Hackers of India

Exploiting Connected Medical Devices: Lessons Learned & Data Earned

By  Saurabh Harit  on 02 Nov 2018 @ Hackfest


Presentation Material

Abstract

This talk will take an educational approach to present our research on assessing medical devices from security standpoint. Based on output from security assessments performed against two medical devices that are widely deployed at various hospitals and medical institutions, we will present an in-depth analysis of the target medical devices, discovered vulnerabilities and our approach that led us to compromise them in order to gain access to plethora of medical records from all the medical institutions they were deployed at and not just the one where our target devices were hosted.

An IoT medical device is part of a complex ecosystem that may expose numerous threats. Some devices rely on proprietary hardware on licensed bands, which reduces the risk of interference from consumer connected devices but doesn’t provide security as implied in marketing materials. Others rely on standard WiFi security measures for confidentiality and are prone to MitM attacks. Healthcare devices that implement IrDA could yield interesting results when interfaced with cheap $ 10 hardware.

This presentation will focus on our assessment approach - test cases, pitfalls, success & failures. We will demonstrate the compromise of a prescription device to extract healthcare records and manipulating various sensitive settings of an infusion pump.

AI Generated Summarymay contain errors

Here is a summarized version of the content:

Vulnerabilities Found:

Challenges in Medical Devices:

Solutions and Concerns:

Overall, the speaker highlights the importance of addressing these challenges and vulnerabilities to ensure the security and privacy of patients’ data in the growing landscape of medical devices.