PC Magazine - USA (2020-09)

³7KDW¶VSDWLHQWUHFRUGVFRPSURPLVHGZLWK
OLWWOHH̆RUW ́FRQFOXGHG)RJOLH³7KDWFRXOGEHZRUWK
RUHYHQ,IZHH[WUDSRODWH
this out, well, I probably could have named this a
trillion-dollar issue.”

WATCH THE RED FLAGS
<RXPLJKWWKLQN¿QGLQJVHFXULW\KROHVLQPHGLFDO
devices and apps would take months of painstaking
work, but it isn’t so. Foglie and his team spend two to
IRXUKRXUVORRNLQJIRUVSHFL¿FVHFXULW\UHGÀDJVDQGDOO
WRRRIWHQWKH\¿QGWKHP

Among the things they look for are hard-coded
backdoor passwords, which all too often contain the
ZRUG³EDFNGRRU ́6HULRXVO\$XWKHQWLFDWLRQWKDWMXVW
takes place on the local device is another problem,
because it’s easily hacked. With simple tools, a testing
team can view source code for apps and even modify
them in place.

Foglie encouraged health care security teams to use
3HQQ0HG¶VUHGÀDJWHFKQLTXHV³,I\RXKDYHDQ
opportunity when you’re out there doing a pen-test,
ORRNDWWKHDSSOLFDWLRQV ́KHVDLG³<RXPD\¿QG
something interesting.” He concluded with a plea to
healthcare application vendors. “We’re talking about
patient care here,” he said, “so this is a patient data
SULYDF\DQGVHFXULW\LVVXH'RQ¶WPDNHRXUMREKDUGHU ́

You might

think finding

security holes

in medical

devices and

apps would

take months of

work, but it

isn’t so.

PC MAGAZINE DIGITAL EDITION (^) I SUBSCRIBE (^) I SPETEMBER 2020