What possible purpose, or gain, could China obtain from putting in a back door on hospital monitoring equipment that displays a user’s vitals?
https://www.pcmag.com/news/chinese-made-patient-monitor-contains-a-secret-backdoor
At least the NSA has the good sense to put backdoors in important software, like your graphics cards.
lol
If you dare to follow link to CISA report ("fact shit", indeed) and find "Technical details of backdor" and have minimum knowledge, then things will look pretty different.
They have a screenshot of decompiled code. But for completely unknown reasons they redacted the only thing that could be kind of reason for their statememnts.
What the code on screenshot do:
First it tries to mount some NFS network disk share with redacted address to device /mnt directory. Without any login/password, meanwhile. Then, if share is mounted and if "monitor" directory exist on mounted share, it copies program and config to device filesystem.
Basically it is just simple way to debug firmware on real device without reflasing it constantly, piece of debug code that was not removed or properly shut down in firmware release. Bad decision, nothing more.
Also, NFS server that exposed to internet - is an awful idea in general. NFS protocol is very old thing, it works like shit even with minimum delays and fundamentally unsecure. It could be normally and safely used only in local network, behind the firewall when you completely control both clients and server. If somebody exposed his NFS server to the whole internet - he is an idiot, and probably already was hacked multiple times by numerous bots that run everywhere, including your browser if you didn't turn off all that "serviceworkers" and "websockets".
Funny that CISA hide the address, because it could be some local network thing like 192.168.0.1 or 10.10.10.10. It is highly probable, taking in account NFS. Another funny thing is that patient data is printed via LPD then. Yes, of course there is an undeground facility somewhere in China, where Chineese spies have thousands of printers that print patients data day and night on endless rolls of paper.
I saw much worse things many times, and still don't really think that APC want to stole data about voltages in power grid and UPS battery charge levels around the world or Cisco(Linksys) want to collect all possible WiFi hotspots names. :)
Regarding real spying, better take a look at modern browsers, proprietay OSes and all that cloud shit everybody gladly use to store really private data. That's the things that purposedly created to steal private data and spy on users.
You are correct, it is probably a forgotten debug procedure, but it could be used as a way to gather data. A succesfull breach is almost every time takes use of multiple flaws (accidental or intentional). This could be one. Even if the IP address in the code is a private one, an attacker could set up an NFS server inside a hospital and route that single known address (using other vulnerabilities of network devices for example) to his device. And that is why the IP isn't made public. So this is a big deal.
Rule of thumb with modern gadgets with network abilities - keep them in your local network and never allow them to reach internet. :)
Or write your own firmware, or use opensource one, like OpenWRT for routers.
Thank you for a thoughtful response.
These machines alert staff and make a loud sound when a heartbeat stops. If you could prevent it from doing that… well…💀you can assure the dead stay dead.