How to Hack Medical Imaging Applications via DICOM

Explore the world of medical imaging security in this 26-minute conference talk from the Hack In The Box Security Conference. Dive into a comprehensive security analysis of popular DICOM servers, protocols, and libraries used in medical imaging systems. Discover critical vulnerabilities in the DICOM ecosystem, learn how to identify and exploit these security flaws, and understand the importance of rapid bug fixing. Gain insights into successful strategies for uncovering weaknesses in medical imaging applications, with a focus on NVIDIA CLARA, SimpleITK, ORTHANC, DCMTK, and DICOM Network protocols. Follow along as Maria Nedyak, a developer at Bi.Zone and member of the Sibears CTF team, shares her expertise on topics such as heap buffer overflows, insecure APIs, CSRF, XXE, and fuzzing techniques specific to medical imaging systems.

Intro
AISec Team
Medical Imaging
NVIDIA CLARA
SimpleITK: Heap buffer overflow
SimpleITK: Buffer overflow
ORTHANC: IN THE WILD
ORTHANC: Insecure API
ORTHANC: CSRF
DCMTK: XXE
DCMTK: Insecure functionality xml2dcm utility allows to read local files
DICOM Network: Common methods
DICOM Network: Retrieving info
DICOM Network: Fuzzing
DCMTK: Fuzzing
Summary
DICOM: Usage statistics