Abusing IoT Medical Devices for Your Precious Health Records
Offered By: YouTube
Course Description
Overview
Explore the vulnerabilities of IoT medical devices and their potential impact on health record security in this Derbycon 2018 conference talk. Delve into connected healthcare devices, medical device classifications, and data flow architectures. Examine real-world horror stories like MEDJACK and MEDJACK2, and follow the speakers' journey as they investigate a purchased PDA. Learn about wireless setting manipulation, telnet observations, and traffic analysis. Discover fuzzing techniques, privilege escalation methods, and how to access encrypted patient data and prescriptions. Gain insights into the importance of built-in security measures for IoT medical devices and understand the potential consequences of inadequate protection for sensitive health information.
Syllabus
Intro
[-]$ About us
[-]$ Connected Healthcare Devices
[-]$ Medical Devices Classification
[-]$ Data Loop
[-]$ The Architecture
[-]$ The Nightmare Tons of new connected medical devices
[-]$ The Horror Stories - MEDJACK/ MEDJACK2
[-]$ About the Device
[~]$ Workflow Hospital Network
[-]$ Initial Observations
[-]$ We Bought a PDA
[-]$ Overwriting Wireless Settings
[-]$ Additional Observations - Telnet
[-]$ The Initial Traffic
[-]$ Time to Fuzz
[-]$ Winning Packet
[-]$ Master Drug List
[-]$ Workflow
[-]$ Let's Break It Down
[-]$ Privilege Escalation
[-]$ The Encrypted File - Win!!!
[-]$ Access to Patient Data
[-]$ Prescriptions
[-]$ Closing Remarks • Built-in, not bolted on
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network