YoVDO

Breaking the Security Barrier of a Major Infusion Pump - Douglas McKee & Philippe Laulheret - Ekoparty 2021

Offered By: Ekoparty Security Conference via YouTube

Tags

Ekoparty Security Conference Courses Penetration Testing Courses Vulnerability Research Courses Medical Device Security Courses

Course Description

Overview

Explore the process of remotely compromising the BBraun Infusomat pump, a widely used medical device in hospitals worldwide, in this 42-minute conference talk from Ekoparty 2021. Delve into firmware reverse engineering, vulnerability research, and exploitation demonstrations as speakers Douglas McKee and Philippe Laulheret investigate the potential for hackers to manipulate infusion rates and potentially overdose patients. Learn about past research, important applications, firmware extraction techniques, and the analysis of datasheets and manuals. Discover peripherals of interest, identify attack vectors, and understand the exploitation of format string vulnerabilities and privilege escalation methods. Gain insights into the internal database structure, critical data modification, and common pitfalls in the medical industry's approach to security.

Syllabus

Intro
PAST RESEARCH
IMPORTANT APPLICATIONS
DIVIDE AND CONQUER
GETTING THE FIRMWARE OUT
DATASHEET + MANUALS
PERIPHERALS OF INTEREST
FINDING THE FUN VECTORS
INTERNAL DATABASE
FORMAT STRING EXPLOITATION
PRIVILEGE ESCALATION
UNDERSTANDING THE CALL CHAIN
WHAT DATA CAN WE MESS WITH
MODIFYING CRITICAL DATA
MEDICAL INDUSTRY COMMON PITFALLS


Taught by

Ekoparty Security Conference

Related Courses

Case Studies in Embedded VR - Silvio Cesare - Ekoparty Security Conference - 2022
Ekoparty Security Conference via YouTube
The Making of an Aerospace Village Badge - Dan Allen - Ekoparty 2021: Patagon Aerospace
Ekoparty Security Conference via YouTube
IIoT, Data Infrastructure, Smart Factory - Sarka Pekarova - Ekoparty 2021: OT - IIOT - IOT Space
Ekoparty Security Conference via YouTube
Gotham City- SSH from Zero to Trust - Lucas Calisi - Ekoparty Security Conference - 2021
Ekoparty Security Conference via YouTube
Sleight of ARM- Demystifying Intel Houdini - Brian Hong - Ekoparty 2021- Hardware Hacking Space
Ekoparty Security Conference via YouTube