Open Up and Say 0x41414141: Attacking Medical Devices

Network accessible medical devices are ubiquitous in today’s clinical environment. These devices can be of great aid to healthcare professionals in assessing, treating and monitoring a patient’s condition. However, they can also fall victim to a number of systemic vulnerabilities that can expose personal health information (PHI), compromise the integrity of patient data in transit, and affect the availability of the devices themselves.

 

Join Robert Portvliet, Technical Director of Red Team Services at Cylance, for his talk “Open Up and Say 0x41414141: Attacking Medical Devices” at Security BSides New York on January 20th, 2018 from 11:00 - 11:50 AM ET to learn about the methodology and approach to penetration testing modern medical devices.

This talk will provide an overview of the various stages of a medical device assessment, including discovery and analysis of a device’s remote and local attack surface, reverse engineering and exploitation of proprietary network protocols, vulnerability discovery in network services, compromising supporting systems, attacking common wireless protocols, exploitation of hardware debug interfaces and bus protocols and assessing proprietary wireless technologies.

It will also cover a number of real world vulnerabilities that the speaker has discovered during medical device penetration testing assessments. These include weak cryptographic implementations, device impersonation and data manipulation vulnerabilities in proprietary protocols, unauthenticated database interfaces, hardcoded credentials/keys and other sensitive information stored in firmware/binaries and the susceptibility of medical devices to remote denial of service attacks.

Portvliet's talk will conclude with some suggestions on how some of the most common classes of medical device vulnerabilities might be remediated by vendors and also how hospitals and other healthcare providers can defend their medical devices in the meantime.

BSidesNYC is an Information Security conference that’s different. They’re a 100% volunteer organized event put on by and for the community and truly strive to keep information free.