Category Archives: Technology

Hackers Can Add, Remove Cancer From CT Scans: Researchers

By Eduard Kovacs on April 05, 2019

A team of researchers has demonstrated that hackers can modify 3D medical scans to add or remove evidence of a serious illness, such as cancer.

Experts from the Ben-Gurion University and the Soroka University Medical Center, Beer-Sheva, in Israel have developed proof-of-concept (PoC) malware that uses a machine learning technique known as generative adversarial network (GAN) to quickly alter 3D images generated during a Computer Tomography (CT) scan.

CT scanners are typically managed through a picture archiving and communication system (PACS) that receives scans from the scanner, stores them and then supplies them to radiologists. Data is transmitted and stored using a standard format named DICOM. PACS products are provided by companies such as GE Healthcare, Fujifilm, Philips and RamSoft.

One problem, according to researchers, is that PACS and DICOM servers are often left exposed to the internet. A scan conducted using the Shodan search engine identified nearly 2,700 servers that were connected to the internet. Another issue is that the medical imagery data is in many cases transmitted over the network without being encrypted, which exposes it to man-in-the-middle (MitM) attacks and manipulation.

Malicious actors could directly target PACS that are accessible from the Internet, or they could first gain access to the targeted organization’s network and launch the attack from there. Another attack vector, which the researchers tested during a penetration test conducted in a hospital’s radiology department, involves physically connecting a small MitM device between the CT scanner’s workstation and the PACS network. In these local attacks, the attacker can rely on insiders or they can pose as a technician, the researchers said.

Once the attacker can intercept traffic from the CT scanner, they can use an attack framework, which the researchers have dubbed CT-GAN, to manipulate the images via the GAN technique before they reach the radiologist who interprets the results.

CT-GAN attack

The experts have tested the efficiency of the attack by asking three radiologists to diagnose a mix of 30 authentic CT scans and 70 scans altered using CT-GAN. The malware was used to inject evidence of malign cancer into the scans of healthy patients and remove cancer from the scans of patients who actually had it.

When the radiologists were unaware that the results had been manipulated, they diagnosed 99% of the injected scans as cancer and 94% of the scans from which the cancer was removed as belonging to healthy patients. After they were informed of the attack, the radiologists still misdiagnosed the patients in 60% and 87% of cases, respectively. The researchers said the attack even fooled a state-of-the-art lung cancer screening model in each and every one of the tests.

So why would someone want to launch such an attack? The researchers have listed several possible motivations and goals. They believe that modifying someone’s scan and causing a misdiagnosis can be useful for stealing someone’s job, altering elections, sabotaging or falsifying research, earning money by holding data hostage, insurance fraud, and even murder or terrorism.

They pointed out that the method can be used to add or remove evidence of various illnesses, including aneurysms, heart disease, blood clots, infections, arthritis, cartilage problems, torn ligaments, and tumors in the brain, heart or spine.

For example, if an attacker adds evidence of cancer to a political candidate’s CT scan, they can get the targeted individual to withdraw from the race. The same technique could work for getting someone to give up a job or a leadership role. In the worst case scenario, hackers could remove evidence of a serious illness, which could lead to that person dying due to not receiving the proper treatment.

CT-GAN attack motives

The researchers have published a paper detailing their findings, along with a video showing how an attacker could plant a malicious device inside a healthcare organization.

This article originally appeared on SecurityWeek

How to See if Someone Is Tracking Emails They Send You

A few years ago a friend that works in PR told me about Streak, an email tracking service that lets you know when someone has opened a message you send them, sometimes with details about where that opening happened and even what device they were on when they were reading it.

He was using it to see when journalists received messages he sent them. While I wasn’t particularly thrilled that he and his coworkers were spying on whether or not I was actually reading what they sent me, I liked the idea of flipping the tables and using it myself.

I never pay attention to where someone opens an email, but I have to admit it’s nice to know that they’ve read it and are choosing to not respond rather than wondering if it’s been sent into a black hole/to an inactive email account.

As both a user and recipient of tracked emails I don’t care so much that I’m being tracked as much as I care that I’m not aware of it. Ugly Email is a Chrome and Firefox extension that can help.

Once installed, it will show an eye icon beside any emails that are using tracking software. It also blocks those trackers, so you’ll know that the sender’s intention was to find out when you opened the note.

Spoiler: It’s a lot of people. A quick scroll through my own inbox found that not only were emails from PR reps being tracked but also emails inviting me to participate in a “Workweek Hustle” on Fitbit and check in for an upcoming flight.

It doesn’t block every track out there, but it handles a pretty solid list of them. According to the company’s site, it now blocks MailChimp, SendGrid, Drip, Streak, Mailgun, Bananatag, Yesware, TinyLetter, Postmark, Sidekick, Boomerang, and 20 others.

Even if you’re not too worried about folks tracking you it can be interesting to see who is.

About the author

Emily Price is a tech, travel, and alcohol reporter based in San Francisco. She is also the author of the book “Productivity Hacks: 500+ Easy Ways to Accomplish More at Work–That Actually Work!”

This article originally appeared on Lifehacker