Fact and Fiction: Defending your Medical Devices

Presented at Black Hat USA 2013, July 31, 2013, 2:15 p.m. (60 minutes).

In the past 18 months we have seen a dramatic increase in research and presentations on the security of medical devices. While this brought much needed attention to the issue, it has also uncovered a great deal of misinformation. This talk is going to tackle those confusing and controversial topics. What's the reality of patching a medical device? Is it safe to run anti-virus protection on them? You'll find out in this talk. This presentation will outline a framework on how vendors, buyers, and administrators of medical devices can bring substantive changes in the security of these devices. This talk will also have the unique element of discussing a medical device software bug that InGuardians uncovered. This bug will be discussed in detail and replicated live on stage. InGuardians has worked closely with the FDA on properly documenting and submitting this through their tracking system. This will be covered in full detail so other researchers will know how to properly disclose bugs and vulnerabilities.


Presenters:

  • Jay Radcliffe - InGuardians
    Jay Radcliffe has been working in the computer security field for over twelve years and is currently a Senior Security Analyst for InGuardians. Coming from the managed security services industry, Jay has used just about every security device made over the last decade. Recently, Jay has presented ground breaking research on security vulnerabilities in medical devices at BlackHat and Defcon. Having held an amateur radio license since the age of 12, Jay is equally comfortable hacking hardware and working a soldering iron as he is in front of a keyboard performing a security test. Jay holds a Masters degree in Information Security Engineering from SANS Technology Institute as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University.

Links:

Similar Presentations: