Skip to content

Exploiting medical devices (BlackHat 2018)

BlackHat Talk on YouTube

Insulin pumps

  • Communicate with meter over plaintext radio protocol
  • Authentication - the pump has a hard-coded serial number. It just checks if the incoming message has that serial message in its header
  • Can brute force, capture, guess serial number and start/stop insulin delivery
  • Vulnerable to spoofing and replay attacks


  • Pacemaker programmers can edit pacemaker settings over radio. At the hospital, for example
  • So doctor doesn’t need to remove pacemaker from body to tune it
  • Pacemaker programmer connects over VPN to Medtronic’s servers
  • And downloads unsigned executable over HTTP
  • Found directory traversal vulnerability in Medtronic’s servers. Can download old and experimental software versions