Medical Devices: Pwnage and Honeypots

DerbyCon V - Unity

Presented by: Mark Collao, Scott Erven
Date: Saturday September 26, 2015
Time: 16:00 - 16:50
Location: Track 1
Track: Break Me

We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVE’s Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? We will release and present six months of medical device honeypot research showing the implications of these patient care devices increasing their connectivity.

Scott Erven

Mark Collao


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats