DeepSec 2013 Video: Hacking Medical Devices

René Pfeiffer/ January 29, 2014/ Conference, Security

Modern technology expands into various areas of our lives all by its own. Medical facilities also use networks and networked devices. This makes sense since monitoring vital signs creates data you want to transport to your staff. Regardless of the technology used, once you expose the device to the outside world it needs to be hardened against tampering and abuse. The U.S. Food and Drug Administration (FDA) is aware of this issue and has published a recommendation regarding the security of medical devices. „…manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks…” At DeepSec

Read More

DeepSec 2013 Talk: Hacking Medical Devices

René Pfeiffer/ October 25, 2013/ Conference, Security

Modern information technology has already entered the field of medical technology. Few hospitals can operate without power and network connectivity. This is why information security has followed the deployment of hardware and software. Next to the infrastructure present there exists a multitude of communication protocols that increase the attack surface. Hospitals and other medical facilities have to address this issue. News of compromised systems are bad for the administration and the patients. Securing systems enters a new dimension once you consider equipment such as medical pumps, diagnostic systems and anaesthesia machines which directly interact with the patient. Tampering with the dosage of the medication can result in very serious consequences, regardless if on purpose or by accident. Dick Cheney had the wireless capabilities of his pacemaker disabled in 2007 for fears of attacks against his

Read More