ELFDICOM: Polyglot Malware Exploiting Linux Medical Devices via DICOM

Key Information Vulnerability Name ELFDICOM: PoC Malware Polyglot Exploiting Linux-Based Medical Devices Release Date April 19, 2023 Vulnerability Description DICOM Background: DICOM is a standard format for storing and transmitting medical images, commonly used in medical devices. Vulnerability Type: Malware polyglot capable of functioning both as an executable file and a DICOM file. Affected Scope: Linux-based medical devices. Vulnerability Details PE-DICOM: Embeds a PE (Portable Executable) file within a DICOM file, enabling the malware to run on Windows systems. Shebang-DICOM: Utilizes a Shebang line (#!/bin/sh) to allow DICOM files to execute as scripts on Unix-like systems. ELF-DICOM: Embeds an ELF (Executable and Linkable Format) file within a DICOM file, enabling the malware to run on Linux systems. Impact Malware can disguise itself as a legitimate DICOM file, executing malicious code on medical devices, leading to data breaches, system compromise, and other security issues. Mitigation Measures Fix: Currently, no complete fix is available, as the DICOM standard lacks sufficient security mechanisms to prevent such attacks. Mitigation: Recommend conducting rigorous security audits and monitoring of medical devices, restricting unnecessary network connections, and regularly updating systems and software patches. Follow-up Actions Further research and development of new security mechanisms are needed to prevent recurrence of similar vulnerabilities.

Goal Reached Thanks to every supporter — we hit 100%!

ELFDICOM: Polyglot Malware Exploiting Linux Medical Devices via DICOM