Archive for September, 2014

Password security on GE medical devices!

September 5, 2014

While skimming some manuals for GE’s medical devices I saw a line that should make all of us think!

ge-password

Passwords – Must be at least one character long, no NULL

Equipment responsible for health and safety doesnt enforce any kind of password strength or complexity! I have blogged about default passwords and I am starting to see them in medical equipment too. When will vendors realize that if we can’t get the basics right there is no chance we get anything right?? Every day in the news you hear about company’s getting hacked and a lot of times it is because of weak passwords guessed by hackers. Vendors have to step it up and force people to take security more serious!

GE Medical Systems CT/i Systems Multiple Default Accounts

September 4, 2014

GE Medical Systems HISPEED CT/i and Lightspeed QX/i systems install with two default credentials and one is root. According to the HISPEED manual and the Lightspeed QX manual they are:

5–9–1 Default Passwords
Forward production HiSpeed CT/i systems have the following default passwords:
· root: #bigguy
· ctuser: 4$apps
GE changed these defaults in response to customer and field requests for tighter security, especially for systems operating on networks. We suggest you change the default passwords ONLY by
customer request. Then, contact your support center to report the new passwords.

The Discovery CT590 RT and Optima CT580 use #bigguy according to the manual.

Datex-Ohmeda Engström Ventilator Install / Service Menu Default super-user Password

September 3, 2014

According to the manual the Datex-Ohmeda Engström Ventilator comes with a default super-user password for the Install / Service Menu:

4.2 Install/Service Menu (Super User)
Use the super-user password to access the Install/Service menu: “23-17-21”

NetBeacon Element Management Software Multiple Default Credentials

September 2, 2014

Metrobility Optical Systems, Inc makes NetBeacon Element Management Software that interacts with Compumedics Limited Siesta 802, Metrobility Optical Systems RADIANCE R1000 PREMISE SERVICE PLATFORM, and Metrobility Optical Systems RADIANCE DIN RAIL MOUNTED CHASSIS. According to the manual there are three default credentials including root!

Opening a Telnet Session
3. In the login field, type your login ID. The default login names are guest, admin and root.
4. In the password field, type your password. The corresponding default passwords are guest, admin and root.