[copperx]

I would expect these kinds of systems to be running a soft realtime OS. Or at the very least a run of the mill OS with no extraneous software running in the background.

[Dwolb]

This. How are these devices not running on some sort of hardened OS seen in airplanes and automotive? Medical applications are mission critical (or some variant) and should have same (or better!) certification procedures set up for correctness and security.

[aavotins]

Second this. It is terrifying to know that mission critical, medical grade software runs on a consumer operating system. Military/aerospace systems have numerous requirements and clearly defined practices and ways of developing these systems, often going through various layers of documentation and using specifically designed programming languages(like the Z programming language) to write specifications, which are then re-written into code, but it seems like medical industry has been neglected.

[ktRolster]

Then this story about viruses at a nuclear power plant won't make you feel any better: http://www.reuters.com/article/us-nuclearpower-cyber-germany...

Some great quotes:

"Mikko Hypponen, chief research officer for Finland-based F-Secure, said that infections of critical infrastructure were surprisingly common"

"Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit."

[zyxley]

> The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.

The moral of the story: If you include any kind of port in something, people WILL plug things into it sooner or later.

[ams6110]

Sounds suspect to me. Aircraft computers are not running Android.

[copperx]

I'm pretty sure the entertainment system runs on some version of Android.

[clay_to_n]

Is there Android malware that, when connected to a Windows PC, spreads Windows malware? Sounds reasonable in this situation.

[koluft]

They run USB, it doesn't matter what OS is on the other side.

[ams6110]

Sure it does. If you plug a USB drive full of Windows viruses into a Linux box, nothing will happen.

[radicalbyte]

I've been working in Medical for a couple of years... it's because Medical is extremely fault tolerant. They put up with a lot of rubbish that wouldn't be accepted in other industries.

Aeronautical and Automotive are both engineering driven, Medical isn't, it's a big grey area.

[wyldfire]

You might be surprised to realize that many applications of medical devices are not used for affirmative life support and therefore should not be held to the same standards as aviation.

This application (cath lab activity logging) is not a life-support activity. Product failures of any kind (either due to design error or product defect) represent a diminished capability of diagnosis and treatment. This does not represent a risk of harm to a patient.

That said, some medical device manufacturers treat this aspect of design very seriously and go to great pains to use defeatured and heavily restricted OS and settings.