A vulnerability found in an interaction between a Wi-Fi-enabled battery system and an infusion pump for the delivery of medication could provide bad actors with a method for stealing access to Wi-Fi networks used by healthcare organizations, according to Boston-based security firm Rapid7.The most serious issue involves Baxter International\u2019s SIGMA Spectrum infusion pump and its associated Wi-Fi battery system, Rapid7 reported this week. The attack requires physical access to the infusion pump. The root of the problem is that the Spectrum battery units store Wi-Fi credential information on the device in non-volatile memory, which means that a bad actor could simply purchase a battery unit, connect it to the infusion pump, and quicky turn it on and off again to force the infusion pump to write Wi-Fi credentials to the battery\u2019s memory.Batteries can contain Wi-Fi credentialsRapid7 added that the vulnerability carries the additional risk that discarded or resold batteries could also be acquired in order to harvest Wi-Fi credentials from the original organization, if that organization hadn\u2019t been careful about wiping the batteries down before getting rid of them.The security firm also warned of additional vulnerabilities, including a telnet issue involving the \u201chostmessage\u201d command which could be exploited to view data from the connected device\u2019s process stack, and a similar format string vulnerability that could be used to read or write to memory on the device, or create a denial-of-service (DoS) attack.Finally, Rapid7 said, the battery units tested were also vulnerable to unauthenticated network reconfiguration attacks using TCP\/UDP protocols. An attacker sending a specific XML command to a specific port on the device could change that device\u2019s IP address, creating the possibility of man-in-the-middle attacks.The remediation for the first vulnerability, according to the security company, is simply to control physical access to the devices more carefully, since it cannot be exploited without manually connecting the battery to the infusion pump, and to carefully purge Wi-Fi information\u2014by connecting the vulnerable batteries to a unit with invalid or blank \u2014before reselling or otherwise disposing of the devices.For the telnet and TCP\/UDP vulnerabilities, the solution is careful monitoring of network traffic for any unusual hosts connecting to the vulnerable port\u201451243\u2014on the devices, and restricting access to network segments containing the infusion pumps. Baxter has also issued new software updates, which disable Telnet and FTP for the vulnerable devices.Proper decommissioning is key to securityTod Beardsley, Rapid7's director of research, said that the finding emphasizes the importance of properly decomissioning equipment that could hold sensitive data, and that network managers have to be aware of the potential threat posed by vulnerable IoT devices."Due diligence is necessary to ensure that IoT devices do not contain extractable sensitive information when they are discontinued within a particular organization," he said. "Furthermore, network segmentation must be improved upon to collectively address IoT security disconnects."