Breaking the Security Barrier of a Major Infusion Pump - Douglas McKee & Philippe Laulheret - Ekoparty 2021
Offered By: Ekoparty Security Conference via YouTube
Course Description
Overview
Explore the process of remotely compromising the BBraun Infusomat pump, a widely used medical device in hospitals worldwide, in this 42-minute conference talk from Ekoparty 2021. Delve into firmware reverse engineering, vulnerability research, and exploitation demonstrations as speakers Douglas McKee and Philippe Laulheret investigate the potential for hackers to manipulate infusion rates and potentially overdose patients. Learn about past research, important applications, firmware extraction techniques, and the analysis of datasheets and manuals. Discover peripherals of interest, identify attack vectors, and understand the exploitation of format string vulnerabilities and privilege escalation methods. Gain insights into the internal database structure, critical data modification, and common pitfalls in the medical industry's approach to security.
Syllabus
Intro
PAST RESEARCH
IMPORTANT APPLICATIONS
DIVIDE AND CONQUER
GETTING THE FIRMWARE OUT
DATASHEET + MANUALS
PERIPHERALS OF INTEREST
FINDING THE FUN VECTORS
INTERNAL DATABASE
FORMAT STRING EXPLOITATION
PRIVILEGE ESCALATION
UNDERSTANDING THE CALL CHAIN
WHAT DATA CAN WE MESS WITH
MODIFYING CRITICAL DATA
MEDICAL INDUSTRY COMMON PITFALLS
Taught by
Ekoparty Security Conference
Related Courses
Medical Device Security - Please Don't Be PatientWEareTROOPERS via YouTube Medical Device Security - Hack or Hype
WEareTROOPERS via YouTube Medical Device Security and Cybersecurity Risks - Enigma 2016
USENIX Enigma Conference via YouTube Patching - It's Complicated
0xdade via YouTube Secure Device Bootstrapping without Secrets Resistant to Signal Manipulation Attacks
IEEE via YouTube