Presented at
DerbyCon 6.0 Recharge (2016),
Sept. 24, 2016, 1 p.m.
(50 minutes).
Five years ago, my security research on insulin pump hacking exposed a chilling lack of security within a device type that, by design, maintains health. It is now time to see what has actually changed for the better, what has stayed the same, and what has gotten worse regarding the security of modern insulin pumps. Has the industry made progress? Have the medical standards of care improved in any way? Are we, as patients, now better protected against the real and proven security threat?
At the same time, we must also consider the newer trend of people who are using medical technology to develop “side projects” such as the DIY artificial pancreas project. These initiatives are not subject to oversight from any legal body, are not required to make any security considerations, or are not developed in cooperation with any medical providers. Do they introduce new risks for patients and healthcare organizations alike?
The focus of this presentation is on new, original research into the design flaws of insulin pump technology. We will provide insight into the path we still have ahead of us with regards to security in the medical industry. Our presentation will cover multiple new vulnerabilities, which can be exploited from a distance. The impact of our vulnerabilities can be fatal, and with the pervasiveness of such technology become more and more likely to be exploited by attackers.
We will include the perspective of rapidly changing risk, useable defensive techniques, and the progress in each of these areas into the narrative of our talk.
Finally, our talk will also cover a review of the milestones of medical security, both in advancement and setbacks, over the last five years.
Presenters:
Similar Presentations: