Abusing IoT Medical Devices For Your Precious Health Records

DerbyCon 8.0 - Evolution

Presented by: Nick Delewski, Saurabh Harit (@0xsauby)
Date: Friday October 05, 2018
Time: 14:00 - 14:50
Location: Kentucky E
Track: Track 3

This talk discusses the risks of connected healthcare devices. It looks at the benefits of adopting IoT for medical devices, current exposure, common communication channels in use as well as interconnectivity approaches used with other critical components. Based off output from security assessments performed against medical devices widely deployed at various hospitals and medical institutions, we will present an in-depth analysis of the target medical device and elaborate on how we were able to compromise them to gain access to plethora of medical records from all the medical institutions they were deployed at and not just the one where our target devices were hosted.We will introduce the threat surface exposed by various medical devices and present some of the real-world attacks against some popular devices & their impact on humans as well as the overall ecosystem they are connected to. Some devices rely on proprietary hardware on licensed bands, which reduces the risk of interference from consumer connected devices, but doesn’t provide security as implied in marketing materials. Others rely on standard WiFi security measures for confidentiality and are prone to MitM attacks. Healthcare devices that implement IrDA could yield interesting results when interfaced with cheap $10 hardware.There are many consumer items that fall under the umbrella of IoT and while it may be hard to understand the impact of hacking a toaster, we can all agree that manipulation of a medical device could lead to rather serious consequences. Apart from putting a patient's life at risk, an attacker could compromise a healthcare device to steal patient data. This presentation will primarily focus on the latter with real-world examples and a case study. We will demonstrate the compromise of a healthcare device to steal medical records, which typically include PII, health insurance data, medical history, SSNs, prescriptions etc.

Saurabh Harit

Saurabh works at Spirent SecurityLabs as a Managing Security Consultant where he is primarily responsible for delivering penetration testing services to Spirent clients across the globe. During his industry experience of over 15+ years, Saurabh has worked across diversified industry verticals such as Banking, Aerospace, building solutions, Process & Control Systems and has developed expertise is various aspects of Information security. Saurabh specializes in web application & network security, with secret crush on binary reverse engineering. He has contributed towards proof-of-concept exploits and white papers in the infosec domain as well as delivered security trainings to various fortune 500 clients globally and at reputed security conferences such as CansecWest and Black Hat. Saurabh has presented his research at several security conferences including Derbycon, Toorcon, BSidesTO, Hack3rcon, Blackhat US & Europe Tools Arsenal, Blackhat Europe and is author of open-source tool, Yasuo (https://github.com/0xsauby/yasuo).

Nick Delewski

Nick is an offensive-security focused professional with 11+ years of technology experience who leads project teams and functional teams in the assessment of complex systems and business processes. He has performed technical penetration tests and social engineering campaigns in a diverse set of industry verticals, organizational sizes, and regulatory environments. His practice is informed by years of exposure to information technology infrastructure and years of close collaboration with application development teams. As a Certified Information Systems Security Professional (CISSP) and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Nick strives to advance the Information Security field by applying the latest in research and techniques to every project that he executes.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats