GradeZero Music Band

Saturday, July 25, 2020

Vulnerabilities in AI Healthcare pipelines

Must see if you use/develop Artificial Intelligence in Healthcare and care about Cybersecurity and Privacy.





Video of the talk "How to Hack Medical Imaging Applications via DICOM" by Maria Nedyak
https://www.youtube.com/watch?v=8eXrZLTgy6Q&t=8460

During our research of NVIDIA Clara (healthcare application framework for AI-powered imaging, genomics, and for the development and deployment of smart sensors) we have found several vulnerabilities in popular components, widely used by the Medical Imaging pipelines:

  • ORTHANC - CSRF with remote code execution
  • DCMTK
    • DoS xml2dcm utility
    • DoS dcm2xml utility
    • XXE injection in xml2dcm utility
    • DoS xml2dcm utility
    • Insecure functionality in xml2dcm utility
  • SimpleITK
    • Heap buffer overflow
    • Buffer overflow
More information about HackingOdyssey AI Security research: https://github.com/sdnewhop/AISec

No comments:

Post a Comment