by information security specialists Nozomi Networks. The problems affect, in particular, the pre-installed Common Service Desktop web application and the EchoPAC software platform designed for the entire diagnostic process - from the preliminary survey stage to the interpretation of the results, drawing up a conclusion and archiving data.

𝓲

GE Healthcare

Nozomi Networks experts note that the Vivid T9 complex uses a full-fledged computer running Windows 10 with specialized settings and GE HealthCare software. In total, 11 vulnerabilities with different levels of danger were identified. Attackers, in particular, can inject malware with encryption functions, gain unauthorized access to patient data with the possibility of changing them, etc. It is possible to execute arbitrary program code with full privileges. In the worst case, the ultrasound system may be unusable.

However, malicious actions require physical interaction with the device, since the cybercriminal needs to work with the built-in keyboard and trackpad. The hacker can also connect a malicious flash drive, which, emulating the keyboard and mouse, will automatically perform all the necessary actions. GE Healthcare notes that as of mid-May 2024, there were no reports of actual exploitation of vulnerabilities. Updates that close the detected holes are available for download.^[1]

Notes