500.000 Recalled Pacemakers, 2 Billion $ Stock Value Loss - The Story Behind

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

During an independent security assessment of several pacemaker vendors multiple lethal and highly critical vulnerabilities were found. Based on previous experience with one specific vendor a new way of monetising vulnerabilities has been chosen. After going public a huge discussion on vulnerability disclosure ethics and responsibilities began. The stock value of the affected vendor dropped by 2 billion Dollar just in one single day. The security researchers got discredited and a huge lawsuit was started. After a year of mutual accusations and denial more than 500.000 pacemakers got recalled. This talk will provide insights into pacemaker security and share first-hand experience gathered during this project. A special focus will also be on ethical vulnerability disclosure and lessons learned for future security research.

Presenters:

• Tobias Zillner - Alpha Strike Labs GmbH
  Tobias Zillner is co founder and IT-Security specialist at Alpha Strike Labs, specialized in consulting for industrial security and security ratings. In addition to industrial security Tobias mainly focuses on current hacking techniques and reverse engineering wireless communication. He has been speaking at several international security conferences (Black Hat, Defcon, DeepSec, BSides,...) and is engaged in teaching at the University of Vienna and the University of Applied Sciences in St. Pölten.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#PSLOT407
• https://infocon.org/cons/DeepSec/DeepSec 2019/500000 Recalled Pacemakers, 2 Billion $ Stock Value Loss The Story Behind - Tobias Zillner.mp4