Cybersecurity vulnerabilities have been identified in Stryker Medical Beds which could potentially be exploited by an individual within radio range to play back, decrypt, or spoof frames. No reports have so far been received to suggest that the flaws have been exploited, no data breach has been experienced, and the flaws do not affect the functionality of the beds. The flaws are similar to others found in a wide range of non-Stryker wireless devices over the past few months.
Stryker notes in its product security update that “The KRACK vulnerability is applicable to iBed Wireless-enabled Secure II, S3 and InTouch beds that are wirelessly-connected to a hospital network.”
The vulnerabilities are due to how the four-way handshake occurs in the WPA and WPA2 wireless security protocols. The flaws permit nonce reuse in Key Reinstallation (KRACK) attacks.
In total, there are nine vulnerabilities:
- CVE-2017-13088: Integrity Group Temporal Key Reinstallation when processing a Wireless Network Management Sleep Mode Response frame.
- CVE-2017-13087: Group Temporal Key Reinstallation when processing a Wireless Network Management Sleep Mode Response frame.
- CVE-2017-13086: Tunneled Direct-Link Setup Peer Key Reinstallation in the Tunneled Direct-Link Setup handshake.
- CVE-2017-13082: Pairwise Transient Key Temporal Key Reinstallation in the fast BSS transmission handshake.
- CVE-2017-13081: Integrity Group Temporal Key Reinstallation in the group key handshake.
- CVE-2017-13080: Group key reinstallation in the group key handshake.
- CVE-2017-13079: Integrity Group Temporal Key reinstallation in the four-way handshake.
- CVE-2017-13078: Group key reinstallation in the four-way handshake.
- CVE-2017-13077: Pairwise key reinstallation in the four-way handshake.
A CVSS v3 base score of 6.8 has been collectively designated to this group of vulnerabilities. Mathy Vanhoef of imec-DistriNet, KU Leuven identified the vulnerabilities and reported them to the National Cybersecurity & Communications Integration Center (NCCIC).
Stryker has released updated software to prevent the exploitation of these vulnerabilities:
- Gateway 2.0 users must upgrade to software version 5212-400-905_3.5.002.01
- Gateway 3.0 users must upgrade to software version 5212-500-905_4.3.001.01