Through Team82’s analysis, we have come to the conclusion that this alert is not a hidden backdoor as suggested by CISA and the FDA, but instead an insecure design issue, creating potential security risks to patient data. The CONTEC Operator Manual specifically mentions this “hard-coded” IP address as the Central Management System (CMS) IP address that organizations should use, so it is not hidden functionally as stated by CISA.
Absent additional threat intelligence, this nuance is important because it demonstrates a lack of malicious intent, and therefore changes the prioritization of remediation activities. Said differently, this is not likely to be a campaign to harvest patient data and more likely to be an inadvertent exposure that could be leveraged to collect information or perform insecure firmware updates. Regardless, because an exposure exists that is likely leaking PHI randomly or could be used in some scenarios for malicious updates, the exposure should be remediated as a priority (see recommendations below).
The point is that the intent is not clearly malicious. It could be, if we get further evidence that points in that direction, but you can’t say the evidence we have means it was a malicious act.
People should always be skeptical, but that doesn’t mean we get to deny the facts just because we don’t like them.
And did Xi use these backdoors? Were they exploited in the wild?
That anything can be used for the CCP doesn’t mean everything is. That’s an appeal to probability fallacy. Just because the Chinese government has a vested interest in seeing the US fall doesn’t mean every flawed piece of software or hardware was put there at Xi’s behest or that he even knows about them.
Again, just because we would rather see a malicious actor doesn’t mean one is there. Sometimes, life is just a bunch of mundane mistakes.
https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated
That’s an awful lot of words to say it’s a backdoor that could, plausibly, have been installed unintentionally, but is still very much a backdoor.
The point is that the intent is not clearly malicious. It could be, if we get further evidence that points in that direction, but you can’t say the evidence we have means it was a malicious act.
People should always be skeptical, but that doesn’t mean we get to deny the facts just because we don’t like them.
Everything made and done by China is for the CCP. That’s how we know it’s malicious. Xi has clearly stated that.
And did Xi use these backdoors? Were they exploited in the wild?
That anything can be used for the CCP doesn’t mean everything is. That’s an appeal to probability fallacy. Just because the Chinese government has a vested interest in seeing the US fall doesn’t mean every flawed piece of software or hardware was put there at Xi’s behest or that he even knows about them.
Again, just because we would rather see a malicious actor doesn’t mean one is there. Sometimes, life is just a bunch of mundane mistakes.
Source?
A backdoor plainly and openly described in the manual is an oxymoron.