Medical Devices: Pwnage and Honeypots

Presented at The Eleventh HOPE (2016), July 23, 2016, 3 p.m. (60 minutes).

We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? This talk will discuss over 30 CVEs Scott has reported over the last few years that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? Scott and Adam will discuss six months of medical device honeypot research, showing the implications of these patient care devices increasing their connectivity and steps that can be taken to reduce risk associated with these life saving devices.

Presenters:

  • Adam Brand
    Adam Brand has more than 12 years of experience in information technology and security. He is a director with Protiviti, where he has assisted companies in resolving major security incidents and maturing their information security programs. Adam has been heavily involved with the "I Am the Cavalry" movement, a group of researchers focused on information security issues that can affect human life and safety. He has recently focused on medical device security and is actively engaging with health care organizations on this issue.
  • Scott Erven
    Scott Erven is an associate director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and health care security. Scott has advised the U.S. Department of Homeland Security, Food and Drug Administration, and national policymakers. His research on medical device security has been featured in Wired, Forbes, BBC, and numerous media outlets worldwide. He has presented his research and expertise in the field internationally. His current focus is on research that affects human life and public safety issues inside today's health care landscape.

Links:

Similar Presentations: