Share this article on:
Stryker has identified nine vulnerabilities that affect some of its Medical Beds. The vulnerabilities could potentially be exploited in a man-in-the-middle attack by an attacker within radio range of vulnerable product to replay, decrypt, or spoof frames.
The vulnerabilities are present in the four-way handshake used by WPA and WPA2 wireless security protocols which allow nonce reuse in Key Reinstallation (KRACK) attacks. Similar vulnerabilities have been identified in a wide range of wireless devices.
The nine vulnerabilities are summarized below:
- CVE-2017-13077: Reinstallation of pairwise key in the four-way handshake.
- CVE-2017-13078: Reinstallation of group key in the four-way handshake.
- CVE-2017-13079: Reinstallation of Integrity Group Temporal Key in the four-way handshake.
- CVE-2017-13080: Reinstallation of group key in the group key handshake.
- CVE-2017-13081: Reinstallation of Integrity Group Temporal Key in the group key handshake.
- CVE-2017-13082: Reinstallation of Pairwise Transient Key Temporal Key in the fast BSS transmission handshake.
- CVE-2017-13086: Reinstallation of Tunneled Direct-Link Setup Peer Key in the Tunneled Direct-Link Setup handshake.
- CVE-2017-13087: Reinstallation of the Group Temporal Key when processing a Wireless Network Management Sleep Mode Response frame.
- CVE-2017-13088: Reinstallation of the Integrity Group Temporal Key when processing a Wireless Network Management Sleep Mode Response frame.
The group of vulnerabilities have collectively been assigned a CVSS v3 base score of 6.8 – Medium severity. The flaws were identified by Mathy Vanhoef of imec-DistriNet, KU Leuven and reported to the National Cybersecurity & Communications Integration Center (NCCIC).
“This vulnerability is not known to have been exploited on any of Stryker’s products. As such to our knowledge, no data has been breached, no information has been accessed, and no damage has been done,” according to Stryker’s product security notice. The vulnerabilities do not affect the functionality of the products.
The KRACK vulnerability is applicable to iBed Wireless-enabled Secure II, S3 and InTouch beds that are wirelessly-connected to a hospital network
Software updates have been released by Stryker to mitigate the vulnerabilities:
- Users of Gateway 2.0 should upgrade to software version 5212-400-905_3.5.002.01
- Users of Gateway 3.0 should upgrade to software version 5212-500-905_4.3.001.01
No patch is available for Gateway 1.0.
All of Stryker’s new Medical Wireless products have had the patch applied, including S3 Products shipped as of November 7, 2018 and InTouch products shipped as of July 9, 2018. New wireless activations also include software addressing the vulnerabilities.