When security researcher Billy Rios reported earlier this year that he'd found vulnerabilities in a popular drug infusion pump that would allow a hacker to raise the dosage limit on medication delivered to patients, there was little cause for concern.

Altering the allowable limits of a particular drug simply meant that if a caregiver accidentally instructed the pump to give too high or too low a dosage, the pump wouldn't issue an alert. This seemed much less alarming than if the pumps had vulnerabilities that would allow a hacker to actually alter the dosage itself.

Now Rios says he's found the more serious vulnerabilities in several models of pumps made by the same manufacturer, which would allow a hacker to surreptitiously and remotely change the amount of drugs administered to a patient.

"This is the first time we know we can change the dosage," Rios told WIRED.

The vulnerabilities are known to affect at least five models of drug infusion pumps made by Hospira—an Illinois firm with more than 400,000 intravenous drug pumps installed in hospitals around the world.

The vulnerable models include the company's standard PCA LifeCare pumps; its PCA3 LifeCare and PCA5 LifeCare pumps; its Symbiq line of pumps, which Hospira stopped selling in 2013 due to concerns raised by the FDA over other quality and safety issues with the pumps; and its Plum A+ model of pumps. Hospira has at least 325,000 of the latter model alone installed in hospitals worldwide.

These are the systems that Rios knows are vulnerable because he's tested them. But he suspects that the company's Plum A+3 and its Sapphire and SapphirePlus models are equally vulnerable too.

Hospira did not respond to a request for comment.

Earlier this year, Rios went public with information about a different security issue with Hospira's LifeCare pumps.

A Hospira Plum A+ pump, originally owned by a hospital in Pikeville, Kentucky, that Rios purchased online. Here it's shown connected to an IV unit. Billy Rios

This one involved drug libraries used with the pumps, which help set upper and lower boundaries for dosages of intravenous drugs a pump can safely administer. Because the libraries don't require authentication, Rios found that anyone on the hospital’s network—including patients in the hospital or a hacker accessing the pumps over the Internet—can load a new drug library that alters the limits for a drug.

At the time he publicly disclosed the library vulnerability, Rios told WIRED that he had not yet found any vulnerabilities that would allow him to actually alter a drug dosage, though he was working on it. But he now acknowledges that he had found these more serious vulnerabilities in the LifeCare pumps at the time and had in fact reported them to Hospira and the FDA last year. At the time he hadn't yet tested a Plum A+ pump, however.

The new vulnerabilities would allow attackers to remotely alter the firmware on the pumps, giving them complete control of the devices and the ability to alter dosages delivered to patients. And because the pumps are also vulnerable to the previous library vulnerability he disclosed, an attacker would be able to first raise the dosage above the maximum limit before delivering a potentially deadly dosage without the pump issuing an alert.

A hacker could change the dosages of drugs delivered to patients and alter the pump's display screens to indicate a safe dosage was being delivered.

How the Firmware Security Flaw Works

The problem lies with a communication module in the LifeCare and Plum A+ pumps. Hospitals use the communication modules to update the libraries on the pumps. But the communication modules are connected via a serial cable to a circuit board in the pumps, which contains the firmware. Hospira uses this serial connection to remotely access the firmware and update it. But hackers can use it for the same purpose.

The serial connection would be less of a concern if Hospira's pumps accepted only legitimate firmware updates that were authenticated and digitally signed. But Rios says they'll accept any update, which means anyone can alter the software on the pumps.

"And if you can update the firmware on the main board, you can make the pump do whatever you like," Rios says.

A hacker could not only change the dosage of drugs delivered to a patient but also alter the pump's display screen to indicate a safe dosage was being delivered.

The Plum A plus communications module board. Billy Rios

The compromise of the communication module and serial cable doesn't automatically mean a compromise of the pump. An attacker needs to know how to perform a firmware update. But Rios says it didn't take him long to figure it out.

Hospira Denied Problem With Pumps

Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company "didn't believe it could be done." Hospira insisted there was "separation" between the communications module and the circuit board that would make this impossible. Rios says technically there is physical separation between the two. But the serial cable provides a bridge to jump from one to the other.

An attacker wouldn't need physical access to the pump because the communication modules are connected to hospital networks, which are in turn connected to the Internet.

"From an architecture standpoint, it looks like these two modules are separated," he says. "But when you open the device up, you can see they're actually connected with a serial cable, and they're connected in a way that you can actually change the core software on the pump."

An attacker wouldn't need physical access to the pump. The communication modules are connected to hospital networks, which are in turn connected to the Internet. "You can talk to that communication module over the network or over a wireless network," Rios warns.

Hospira knows this, he says, because this is how it delivers firmware updates to its pumps. Yet despite this, he says, the company insists that "the separation makes it so you can't hurt someone. So we're going to develop a proof-of-concept that proves that's not true."

He plans to demonstrate a proof-of-concept attack next month at the SummerCon security conference in Brooklyn, New York.

Rios says when he warned Hospira a year ago about the firmware problem in its LifeCare pumps, he advised the company to perform what's called a variant analysis to determine if its other models of pumps were affected as well, but the company refused, saying the problem was confined to the LifeCare line. To prove Hospira wrong, Rios purchased and tested one of the company's Plum A+ drug pumps and found that it had the same firmware issue.

Last month, the FDA issued an alert about the firmware issue, but only in reference to Hospira's LifeCare PCA3 and PCA5 pumps. The alert didn't mention the other models, which could lead hospitals to believe they don't have a security risk.

Rios contacted the FDA last week to tell the agency that the vulnerability extended to Hospira's Plum A+ line as well, but he says the federal agency asked him to withhold the finding from the public until Hospira had time to verify the issue. But Rios declined, saying Hospira had already had a year to test the Plum A+ pumps and determine if the problem extended to them, but had declined to do so. He said hospitals needed to know now that the pumps are putting patients at risk.

The FDA did not respond to a request for comment.

Rios is planning to obtain models from Hospira's Sapphire line of pumps as well to prove that they're equally vulnerable to the issue.