Skip to content
Exploiting medical devices (BlackHat 2018)
BlackHat Talk on YouTube
Insulin pumps
- Communicate with meter over plaintext radio protocol
- Authentication - the pump has a hard-coded serial number. It just checks if the incoming message has that serial message in its header
- Can brute force, capture, guess serial number and start/stop insulin delivery
- Vulnerable to spoofing and replay attacks
Pacemakers
- Pacemaker programmers can edit pacemaker settings over radio. At the hospital, for example
- So doctor doesn’t need to remove pacemaker from body to tune it
- Pacemaker programmer connects over VPN to Medtronic’s servers
- And downloads unsigned executable over HTTP
- Found directory traversal vulnerability in Medtronic’s servers. Can download old and experimental software versions