A journey into Medical Device Security Research

Just coming out of a global pandemic has made most of us acutely aware of the importance of the medical community and the technologies that are used to help save and protect human life. During the Covid pandemic I have plunged headfirst into that medical device community working with varies medical organizations, product vendors, Doctors, and medical Universities to build a knowledge of these technologies, specifically medical Infusion Pumps. So, during this presentation we will be discussing the research I conducted on these devices and the vulnerabilities and security issues identified during my project.

This presentation will cover various topic areas include:

• Infusion pump device tear down and firmware and data extraction processes
• Extracting of critical data from stored flash memory
• Risk and impact of infusion pumps as an attack vector
• Operational testing and basic communication fuzzing methods used during testing
• Network based testing and vulnerability discovered
• Live demo of the most critical vulnerabilities discovered
• Conclude with discussion of a critical systemic issue discovered during research, which impacts nearly all medical organization and medical device manufactures.